I have installed Comodo firewall and set it up as good as I know. So far I have no issues but I´m struggling with the information in the firewall log. I have something about 600 entries with the same information, kinda:
Windows operating system Blocked UDP router address 2081 192.xxx.xxx.xxx 514
What does this mean? I only get these entries when I have set Alert Frequency Level to Medium or higher in the Alert Settings.
Any help appreciated.
■■■■… just found out this toppic doesn’t belong here
No problem, it belongs here
That would be syslog traffic send from your router, so i guess you have configured it somewhere so send syslog traffic to your host.
Edit, the reason for it hitting “Windows Operating System” is because apparently there is no syslog server active on your host, therefore the traffic can not be delivered to the application and it ends up on WOS (Windows Operating System) to drop it…
A oke, I understand. Now I have to find out where to configure syslog traffic on my router :-\
Why is the firewall blocking this traffic? I have added my router in the network zones so I whould expect this traffic is allowed… (am I being stupid :))
PS. Found the syslog option in the router setup. Blocked traffic is a goner
Because there is no application listening on udp port 514, that’s why it get’s dropped to WOS and windows has to drop it because there is no one (application) interested in this traffic…
PS. Found the syslog option in the router setup. Blocked traffic is a goner :)
You can also install a syslog server if you like, you can find one here:
Ronny, thanks for helping me out.
No problem, that’s why we’re here
Have fun exploring CIS…
I know this topic is old but I have a similar question.
I have over 700 entries in the firewall log and they say something like:
System Blocked UDP router iaddress 55751 ‘this pc’ ip address 137
The only thing that changes is the source port. The entries are made every 15 seconds. I have never seen it happen before.
I checked the router syslog and it is disabled.
Did you enable something like filesharing/samba on this ‘router’?
This is typical Windows Broadcast noise, and shouldn’t come from a avg. Router.
Can you tell us the make/model, did you change anything lately on the router or PC? shared a USB drive on it etc?
Thank you for getting back to me.
It is a Sagemcom router (I don’t know the model number. It came with Sky Broadband).
I haven’t changed anything on the router or the PC. I haven’t added any shared drives.
Can you verify this link to see if it’s in this list?
Some of them have ‘advanced media sharing’ I think that’s what’s causing this.
ok I’ve searched everywhere and finally found the model number.
It is F@ST2304
I can’t seem to see it listed on the link you mentioned.
OK. Today I have run the Comodo AV (took about 1.5 hours) and the Windows Malicious Removal Tool (mrt, which took about 3 hours).
Both came up with no infections.
I have since last re-boot over 2000 entries in the firewall log and counting (every 15 seconds).
I am a little worried that I am under attack by a virus, worm, trojan or hacker.
Any advice would be greatly appreciated.
Don’t be to afraid UDP 137 is generally innocent.
Can you click trough the management interface and try to see if there is something like ‘media’ ‘sharing’ etc in there?
I cannot find anything to do with media sharing on my router interface (I search google and can only find references to it on newer models).
I have however been searching through the CIS firewall logs and found the start of this was 3 days ago. It looks like there was a firewall alert that my dad has blocked.
is trying to receive a connection from the Internet
is a safe application. However you are about to receive a connection from another computer. If you are not sure what to do, you should block this request.
Although I still don’t know what this actually is or what it is trying to do every 15 seconds, and if it should really be doing whatever it is doing. Why wasn’t it doing it before?
Sorry to be a nuisance. I am a bit of novice but I enjoy learning.
I’ve borrowed a usb wireless adapter and set up a second PC with the same setup (operating system and CIS install).
I am only getting this traffic alert on this PC that is connected by a cat5 cable.
Is the same ‘block’ rule also configured?
If you testing you might also try to run the stealth ports wizard and chose ‘block all incoming requests’ so that if this traffic is on the wave you’ll also get logging from it.
I’ve just re-downloaded the install file. Uninstalled CIS and installed it again from the new install file.
I then followed the advice here:
and configured both PCs the same.
The logs are back, but only on this PC.
Can you post a screenshot of the logging?
Is this ok?
I copied and pasted the last few lines from the Log Viewer.
Date Application Action Direction Protocol Source IP Source Port Destination IP Destination Port
2011-11-24 18:42:31 System Blocked In UDP 192.168.0.1 40528 192.168.0.2 137
2011-11-24 18:42:46 System Blocked In UDP 192.168.0.1 52514 192.168.0.2 137
2011-11-24 18:43:01 System Blocked In UDP 192.168.0.1 43168 192.168.0.2 137
2011-11-24 18:43:16 System Blocked In UDP 192.168.0.1 52048 192.168.0.2 137
2011-11-24 18:43:31 System Blocked In UDP 192.168.0.1 58247 192.168.0.2 137