Firewall Logs Continuously

Happy 4th to all Comodo Members,

just went into the port wizard and changed all ports to stealth.

Prior to that I have not had one entry in the firewall log.
Now there is continuous logging (2 or 3 times per minute)

My question is: Is this normal? (won’t take long for hundreds of entries to show up)

I have a standalone desktop, Windows XP, Service Pack 3, DSL connection

I have the new version of CIS just released (3.10) as the only security software installed. Nothing else to conflict with CIS.

You folks helped me out so much with my last problem where the DSL connection would keep dropping
once I closed the browser. That Problem has been fixed, thanks to all the good advice. Wound up
installing Connection Keep Alive.

Also, if I wanted to go back to the default settings as they were installed by the software,
how would I do that?

thank you very much for any education on this firewall and stealthing or unstealting ports


it looks like it is coming for your router

Is it normal for the modem to do this?

If not, how can it be changed? Is it due to the software that’s keeping the connection alive?
Can the stealthing of the ports be reset to install defaults?

This is what the stealthing of the ports changed the global rules to:

How can i keep the ports in stealth mode and not have any un-needed logging?

Thanks for any help,


Most of it is IGMP traffic. You can safely allow this. Use the following tutorial from point 11 on to allow this traffic:;msg230413#msg230413 .

Thanks much EricJH,
I’ll check it out.

As always, I appreciate your help.


Made 3 global rules as suggested.

Still a lot of logging going on. Are there any other changes that can be made!

Attached should be current screenshots of log and global rules.

Thanks for all the help. Hope the screen shots are readable for you.


What IP address is the for? Is that your local IP address or the local IP address of your router? Can you tell me a bit more about your network connection? Do you have ADSL or cable? Do you use a router?

Hi EricJH,

This is a standalone desktop, windows xp sp3

I’m not on any network (except for internet connection).

I have DSL connection from AT&T through a Speedstream dsl modem… model 4100
there is no router, just the modem… pretty basic setup. is the modem address is the IP address is the IP Gateway

let me know if you need any more info.

Thanks again for the help


Most of them are echo requests from local IP address

Add the following Global Rule:
Action: Allow
Protocol: ICMP
Direction: In
Description: Allow echo request

Source Address: ANY
Destination address: Your MAC address or local IP address (only if it is a fixed address)
ICMP details: Echo request

Make sure it is above the basic block rule like the other rules.

There is other traffic coming on port 28748. Do you use a p2p program that uses this port?

Hi EricJH,

I’ll go ahead and setup that rule.

I had a p2p (360Share) on the system at one time but I uninstalled it due to security concerns.

Is there a way to find and remove any remnants that may be left?

I don’t want any p2p activity at all.



Okay, I added the global rule but it still seems to be logging quite a bit.

See above post on P2P.


Try adding a rule similar like the previous but fill in with ICMP details → custom → fill in type 8 and code 0.

Does that do the trick for you?

Hi EricJH,
I set up the global rule as in this screenshot.

It did not add the rule as I entered it. When I went in to Edit the rule to see if it was okay,
this is what the rule shows

The new logging is as follows:

Not sure what’s going on with the rule but it’s apparently not valid.

I put in the MAC Address as with the others… was this correct?

Thanks for all your help with this,


To make sure you have entered the MAC address correctly check with ipconfig /all.

Go to Start → Run → cmd → enter → ipconfig /all (notice the space before .all) → now look up the MAC address for your network adapter.

Okay EricJH,

Here is what I found:

In Ipconfig, I get a different number than what shows up in the modem Config.

screenshot of Modem:

Screenshot of IPCONFIG:

Just for the sake of trying it, I changed the MAC address in the global rule I’m trying to set up to the
Physical address that shows up in ipconfig, which is different from the Modem MAC Address but is the only address which contains the same amount of numbers that the Modem MAC address has. Anyway, it made no difference, it does not accept it.

Confusing but Amusing, thanks for hangin’ in. I appreciate it.


You need to fill in the MAC address of your network adapter as shown by the ipconfig command. The MAC address to fill in is: 00-40-CA-94-CF-50. I hope I read that MAC address properly.

Your photos are unclear; I need to zoom in on them to be able to properly read them. Next time please post higher resolution images. 32 bits instead of 24 bits.


Thanks for the information on ipconfig and using that physical address. That did the trick.

I was unaware of those stats, and under the assumption that what was showing up in the
modem config was the configuration involved.
The firewall log is much cleaner and just logging a few UDP and TCP events

I have no idea what all that is.

Just a quick question… is there any writeup or entries in this forum that I can look through that
would explain what is being blocked and why. As you can tell, I am new to this forum and to COMODO
Internet Security, but I am very impressed with your software and with your support.

Thanks so much.


To learn more you can start with our FAQ’s: . They only cover certain basic things. Other than that feel free to ask. (:NRD)