Firewall blocked System receiving connection from an IP in United Arab Emirates

Hello, I’m a first time poster who seriously needs help.

I have been using Comodo Firewall for a few months now.
Its current version is 5.8.213334.2131.
I have Windows XP service pack 3.
I use a router for this computer and second one.

I would like to talk about what happened earlier today.

I was using Utorrent to download a very popular show from a well-known VIP in The Pirate Bay.
After the download went on for 5 minutes, a Comodo Firewall alert came up.
It talked about System receiving connection from some ip address.
When I looked up the IP, it said the IP was located in United Arab Emirates.
Source IP was 91.75.9.163, and Source Port was 922. It was trying to connect my Destination Port of 137.
The protocol was UDP.
I blocked the incoming request.
The ip address was also in the Peers of the show I was downloading.
I freaked out thinking a terrorist was attacking me(the show centers about terrorists from Arab nations)
I immediately shut down Utorrent.

About few minutes later, the Comodo Firewall started blocking System for 192.168.1. IP address that seemed to be trying to make the connection.
It is probably the IP of my other computer in the Local Area Network.
Which was weird because Application Rules for System was set to “Allow System To Send Requests If The Target Is In [Local Area Network #1]” and “Allow System To Receive Requests If The Sender Is In [Local Area Network #1]”

I made sure that all incoming IP addresses are blocked when using Utorrent.
I used Utorrent for a long time, and this kind of thing never happened before.
Also, I only download torrents from VIPs so that I don’t download fake files or viruses.

The questions are

  1. Was it a hacker trying to attack my computer when I was using Utorrent?
    Is my computer safe with Comodo Firewall from all the attacks of Utorrent Peers and other hackers?
    Or do I need other protections?

  2. Why is the Comodo Firewall blocking System for the Local Area Network IP that starts with 192.168.1?
    I thought I allowed System for the Local Area Network.
    Is it not in the Local Area Network?
    Should I allow System to in-N-out the 192.168.1 address?
    If so, how do I allow it?

  3. Is Stealth Ports Wizard good for my firewall and security?
    What happens if I use it?

Thank you for reading my first long and drowsy post.

I would be really appreciated for all your help.

Unlikely, but not impossible. Port 137 over UDP is part of the NetBIOS set of ports, specifically NetBIOS name query, which are used as part of Windows file and printer sharing environment. Ideally your router should be blocking these (TCP/UDP ports 137, 138 and 139 as well as TCP port 445) from the Internet. However, if your router doesn’t provide this ability, you can create a rule for the System process and a Globale rule that blocks these protocols and ports.

Is my computer safe with Comodo Firewall from all the attacks of Utorrent Peers and other hackers? Or do I need other protections?

Older versions of uTorrent/Bittorrent were susceptible to a form of DOS attack, but unless you’re using something like version 1.6/1.7 you are probably ok. Again, your router and your firewall, if correctly configured, should be prevention enough.

2. Why is the Comodo Firewall blocking System for the Local Area Network IP that starts with 192.168.1? I thought I allowed System for the Local Area Network. Is it not in the Local Area Network? Should I allow System to in-N-out the 192.168.1 address? If so, how do I allow it?

We’d need more information about the event, such as firewall log entries and details of your Application and Global firewall rules. Also, provide information about your defined network zones - you can post images using Additional options.

3. Is Stealth Ports Wizard good for my firewall and security? What happens if I use it?

It makes no difference if you’re behind a router, just make sure that device is configured correctly. However, depending of which security configuration you’re using - More/Manage My Configurations - running the wizard with the third option may be beneficial, as it will add a rule blocking all inbound traffic, apart from that specifically allowed. Be aware, however, that doing this will prevent other members of a swarm from downloading from you, unless you create rules to allow the connections.

By the way, yellow is not the best of colours to use for highlighting items… :wink: