there was a time not to long ago where i had allowed incoming svchost connection. I didn´t even know it then a few day later i opened comodo and i saw 1 incoming connection from svchost. I immediately blocked the connection and now it get constantly blocked. What is this? I checked my pc with avast, hitman pro, malwarebytes, kaspersky av and comodo av. They all say no viruses found. So what is this? Is this normal?
I also want to say that ip 192.168.1.127 is my android phone connected to wifi. What the hell is going on?
Here are the pictures. Please advise.
Check your system rule under Firewall < Advanced settings < Application rules. If Comodo detected your network and you answered the alert as home/work it should have created a safe network zone and used those automatically for the pseudo process ‘System’.
IN UDP 137 is NetBios
IN TCP 2869 is SSDP
Those are used for network device discovery and file sharing & printer sharing.
aim4it thank you for your help. So what should i do? Disable filesharing and netbios on a windows 10 pc? And what is that incoming svchost connection trying to do on port 51653? I allowed it once and i always had 1 incoming connection. I dont like this.
The UDP 51653 is from UDP 1900 query which is the UPnP service (part of SSDP) which allows for programs to automatically negotiate access though a NAT Device (Router).
Depends if you need to do file sharing/printer sharing with any devices on your network.
I removed cis and installed comodo firewall instead. Im playing with an idea to have cfw and a seperate av…avast free or paid kaspersky for av. I can get it for 10 eur.
Anyway when i established wifi connection a popup appeared and i selected home network. I dont get those network intrusions anymore. But cfw still blocks arp protocol. Network intrusions appear when we at home connect to the wifi with smartphones. Im sure this is not a security concern, so is there a way i can add those ips of smartphones to the exlusion list or whitelist them, so there won´t be any network intrusions showing up?
Its a side affect of having “enable anti-ARP spoofing” firewall setting as comodo will block gratuitous ARP packets, and in this case these are gratuitouse arp requests that are being sent by your smartphones which I have noticed happen with iPhones. Unfortunately you can’t prevent these logged intrusions from being logged other than to disable the anti-arp spoofing setting.
So this setting prevent someone doing mitm right? Can someone mitm me if he is not in my wifi network, can mitm happen from the outside? I might turn this off if is ok to.
Yes this setting is to protect against ARP type mitm attack which requires an attacker to be connected on the same local network as you are. So if you know exactly who or whats on your local network you can disable this option. But if you have a laptop and you use it to connect to a public network you should have this setting turned on.
