I tried to disable my Windows Fax application, and after doing so found my Firewall blocking tons of intrusion attempts listed as Windows Operating System (over 500 yesterday). I am running 3.5, and would like advice on correcting this.
Thank you!
[attachment deleted by admin]
The 10.113.144.1 IP address is a Private LAN address, they’re not used on the Internet. They appear to be DHCP requests (Bootps/Bootpc), maybe to a router. The reason you’re probably getting these is because of a Defense+ setting in CIS… Block all unknown requests if the application is closed . What it means, in terms of security & function, depends on Network set-up and/or connection type and what 10.113.144.1 is to you. And, of course, why it happens when you block Windows fax application (which it might now that I think about it… Win fax is a beast if I remember correctly). How did you block the Windows fax app?
Thatnk you for taking the time to reply. I blocked the fax because I had a hard to shutting down my computer, and in the shut down process a “HiddenFaxWindow” not responding message popped up. This worried me so I blocked fxssvc.exe through Comodo, I believe, until I researched and found that it is a fairly common and innocuous occurence. I never use fax service, and saw that it was recommended by some to block the service if you are not using it. I also bumped up all my comodo settings to paranoid mode, etc., but have since lowered them. As an aside, I am running AVG 8.5 and it is constantly updating for some reason. Maybe I blocked some aspect of AVG as well and that is the what is constantly trying to connect?
Okay, I just checked my network defense applications, and found that I have blocked “Block and Log IP In from IP Any to IP Any where Protocol is Any”
If that is helpful.
Confirmation: When the block messages were generated CIS was in Proactive Security mode?
Which version of CIS do you have?
What’s your OS?
What type of Internet connection do you have?
Do you have LAN? Are there other LAN members? Network devices?
AVG: Check the Defense+ event log to see if anything is being logged for AVG.
I am not sure, but it was after I bumped up my security levels after becoming alarmed by the fxssvc.exe
I have comodo 3.5 firewall
XP
Cable
I am not on a LAN, regular cable from home
Nothing is listed for AVG in the Defense + events
It looks like this is a cable modem network.
let me guess You are on a Cox cable modem net work, and you do not have a router between you and the cable modem. cable companies often use the 10.xxx.xxx.xxx network for their Modem DHCP servers.
This traffic can not come from the interenet as 10.xxx.xxx.xxx is a private IP address and is non-routable. Same with traffic on ports 67-68 (DHCP traffic) most routers will not route this unless specifically programmed to. There for the only possibility is it comes from you own private network or your internet providers network.
If you want you can probably block this traffic, if you have seen no ill results from blocking this before, and I don´t think you will.
just create a rule to block this traffic and do not log or
allow this traffic it really does not matter.
Hope this helps
X
I downloaded and re uploaded your screenshot and removed your PCs private IP.
Thank you for your help! You are right about my server. My only further question is about Source IP other than 10.xxx.xxx.x. It is also blocking, for example, 190.155.xxx.xxx Source: Type ( 8 ) to Destination Type(0), and 216.58.xxx.xx Source: 10823 to Destination Port 33435.
My only further question is about Source IP other than 10.xxx.xxx.x. It is also blocking, for example, 190.155.xxx.xxx Source: Type ( 8 )Echo request(Ping) to Destination Type(0)Echo Reply(Ping Reply), 190.155.xxx.xxx is your PC IP ? or it could be your providers DHCP server.
216.58.xxx.xx Source: 10823 to Destination Port 33435
Need more info(logs) but I assume 216.58.xxx.xx is a IP on the internet maybe Kail has some ideas.
X
PS: sorry to horn in on your thread Kail but the first one was obvious to me we had a long discussion about this (DHCP coming from Cable Modem Termination Servers being visible on Cable Modem networks) previously
greenalfonzo, I’ll leave the cable configuration to xiuhcoatl (I can’t say X it looks like a kiss!). But, I do want to inform you that CIS 3.9 is the current release version and perhaps you should consider updating soon.
Thank you both for your assistance. I will uninstall and upgrade to the latest version and hopefully that will help resolve the problem.
Yes, I’d say that is probably the best plan. Pop back & let us know how it goes.
xiuhcoatl: I completely missed where you were asking me something. I’m sorry. :-[
LOL don’t worry about it Kail, if GA needs more advice I will research it or ask for more help