Dt. Telekom wants to connet on my port 38179 ?!

Dear Comodo friends,

I just had a look at my firewall logs and found some strange logs. I would be so glad if could easily copy these directly from the Comodo log but as far as I know is this not possible. Therefore I will write down what I see:

Windows Operating System *** blocked *** UDP *** 217.229.71.228 (source) *** 63930 *** 192.168.178.2 *** 38179

I understand this as follows: Since I looked up this 217.229.71.228 IP with my beloved tool WSping since Comodo does not have the feature to look up IP adresses. It tells me:

% This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘217.224.0.0 - 217.237.161.47’

inetnum: 217.224.0.0 - 217.237.161.47
netname: DTAG-DIAL15
descr: Deutsche Telekom AG
country: DE
admin-c: DTIP
tech-c: DTST
status: ASSIGNED PA
remarks: ******************************************************************
remarks: * Abuse Contact: Telekom | Mobilfunk, Festnetz & Internet, TV Angebote in case of Spam, *
remarks: * Hack Attacks, Illegal Activity, Violation, Scans, Probes, etc. *
remarks: ******************************************************************
mnt-by: DTAG-NIC
mnt-domains: DTAG-NIC
mnt-domains: DTAG-RR
source: RIPE # Filtered

person: DTAG Global IP-Addressing
address: Deutsche Telekom AG
address: D-90492 Nuernberg
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: ripe.dtip@telekom.de
nic-hdl: DTIP
mnt-by: DTAG-NIC
source: RIPE # Filtered

person: Security Team
address: Deutsche Telekom AG
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: abuse@t-ipnet.de
nic-hdl: DTST
mnt-by: DTAG-NIC
source: RIPE # Filtered

% Information related to ‘217.224.0.0/11AS3320’

route: 217.224.0.0/11
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
member-of: AS3320:RS-PA-TELEKOM
mnt-by: DTAG-RR
source: RIPE # Filtered

complete

So, I really really wonder why Deutsche Telekom tries to connect to my PC that sits behind an AVM router that is connected to another provider than Telekom. Actually, my provider is 1&1.

What is up?

thanks alot
DD

Hi,

I hate to say this but I’m not entirely sure. The information belongs to a German ISP but you claim it isn’t your ISP.

I don’t think it’s an attack on your PC it may be your ISP is somehow partnered with them? However no worries because whatever it was, Comodo has blocked it.

Justin

Justin

you are right. It is the German main ISP but I am customer of 1&1 and not the Dt. Telekom. Well may be that my provider 1&1 uses wires of Telekom but why the hack can they try to connect to me
?

Do the mentioned ports tell you something?
thanks

answer yourself this simple question:

have you got an internet connection so that people from internet can connect to your pc, or because YOU want to connect to the internet?

dont care in the littlest amount for unrequested ingoing requests. block them, thats all.
use only outgoing rules, you dont need ingoing allow rules as long as you dont run a server or use p2p.

when i didnt use a router, i had some days +1000 blocked ingoing requests… i never had the idea to look even for one of them what it was. why should i?

Apparently port 38179 on your router is open for incoming traffic. Do you use a p2p program, a web server or other program that requires to listen to incoming traffic?

Hi Eric

the port is open. Not that I thumbed in a rule into my router but my Fritz.box opened port 33179 by the means of UPnP!

UDP 38179 192.168.178.2 38179
TCP 38179 192.168.178.2 38179

So, I thought it is a good idea to use a tool to see which program on my pc instructed this.
I started TCPview (Nirsoft) and CurrentPorts (Nirsoft). None showed me any hints on this given port :frowning:

Matter of fact is that since yesterday I have freshly installed CIS. So it is pretty unaltered.
Anyhow what I edited was that I made ‘trusted’ and ‘windows’ group / app to ask for DNS access under Defense+!

Under Firewall settings I have actually only the Comodo group, Windows updater Applications (altered rule into ask),SVChost (altered rule into ask) and finally the SYSTEM group. All come from defaul.
The latter has always to ask except for traffic in my trusted LANs!

To the later belongs my router :o

I do not know if that is right. Therefore, here are my trusted lan settings

loopback (default)
lan1 192.168.178.2 255.255.255.0

Ups, my router is on 192.168.178.1. Therefore I think any program that opens a UPnP or listens on or more to the points accepts or sends on port 38179 should be caught?

PS: I switched off UPnP in my router.

Thank you
very much

With uPnP switched of in your router you are ok.

In the way how you set up your trusted LAN your router is also trusted so any uPnP traffic to the router will be allowed. But with uPnP disabled in your router that is nothing to worry about.

I see Eric.

I am glad that I am on the right path.

However, I looked up the search feature on this forum but did not find anything on trusted LAN.
Can you tell me the best way to set it up? If there is such a thing :slight_smile:

Thanks alot!

You already have your LAN defined as a network with name Lan1.

Now run the Stealth Ports Wizard (Firewall → Common Tasks) and choose “Define a New Trusted Network - Stealth my ports to EVERYONE else” -->Next → choose Lan1 from 'I would like to trust one of my Network Zones" → Finish.

Now both Global Rules and the application rule for System are adapted; you can now share file and folders over your local network.

Hope that answers your question.