Hello everyone, Ive been using Comodo Firewall for a couple of months now, now complains it works great, my question is that recently ive noticed that both: Network Defense and Proactive Defense are reporting attacks over the 300 attacks in a couple of hours.
on the summary of proactive defense, whats mostly being blocked is something called: RPC Control/DNSResolver
and on the Network Defense summary the ip 192.168.1.113 (UDP) and 126.96.36.199 (ICMP) are the ones that keep being blocked, i did a ip lookup and some of this are linked to BLACKHOLE-1.IANA.ORG
so my question is am i being attacked ? is someone coneceted to my pc ? what steps should i take in case of something bad going on ?
my box : pc vaio, win xp, comodo firewall 3.10 and my security level is on Custom Policy Mode.
thanks alot guys
btw… if ur asking why i didn’t post this on the COMODO FIREWALL SECTION V 3 is because i don’t know why i don’t get the new topic buttons or nothing as if haven’t loged in…so sorry…
ok thanks for your help, here are the screen shots of each window proactive and network defense and here you will see many ip’s some with source in Germany, Some from IANA.org and some from other places i also saw this “macromed” folder on my system32 witch should be macromedia right?
anyways my ISP is not in Germany and i do have a router and im connected through ethernet cable no lan… just the wireless signal to other pc’s but except for mine that is connected via cable (ethernet)
in the jpegs, the list is very long from 300 too 600 attacks on both …
i hope this is something “normal”?..
let me know if theres other info that can help… thanks guys O0
go to Firewall>Stealth ports wizard>choose Alert me to incoming connections
stealth my ports on a per-case basis>go to Firewall Behavior Settings>
change to training mode>run firefox for a while>quit firefox>
change to safe mode.
delete rules for firefox>make D+ to training mode>run firefox>
go to Defense+>Computer Security Policy>choose firefox>
click Edit>choose ‘Use a Predefined Policy’>change it to ‘Web Browser’>
and quit firefox>change D+ to Clean PC mode.
key point: use training mode for a while.
Also you need to do following stuffs.
1.allow AVG to ‘Trusted’.(in firewall and D+)
2.Disable NETBIOS feature in your ‘network connection’.(if you don’t use network sharing in your LAN)
Do you use 2 Antivirus?
If you do, delete one of Antivirus.
Use CAV(comodo antivirus) or Antivir instead of AVG, if you want to use Free Antivirus.
thanks alot Creasy this has helped me a lot! :-TU my question is, where does it say that i use 2 antivirus??? maybe its some left over of previous av’s? but where can i see it so i can completely remove it,.
thanks for the advice i will consider buying a av or trying a different one.
as for Netbios, i did disable it but i cant connect to the internet… its stuck trying to acquire network… and can’t ever renew my ip… so i had to enable it again… if anyone knows a way around this to have netbios off and working internet pls let me know
ive changed everything as told and im on training mode atm.