intrusion Attempt. Please Help!!!

skboss · November 18, 2008, 9:35pm

Hi, I am not sure if this is the right place to post this problem. But still if someone can help me out with my problem that would be much appreciated.

For couple of days COMODO firewall is consistently reporting couple of Intrusion attempt to my Pc. All of those attacks are coming from ip 98.113.136.112 and it’s ISP comes up as Verizon. The attacker is trying to use port 843 of my PC and all the attacks are being done by Firefox. The weird thing is that: Couple of days ago I defined Firefox as Web browser in COMODO Firewall and that’s when the firewall started reporting the attacks. But before that when the firewall was set to allow any connection in and out of the P.C.; that time the Firewall didn’t detect the attacks.

I was wondering why is that happening? Is there anything that I can do that would protect me from those intrusion attempt? Any suggestion will be appreciated.

system · November 18, 2008, 9:42pm

Can you post a copy of your log. Can’t really tell from your description whether they are actually inbound or outbound, and how Firefox is involved. You can export you log simply by going to the firewall log, selecting more, file, and then export as html, and attach that to a message.

skboss · November 18, 2008, 11:01pm

Thanks, But unfortunately I don’t see any Firewall Log option in COMODO. I see Firewall Event. Is that what you are talking about? Please let me know.

system · November 18, 2008, 11:05pm

View Firewall Events will bring up the log first page. At the bottom is a button for “more”. In the upper left corner of the more display is a field that says file. If you select that, there will be the option to export the firewall log to html.

skboss · November 18, 2008, 11:38pm

Thank you. I really appreciate your help. I have attached the log file. I really appreciate your help.

[attachment deleted by admin]

system · November 18, 2008, 11:53pm

The Firefox connections are outgoing, being initiated by you to those websites. Port 82 is a fairly common substitute for port 80 on some http servers; don’t know what port 843 is doing-it is unusual to see in a web browser. With the blocks there should be some websites you browse that don’t open properly, unless you are using a Firefox extension to support utorrent or ? You didn’t see them before because the Comodo web browser rules don’t include these uncommon ports by default. If you need them, you can go to the predefined rules at “my port sets” for http ports and add them there. If you don’t recognize any of this, do a virus scan just in case.