More network rule than created

Hello,
I’ve been using the Comodo for a long time and I really like it. After the installation and the first (2?, 4?, x?) start of the PC everything was OK but…
In the last week I noticed, that although I made only 7 rule, every line in the log window talks about the rule 138. An other strange thing: each line says that every logged source IP address is from the domain 1.0.138.0, 2.0.68.0, or 2.0.138.0. The access for some of them is enabled, and denied for others (of course none of my rules contains explicit information about the mentioned domains, so if one of them enables the acces, then all of them should enable, and vica versa, am I right?)
What can be the problem?

Ps.: I run a firewall test (auditmypc.com) and it did not find any open port.

Are you certain it’s not referring to PORT 138?

Can you please post a maximized screenshot fo your network monitor rules and also attach a text file of your logs, so we can try and see what’s happening on your system.

Cheers,
Ewen :slight_smile:

Dear Ewen,

I send what you asked: the rules and the log (unfortunatelly I use the hungarian version of Comodo, but I hope you can orient yourself on it).

Thanks a lot!!!

[attachment deleted by admin]

G’day,

Rules 5, 6 and 7 appear to relate to allowing network traffic within the 148.6.30.X subnet. If this isn’t related to the network you connect to, it needs to be investigated further.

Your logs looks really odd (not counting the fact that they’re in Hungarian ;)).

ODD THING #1
When I rename it to HTM and open the log file in a browser, there are numerous unprintable characters (to be expected from a Hungarian system), but there are numerous Chinese characters scattered throughout.

ODD THING #2
There are references in your logs to a non existant rule 138 (???)

ODD THING #3

Dátum/Idő :2007-07-25 09:31:21 Súlyosság :Alacsony Jelentő :Hálózati figyelő Leírás: Információ (Hozzáférés engedélyezve, IP = 1.0.138.0, Port = 0) Protokoll: UDP Kimenő Forrás: 255.6.0.2:0 Cél: 1.0.138.0:0 Indok:Hálózati szabály ID =138

If I’ve interpreted this correctly, this is inbound UDP traffic from 255.6.0.2 port 0 to 1.0.138.0 port 0 and it was blocked by rule 138. This may have been an attempt to use your system as a relay.

I strongly suggest you lodge a support ticket at http://support.comodo.com (the official Comodo support centre). You will need to register (Your forum registration is not valid on the support centre) before you can lodge a support ticket.

I hope I’ve interpreted this correctly and haven’t made the issue less clear than it should have been.

Let us know how you get on with this.

Hope this helps,
Ewen :slight_smile:

Ewen, thanks for the fast answer!

I know that the rules 5-7 are very permissive: I’am going to modify them as soon as possible.
I am sorry for strange log and the Chinese characters, I had forgotten to check it before I send it.

Yes, this is a very, very odd thing, that is why I write to this forum :slight_smile:

ODD THING #3: yes, your interpretation was excellent!
An other problem is: while the records in the log are “normal” most of them contains IP addresses only from our domain, and none of the “odd IP addresses” (1.0.138.0, etc.) are occure in it.
But when the log starts to refer to the non existant rule 138 all the “normal records” disappear. >:(

Anyway: thanks very much for your help! I try to inform you as soon as the things get clearer!

Greetings from Hungary! (:WAV)
and of course: (V)