I have not had a single intrusion attempt until today. I saw that system.exe was trying to be accessed by another computer so i blocked it. Now it keeps blocking intrusion attempts, not many but few.
I’m wondering if this is normal since i haven’t had it happen in comodo until now. I remember zonealarm blocking several intrusion attempts.
It depends, how do you connect to the internet, behind a router or directly connected with a cable or dsl modem, what was/is the source IP address that you blocked see intrusion attempts from? If you can, attach a screenshot of the firewall log, and if not behind a router edit out your IP address.
http://img196.imageshack.us/img196/3320/attach.png
Lähde-ip is where the intrusion attempts come from. Kohdeportti is simply the port the infected computers are trying to access, i think. This happened only after i downloaded a torrent.
Isn’t this normal operation for a bit-torrent client? You’ve downloaded a file, so now other systems are trying to download the file from your computer?
I don’t use torrents so I don’t know which ports and protocols are used, but this sounds normal for a P2P application to me…
Nay, it hasn’t happened before when i downloaded torrents. Although people can see your IP-address when you download a torrent, so that could be the cause.
No this is NOT p2p traffic. From the logs, the intrusions are on:-
port 445 = The port 445 is a service message block used for file sharing on Windows XP, 2000, 2003, ME, and other SAMBA-related connections. The port 445 in inbound traffic scans the system typically for shared files that users outside try to harvest into the computer’s system. This is blocked by port 445 to avoid the installation of malicious applications.
This port was used by the sasser worm to infect PC’s by expoiting a bug in windows. If your windows is unpatched and you allow this connection, you will get infected. If its patched there is no need to worry.
Port 137 = Port 137 is a Net Service protocol within a NETBIOS. It is a main requirement for Microsoft users operating mostly on networking platforms such as Windows 9x, ME, NT and Windows 2000. Commonly, these operating systems specialize in networking topology.
Port 137 is a code of behavior providing functions for log-on sequence, pass-thru validations, trust support, Windows System Registration, and Windows NT Secure Channel. These are all related to network and stream security.
This is again an exploitable port.
All the incoming traffic is malicious in my opinion, system should not recieve any traffic. The p2p client should, and that to at its own port. Eg. Utorrent uses port numbers over 1000 and recomended is over 10000-65536.
Block this traffic. As to the reason why it suddenly appeared, maybe you did something to “announce” your presence and or windows did it for you. No worries, just keep it blocked. :-TU