Can someone tell me why I’m getting all these intrusion attempts? Most of them are coming from " Windows Operating System" and “Svchost” and “System”. I always spend hours searching in forums and can usually find answers but I’ve had no luck so here I am. Most of the responses I’ve read say that this is because of peer-to-peer programs still running or something like that. I also found one that said it was just “noise” and to select the “Disable NetBIOS…” I’ve never had any peer-to-peer/torrent program on my computer so I know its not that and I disable the NetBIOS over TCP/IP (even though I don’t know what that does) and that didn’t work either. I am however running Abyss Web Server and I have a website but Abyss has it’s own policy and works fine. I’m not an expert by any means so I’m not sure if this is still happening because of the Server. What I think is strange is that all the source IP address are coming from different places.
It’s a pretty simple setup. I’m going from my cable modem to a D-Link wireless router to my PCs. The computer with the issue is wired. I give both my PCs a static IP address. I’ve changed the address to see if the attempts stop and they don’t.
You’re right in that I am glad that the firewall is working. But the attempts give me more reason to find out whats going on not less reason. For only a few simple observations
This just started happening about 1 month ago
My other PC has only 3 or 4 attempts a day
I can change my IP address and still get the same attempts.
Simple knowledge to know whats going on for instance what is the difference between “Windows Operating System” trying to connect to your PC and “scvhost” trying to connect.
If it is indeed random “noise” and harmless then I’ll just have to deal with it but for some reason it doesn’t seem normal. But again…I’m no expert.
I am wondering about what is being logged as well. Behind a router you usually only get traffic form your local network and traffic from the web through ports that are open on the router. It looks like you are directly connected to the web. May be your computer is set as DMZ (demilitarized zone) on your router. This is also called exposed host. Can you check your router settings?
What is IP address of your computer? Is it a public IP address or is it a local IP address (either in the 10.x.y.z range or in the 192.168.x.y range)?
I would check your router settings. If you have both NAT and statefull inspection set on, 99% of all inturion attemps should be blocked by the router. You should also have a firewall on that Linksys. Turn in on. Most routers have simple two option firewall settings such as stealth all inbound or stealth all inbound except for LAN ports, etc. You might also have to open ports on the router firewall for your server.
I am on DSL with my router configured as above and once in a blue moon I might see something slip through that Comodo catches.
CIS seems to be doing the same thing for me. It started about a week ago. I am getting many thousand attempts blocked per day. I notice that it is a regular thing. Every 2-3 seconds there will be another. I have posted a screenshot of part of my log. I am inside of a network right now.
Hello Chiron494, It looks like those ips belong to Michigan State University, are you associated with them? Please describe your network. Please post screenshots of your global rules perhaps start your own topic in firewall help (so the OPs problem gets resolved) and one of the mods will, im sure assist you
@Chiron. Most of what your logs shows is NETBIOS traffic. NETBIOS is a protocol used by Microsoft to be able to share files and folders over local network. Other part of the traffic is Universal Plug and Play and bootstrap. It is all innocuous. It is just regular noise and shows that the firewall does its job.
In case you want to not see that stuff logged you can consider the following. Depending on your situation you can decide to disable NETBIOS (you can not share over any local network) or make a global rule to disregard it so it won’t show. But something tells me you may be on a laptop and may be at home you may want to share stuff over the network then I would advice against disabling NETBIOS.