I have the free version of CIS (firewall and defense++, usually set to the paranoid level but not always). The firewall is in custom policy mode and I routinely refuse TCP connections from the internet (most of the requests are from IP addresses registered in China).
This is a relatively new installation of XP and should not have any viruses on it (taken with a grain of salt of course). My normal internet connection is a 56k dialup with makes it relatively easy to monitor suspicious IP traffic.
A few times now, I’ve noticed UDP traffic which pops up out of nowhere, going to IP addresses registered with COMODO. The most recent was UDP to the address “no-dns-yet.ccanet.co.uk” and mostly on ports 4447/4448. In the past I’ve seen what appears to be a port scan, but again going out to a COMODO-registered address. I am not using the COMODO secure DNS servers.
Maybe if I see this again I’ll try capturing it with wireshark and see what’s in the packets…maybe it is ASCII?
Do you have any idea what this traffic is and if it represents a problem or not?