Inbound policy violation... help plz

I need help figuring out what these range of ips are. I already called my isp and they said it could be an application I have installed and to contact you guys about it.

[UDP] [] [Medium] [Destination: ***:unpnp5000 (Inbound Policy Violation - Access Denied)]

[UDP] [] [High] [Destination: (Fragmented IP Packet)]

[UDP] [] [High] [Destination: (Fake or Malformed UDP Packet)]

[UDP] [] [Medium] [Destination: ***:unpnp5000 (Inbound Policy Violation - Access Denied)]

[UDP] [] [Medium] [Destination: ***:unpnp5000 (Inbound Policy Violation - Access Denied)]

They attack 24/7 in repeated groups. Blocking these uses around 15+% of my cpu every ~15 seconds… which slows my gaming considerably :frowning:

When I did an IP look-up, it said that these ip adresses come from Dublin, Germany… so my isp kinda pissed me off when they said it was internal when comodo says incoming packets blocked :stuck_out_tongue:

If anyone has any information on what to do about this, it would be greatly appreciated. It might be an application I use? The only applications I have running are AVG Anti-Virus Free version 7.5.516 and COMODO Firewall Free version DBV 3.0. All servicees have been optimized to minimal use from and I uninstalled Azereus and Shareaza. The only application I have recently installed is proxomitron. I do not belive I have any viruses (scanned with avg, ad-aware, spy-bot) and I have always been a safe web surfer and use ONLY Firefox. The only bad thing is I use Win2000 and I recently (stupid) tried a proxy that was no good… which was around the time I started getting these attacks (I think.) Oh and I play a bunch of the good FPS online games.


hello, did u try with comodo 3.0 ?

Comodo Firewall Pro 3.0 is for Windows XP. I am using Windows 2000. Thank you, though.


From IANA for - This is the “link local” block. It is allocated for communication between hosts on a single link. Hosts obtain these
addresses by auto-configuration, such as when a DHCP server may not
be found.

unpnp:5000 universal Plug and Play service:
You can disable it along with SSDP Discovery Service

OK, so my internet did not work when I dissabled DHCP Client (I dissabled that one becuase it matched the description you said and I could not find the SSDP Discovery Service in Services Local). I found that it did fix the High Severity attacks but I recieved the well known “Unable to establish and internet connection.” with Firefox :frowning:

When I tried dissabling and stoping the Plug and Play service and restarting my computer… this is with DHCP enabled… I had trouble getting past my logon (the cursor changed to “working” and would not let me click on OK) so then it finally bypassed that by waiting, then it slowly loaded my desktop. Another thing is that I like the plug and play feature, but why does it need any connection to the internet that is what I dont understand. And that sounds like a security vulnerability? Also I see no need of using IANA (if you read there security policy, they are very deceptive) I just want basic internet, heh. I have Verizon FiOS, so I wunder if IANA is a new affiliate? Is IANA safe? But even when I allow the specific ips and ports comodo still blocks them. So I’m assuming they are no good.

Did you test your suggestions on a Windows 2000 computer and did not have any problems… if so I might just reinstall windows, it’s about that time anyway.

Thanks for your help!


Sorry, but I just guessing by info. you posted above, I don’t have Comodo 2.×× series (never used it) and I don’t have Win 2000 installed and my memory of it fading away, What you need to do is to post more information about your system (type of connection etc.) another thing which you need to know is that your question is on wrong department of forum…
Help for v2 is where you should post your question, somebody there will help you…

BTW… UniversalPnP is not the same as PnP, (Do not even think to disable Plug and Play)

OK thanks!