Network Defense: Intrusion Attempts my UDP Protocol

Hey guys. I bought a new game and had trouble with my connection. Just reset my router and got a new IP address, and now I am noticing there are intrusion attempts against my network. There is one attempt every ten minutes or so, but it’s not a very smooth pattern. The attempt is made by protocol UDP by the Source IP of 10.10.10.102, Source Port 138 and 137, to my IP address and identical ports of 138 and 137. This is happening under the application, “System”.

I look at my Network Security Policy and I view the application “System”. Here is what I see:

Block and Log UDP In from IP In [10.10.10.102/ 255.255.255.0] To IP Any Where Source Port Is Any And Destination Port Is Any

What is this IP address and why is it blocked? I never touched this setting, and it started to occur after resetting my IP address and router. My network is totally protected by WPA, therefore I am the only one who can access it. What are these intrusion attempts? It also seems like my connection with my game got worse.

I have no viruses either, I have scanned multiple times and have always protected my computer with multiple programs. Is it safe to allow that IP address? Why am I just now getting this intrusion attempts?

Please halp!

Welcome to the forums, Strudel!

As a first guess, I’d say that your new game is trying to talk to your PC. But, not knowing anything about how your LAN is set up makes it difficult to say much else.

What does your LAN look like? And what are normal addresses on your LAN? Most folks have addresses in the 192.168.x.x range, but that doesn’t seem to apply to your setup.

Hey grue, thanks for responding. As of now, I am no longer worried about the game. I am just concerned with these intrusion attempts. When I reset my router, the lady at linksys customer support, who knew very little, had me change my IP to 10.10.10.101. This seems very strange to me. Why did she give me such a strange IP? Why am I getting these intrusion attempts? I am very worried, please halp!

Two things that will help me to answer your questions:

First, what is the make and model of your router?

And, second, what is the output from running “ipconfig /all” at a command prompt? You can get to a command prompt by clicking Start → All Programs, Accessories, Command Prompt.

Ok, I am really not good with computers at all. I can try running that, but I really don’t want to. If you must know to help me out, then I will. But, how will it tell me what this IP address is? (10.10.10.102) That IP address is the “intruder” that COMODO keeps blocking. The application it is under is System. I never configured that under Network Security Policy. It started happening after resetting my router, which is a Linksys WRT54G2 or something, fairly new, and after resetting and getting my new IP address, I started noticing these intrusion attempts. What is this IP address 10.10.10.102? It seems a little strange it is just a .001 higher than my IP address.

Thanks for the help. Again, if you really need me too, I can run that under the command prompt, but I’d really prefer any other options that may reveal this annoying IP address and its intrusion attempts :o

I’ve looked at the Linksys user guide for the WRT54G2. It is what is called a NAT/router, and needs to connect thru a modem to connect to the Internet. That means that your LAN setup looks something like this:

Internet ---- modem ---- Linksys ---- PC

The WRT54G2, according to the user guide, uses IP addresses in 192.168.1.x range. So you should not be seeing addresses in the 10.x.x.x address range.

The Linksys has wireless capability. Are you connecting your PC to the Linksys by using wireless, or are you using a wired connection?

I still need the information from the ipconfig report. Let’s do this a slightly different way. Click Start → Run, and paste the command line in this code box


cmd /k ipconfig /all > "%userprofile%\desktop\post-this.txt"

into the Run input box. This will open a window, and create a file named “post-this.txt” on your desktop. With your next posting here, just attach that file. Afterwards you can delete the file.