I tried to disable my Windows Fax application, and after doing so found my Firewall blocking tons of intrusion attempts listed as Windows Operating System (over 500 yesterday). I am running 3.5, and would like advice on correcting this.
The 10.113.144.1 IP address is a Private LAN address, they’re not used on the Internet. They appear to be DHCP requests (Bootps/Bootpc), maybe to a router. The reason you’re probably getting these is because of a Defense+ setting in CIS… Block all unknown requests if the application is closed . What it means, in terms of security & function, depends on Network set-up and/or connection type and what 10.113.144.1 is to you. And, of course, why it happens when you block Windows fax application (which it might now that I think about it… Win fax is a beast if I remember correctly). How did you block the Windows fax app?
Thatnk you for taking the time to reply. I blocked the fax because I had a hard to shutting down my computer, and in the shut down process a “HiddenFaxWindow” not responding message popped up. This worried me so I blocked fxssvc.exe through Comodo, I believe, until I researched and found that it is a fairly common and innocuous occurence. I never use fax service, and saw that it was recommended by some to block the service if you are not using it. I also bumped up all my comodo settings to paranoid mode, etc., but have since lowered them. As an aside, I am running AVG 8.5 and it is constantly updating for some reason. Maybe I blocked some aspect of AVG as well and that is the what is constantly trying to connect?
let me guess You are on a Cox cable modem net work, and you do not have a router between you and the cable modem. cable companies often use the 10.xxx.xxx.xxx network for their Modem DHCP servers.
This traffic can not come from the interenet as 10.xxx.xxx.xxx is a private IP address and is non-routable. Same with traffic on ports 67-68 (DHCP traffic) most routers will not route this unless specifically programmed to. There for the only possibility is it comes from you own private network or your internet providers network.
If you want you can probably block this traffic, if you have seen no ill results from blocking this before, and I don´t think you will.
just create a rule to block this traffic and do not log or
allow this traffic it really does not matter.
Hope this helps
I downloaded and re uploaded your screenshot and removed your PCs private IP.
Thank you for your help! You are right about my server. My only further question is about Source IP other than 10.xxx.xxx.x. It is also blocking, for example, 190.155.xxx.xxx Source: Type ( 8 ) to Destination Type(0), and 216.58.xxx.xx Source: 10823 to Destination Port 33435.
My only further question is about Source IP other than 10.xxx.xxx.x. It is also blocking, for example, 190.155.xxx.xxx Source: Type ( 8 )Echo request(Ping) to Destination Type(0)Echo Reply(Ping Reply), 190.155.xxx.xxx is your PC IP ? or it could be your providers DHCP server.
216.58.xxx.xx Source: 10823 to Destination Port 33435
Need more info(logs) but I assume 216.58.xxx.xx is a IP on the internet maybe Kail has some ideas.
PS: sorry to horn in on your thread Kail but the first one was obvious to me we had a long discussion about this (DHCP coming from Cable Modem Termination Servers being visible on Cable Modem networks) previously
greenalfonzo, I’ll leave the cable configuration to xiuhcoatl (I can’t say X it looks like a kiss!). But, I do want to inform you that CIS 3.9 is the current release version and perhaps you should consider updating soon.