I know it is Netbios something like that but i have it disabled long time and do a netstat -a often when i am not working or doing anything to check everything is ok but all of a sudden epmap (135) is listening!!! :THNK
I searched the forum and added a rule from one of comodo members post ;D
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
Online scans such as GRC, PCFlank, etc are nice indicators; however, it is generally considered more effective to scan with a resident scanner (on your computer) such as SuperScan (a free product from Foundstone). You can scan your localhost to see what ports are actually open. The online scanners are looking for a “stealth” scenario, wherein your computer (firewall) drops their packets without responding in a normal way.
There are differing opinions on whether it’s better to have a dropped packet with no response (ie, stealth - which tells a hacker that there is indeed a computer there), or a stopped packet with a standard “not available” response (due to a closed port - which tells a hacker there is indeed a computer there). Either way, the hacker knows you’re there. Some firewalls hold all ports in an open state in order to monitor and drop all undesired packets; this may be tempting for a hacker, versus a closed port, which is generally not something that can be brute-force opened.
All that said, online tests can be a good indicator of a problem or not. Backed up by a resident scanner, and you know exactly where you are in that respect.
To permanently block that IP, open Network Monitor.
Go to Rule ID 0. Right-click and select Add/Add Before.
Create the rule this way:
Source IP: 220.127.116.11
Destination IP: Any
IP Details: Any
OK. That’s it. This rule should now be in position Rule ID 0. The rules filter from the top downward, so it will be the first one triggered, and block that traffic.
Ports 137 and 138 are used for windows networking. The obfuscated IP address in your screenshot, are they from another PC on your LAN? If so, and you trust that PC, set up a network zone that encompasses all your trusted IPs (including any routers) and then set that zone as a trusted network. This will create two additional network monitor rules that will allow the traffic.
Hi and thanks for the Reply much
yeah most? of these IP are orginating from LAN and i dont trust coz i have incident in past (1 of them are a completeley formated partiton 88) )
If these are orginating coz i have enabled microsoft network or file and printers sharing no i have it uninstalled :THNK
1)Does this ports only are from LAN or can be from outside world?
2)Info on Comodo Firewall Pro Rule to completely block this port from any IP (CLY) (CWY) (B)
If the other IP addresses are in the range 10.X.X.X or 192.168.X.X.X or 172.16.X.X, then they can ONLY be from your internal LAN as these are private, non-routable addresses and could not have arrived at your PC from the internet.
To create a Network Monitor rule that will block these, use the following parameters;
Action : BLOCK
Protocol : TCP/UDP
Direction : IN
Source IP : IP Range (set a range that covers all the IP addresses you want to block, but don’t block your router)
Destination IP : ANY
Source Port : A set of ports : 137, 138
Destination Port : A set of ports : 137, 138