Incoming connections... who... what?!

Hey, well today I just decided to view my firewall/CIS because I like to see what’s going on, and it had some incoming connections… I decided to ping, no use. So I did a search, and they’re IP’s from telefonica (the biggest Spanish ISP). Telefonica is also my ISP btw.

Anyway, they were coming in through “system” - seems a bit weird to me. Can anybody give me any information? I keep terminating the connections and I’ve beefed up the firewall rules.

http://www.tehupload.com/uploads/74860d6317e4032weird.PNG

According to wiki, port 445 is the Microsoft Directory Services port, but those IP’s weren’t from MS.

Thanks!

There should not be any incoming connection.

Stealth your port and block all incoming connection through CIS firewall setting(stealth port wizard).
Imo your PC may have been hacked into. . . .I have no incoming connection and I make sure that it stays that way from time to time.

Check your network zone list. See if there’s anything aside from your ISP network and the loopback zone listed there. If you are not using Peer to peer conection such as hamachi you should only see one other network zone aside from the loopback zone. Delete any unknown network from the list and set CIS to never detect any more network.

You may also want to check your network policy list
See if you find anything that you don’t recognized(make sure they are not windows origin exe itself)
Remove or block any unknown entry. You should be familiar with your network policy list.

Run COMODO leaktest. Download it from COMODO site/forum and run it with your PC being onliine from time to time. If you score 340/340 you’re fine if you score less than perfect your PC security may have been compromised.

Run CIS diagnostic through CIS, CIS will report its installation integrity. Usually hackers would attack your firewall and antivirus first to make subsequent intrusion attempt easier.

Run Hijackthis application from trend micro(just google hijackthis download)
Do a scan and copy the log file and analyze it in here http://www.hijackthis.de/
Fix those lsited as dangerous or unwanted and such through hijackthis interface. . .

How do you connect to to your ISP? Are you on cable of DSL? What kind of modem do you use; one with a router or one without router?

What do the logs of the firewall show for that traffic? Can you post a screenshot?

If you are connecting by modem, this is normal ISP → client chatter.

Oh sorry I assumed he was on cable like I am and I never have any incoming connection :-\