High amount of intrusion attempts


I don’t know if I should be concerned about this or not. Comodo Firewall logs one attempt on an average of two seconds from the “SYSTEM” application. I look back at the logs and this bombardment from the same IP everytime and always SYSTEM started 4/28/09 and continues still today but I just noticed yesterday. Yesterday I had computer on all day and saw 6000 some blocked intrusions all from the same number.

I did a whois and the ip is from Canada, and I am from Canada but not from where the IP is coming from. It also says from “Interlink Connectivity”

Do I have somethign configured incorrectly or are these real intrusion attempts? If so what can I do to stop them? I have used spyware and scanned computer for virus.

Along with Comodo I am running Avast antivirus.

I use Comodo firewall on my laptop too and do not have any intrusion attempts logged.

Sorry if I am mistaken but I don’t know anything about Firewalls. I just trust it to do its job and let it run.

Please can someone advise? Let me know if you need more infos.

If there are that many incidents it is probably coming from your ISP. I had a similar thing happen a while back with an older version of Norton. I put it on the ignore or exclusion list and that solved the problem.

First and foremost I am NOT the best person to answer this question. I’m also new to Comodo and have not learned how to tweak everything “just so”. However, I noticed some similarities…

If all of these blocked attempts are on the same Destination Port number, take a look at the software that you use, particularly things that require you to open or forward ports. For some people this could be games (including Steam), any Peer-2-Peer software (uTorrent), also things like server software, etc. I’m specifically mentioning ports because the incoming connection attempt is getting past some of the hardware between you and the internet (I’m assuming here you’ve got a modem/router which provides NAT), which implies you opened a passage for the communication (in general, not to “Interlink Connectivity” specifically). So it’s originating in a manner that is likely something you previously participated in.

Please note, so long as Comodo is reporting the intrusion attempt as Blocked, your system is secure from this connection attempt.

If you did open or forward any ports, you might recognize the port number. Or having to contact customer service for instructions on how to let a program use the internet. If you can match the port number to the software, reboot (to reset the intrusion attempts), and run the suspected software ASAP, and see if the intrusion count stays fairly unchanged over the course of 15 minutes or so. Make a note of the count and turn off the software for 15 min. Is the count starting to jump? Then that software is the “culprit” - so to speak. The longer your computer is running, connected to the internet, but not using the port-related software (the game, uTorrent, etc), the higher the intrusion count will go.

One thing about uTorrent I’ve noticed is that some folks seem to make note of a seeder’s ip address and try it repeatedly. (I’m unsure exactly how this is done, but know it’s possible.) They’re not necessarily doing anything negative, just trying to finish downloading.

I think I noticed something like 7000 attempts when I discovered what was happening… but I was also the only person seeding.