Firewall Intrusions - how 2 tell what ea is? Generally not specifically. Learn

I have 833 intrusions blocked by the Firewall, how do I know what each is? Good bac, etc?


Comodo’s main GUI has 5 buttons on the top.

Click the central button, FIREWALL

In the left column ensure “Common Tasks” is selected, and click the button on the right, “View Firewall Events”

Happy reading.


Can you post a screenshot of the firewall logs? Also let us know what connection you are on and if there is a router present.

I want learn about, not get help on specific stuff.

What tools and skills do I need to learn what each of those BLOCKS are, and why they are?
What skills do I need to begin reading to use said tools?

I have stuff like netstat agent, Sec task mgr

Note: I am not a newbie, but am to network stuff, IP stuff,transmission of malware. But I fight it for a living, so i know most about killing stuff, less about PREVENTING stuff. Self-employed 15 years home computer repair, 9 years as a webmaster.

You know, re-reading my reply, that came off kinda stern, so sorry.

Re-explaining, Im not posting for tech support, but for learning resources.

Thanks lots.

You will learn as I explain the different types of traffic that show up in the logs. Trust me.

Ok screenshot, thanks much.

Edit the screenshot, better not post your source ip … you never know who’s reading…

[attachment deleted by admin]

Okay now to what’s going on.

Red is your source ip address.

Blue is Windows “noise” netbios datagram and netbios nameservice.

Stuff with destination .255 is broadcast traffic like I’m here who else is on this local network…

Green you seem to be hosting something on port TCP 9709 or have been hosting something on this port, it’s also possible that it’s just someone probing an ip range for this port and your just blocking it. (If you used a P2P recently this behavior can show also, as the application is no longer listening the traffic ends up on Windows Operating System and that doesn’t now where to put it…)

To disable the windows noise go to your adapter settings and open the TCP/IP Properties.
Now go to advanced and WINS there you can disable Netbios over TCP. Once disabled this will remove listeners for 137,138,139 and also remove this noise in your logging.

If you like to check how active this port is probed on the net check here:

Thank you for replying and explaining this to me. Ive got some stuff to learn… yes.

No problem, if you have more questions feel free to ask…