is this an attack ? 350 blocked intrusion attempts.

Hello everyone, Ive been using Comodo Firewall for a couple of months now, now complains it works great, my question is that recently ive noticed that both: Network Defense and Proactive Defense are reporting attacks over the 300 attacks in a couple of hours.

on the summary of proactive defense, whats mostly being blocked is something called: RPC Control/DNSResolver

and on the Network Defense summary the ip (UDP) and (ICMP) are the ones that keep being blocked, i did a ip lookup and some of this are linked to BLACKHOLE-1.IANA.ORG

so my question is am i being attacked ? is someone coneceted to my pc ? what steps should i take in case of something bad going on ?

my box : pc vaio, win xp, comodo firewall 3.10 and my security level is on Custom Policy Mode.

thanks alot guys

btw… if ur asking why i didn’t post this on the COMODO FIREWALL SECTION V 3 is because i don’t know why i don’t get the new topic buttons or nothing as if haven’t loged in…so sorry…

Welcome to the forum CR0SSF1RE.

Would there be a chance you could post a screen shot of these events please. Also could you tell us if you’re using a router and if you have a LAN.


Your IP look up is wrong.
Check this out.

THEPLANET-AS - Internet Services, Inc.

Contry: Germany

Is that your ISP?

ok thanks for your help, here are the screen shots of each window proactive and network defense and here you will see many ip’s some with source in Germany, Some from and some from other places i also saw this “macromed” folder on my system32 witch should be macromedia right?

anyways my ISP is not in Germany and i do have a router and im connected through ethernet cable no lan… just the wireless signal to other pc’s but except for mine that is connected via cable (ethernet)

in the jpegs, the list is very long from 300 too 600 attacks on both …

i hope this is something “normal”?..

let me know if theres other info that can help… thanks guys O0

[attachment deleted by admin]

It’s not an intrusion attmpts.

Try this.

For firewall:
go to Firewall>Stealth ports wizard>choose Alert me to incoming connections
stealth my ports on a per-case basis>go to Firewall Behavior Settings>
change to training mode>run firefox for a while>quit firefox>
change to safe mode.

For Defense+:
delete rules for firefox>make D+ to training mode>run firefox>
go to Defense+>Computer Security Policy>choose firefox>
click Edit>choose ‘Use a Predefined Policy’>change it to ‘Web Browser’>
and quit firefox>change D+ to Clean PC mode.

key point: use training mode for a while.
Also you need to do following stuffs.
1.allow AVG to ‘Trusted’.(in firewall and D+)
2.Disable NETBIOS feature in your ‘network connection’.(if you don’t use network sharing in your LAN)

Do you use 2 Antivirus?
If you do, delete one of Antivirus.
Use CAV(comodo antivirus) or Antivir instead of AVG, if you want to use Free Antivirus.

thanks alot Creasy this has helped me a lot! :-TU my question is, where does it say that i use 2 antivirus??? maybe its some left over of previous av’s? but where can i see it so i can completely remove it,.

thanks for the advice i will consider buying a av or trying a different one.

as for Netbios, i did disable it but i cant connect to the internet… its stuck trying to acquire network… and can’t ever renew my ip… so i had to enable it again… if anyone knows a way around this to have netbios off and working internet pls let me know

ive changed everything as told and im on training mode atm.