Is it normal to have so many log entries?

Well, I have noticed I am getting a lot of entries in my log… at least 10 each minute, as you can see in the sample attached to this message… is it normal?


[attachment deleted by admin]

Are you behind a hardware firewall? What do you have the global rules set to?

From looking at your log, I’d guess that you’ve been running a torrent (or comparable) on port 54273. Am I right?

If so, then this is normal traffic, as all those other torrent users out on the Internet don’t know that your torrent server is turned off (and so, everything gets sent to ‘the system’). When it dawns on all those other machines that your server is offline, they’ll quit trying. Until that happens, you can expect a lot of folks knocking on your door.

As an alternative, you can set up a blocking rule for ‘Windows Operating System’ as an Application Rule (not as a Global Rule), to block and not log this traffic. If you set this as a Global Rule, you’ll block all of your torrent traffic, which is not what you want to do.

If you’re not running torrents, then something else is going on.

@Vettetech - You’ll note in the posted log that the destination address is an Internet address. If a router was present this wouldn’t be the case, as the log would then show a private address space. So, no router, and no hardware firewall.

grue155 is right, I don’t have any hardware firewall, I will attach my firewall settings, in case you want to take a look at them (most of my rules come from the advices received in this thread:

In fact, I have run utorrent, but not in the last 2 days, and my IP is dinamically assigned to me each time I connect to internet (my modem uses PPPoE, so I have to “dial up”, just like the old 33,6 modems), so I figure other peers should not know my current IP, unless I start utorrent again…

[attachment deleted by admin]

Windows has this “feature” where it will ask for the same IP address each time it reconnects. If that address is available, the DHCP server will likely say ‘okay’. I don’t know that routers will do that, but Windows does. Since you are connecting directly, without a router, you are likely getting the same Internet IP address each time. Or at least the majority of the time.

Maybe it is part of my ISP policy, but I almost always get a different IP when I connect to internet, even if I am offline for just a few seconds (I have checked that, using ipconfig). So the mistery about why I am receiving utorrent requests at my new IP, remains unsolved…

When you get a new and different IP address, you should no longer get traffic trying to reach your torrent port. Unless, just by long shot and lightning strike coincidence, the previous user assigned that IP address just happened to be using that same port for their torrent. Remotely possible once, but not twice, I suspect, in this universe.

I have the same opinon, maybe there is another cause for that blocked traffic…

If you are getting the same port queried and you have different IP addresses each time, then I’d suspect something from your machine is communicating outward. If you have a torrent query capability, different from any installed but not running torrent server, the query might be carrying the port number.

I don’t think I have another app related to torrents, I just have emule and utorrent, but I have not run them since several restarts (each restart means an IP change, plus the changes without restarting the computer), and those are the only p2p apps I have installed (maybe there is something else, but I am not aware about it… so I would consider it as malware if I found it).

My computer seems to behave properly, but I was not sure if it was normall to have so many log entries, and since it seems it is not, not I am more puzzled… By the way, I am supposed to be fully stealth, according to Shields Up test…

Something could have tucked itself away somewhere. An easy check is to run AutoRuns, a utility from (since acquired by Microsoft). The utility is available at Autoruns for Windows - Sysinternals | Microsoft Learn

It seems AutoRuns is a very good utility, however, I didn’t find anything “strange”… well, I figure I will have to forget about this thing…