Logging "Inbound Policy Violation" Every Minute

Comodo Internet Security - CIS Install / Setup / Configuration Help - CIS
1

Hello. I’ve seen multiple posts on this forum about this but no solution. I am not running any kind of torrent. Any help would be appreciated. Thank you.

COMODO Firewall Pro Logs

Date Created: 19:22:30 06-01-2009

Log Scope:: Today

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.1:***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:22:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:20:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:20:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:20:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:20:05
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:20:05
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

Date/Time :2009-01-06 19:20:05
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.1, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.168.1.***
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5

2

Please see this. Hope this will be helpful

https://forums.comodo.com/firewall_help/help_with_analyzing_blocked_intrusion_attempts-t32699.0.html

3

Turn off upnp (Universal Plug and Play) in your router

4

I do not know if that is a good idea…

The upnp protocol is being used to let devices automatically detect each other… so if you turn this off, you have to set stuff manually… This can be difficult for novice users… ( I am not saying he is a novice user, just telling a consequence…)

5

well since upnp is being blocked by the firewall it cant connect to configure anything

6

I am not sure if CIS firewall automatically blocks upnp traffic, but if that is the case, than I agree with you to turn off upnp, because it is being blocked by CIS firewall already… unless there is the possibility to unblock the upnp traffic by CIS firewall…

anyway, my personal opinion is just to leave it on, it makes life just easier… (:WIN)

7

Hi. I apologize for not updating my post. I actually solved the problem of multiple inbound policy violations simply by creating a new trusted network for my router using Comodo’s wizard; which I should have done a long time ago.

Another violation is logged now though, of an outbound policy:

Date/Time :2009-01-09 03:33:32
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.***
Destination: 208.180.42.68
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Date/Time :2009-01-09 03:33:32
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.***
Destination: 66.76.227.40
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Date/Time :2009-01-09 03:30:06
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.***
Destination: 66.76.227.40
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Date/Time :2009-01-09 03:19:11
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.***
Destination: 208.180.42.68
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Date/Time :2009-01-09 03:04:14
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.***
Destination: 66.76.227.40
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

I’m not certain whether or not these were occurring before I ran wizard. They are less frequent. The two destination IP’s seem to be my ISP’s error-reporting server (if I understood correctly after looking them up using ARIN).

I added a zone for each IP but that didn’t do anything (I wasn’t sure if it would, to be honest).

I am also getting outbound violations regarding IGMProtocol but I am not sure if these started as a result of adding the two zones for the above IP’s. Here is an example of the IGMP logged violations:

Date/Time :2009-01-09 03:37:14
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.***
Destination: 224.0.0.22
Reason: Network Control Rule ID = 7

Date/Time :2009-01-09 03:37:04
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.***
Destination: 224.0.0.22
Reason: Network Control Rule ID = 7

I’ve now deleted the aforementioned added zones to see; so far, no logged violations for IGMP.

I believe the outbound violations involving my ISP’s IP’s may have something to do with me having a router. Possibly the router blocking that line of communication. I don’t know.

Any suggestions? I do very much appreciate all the posts so far. Thank you. (:WAV)


Update: Still no logged violations for IGMP after removing those added zones.