port 5900

in the last 2 week i receive alot of block alert on port 5900, port 5900 is VNC but if i dont have vnc can those attack still do someting to my pc?
all those attack are coming from the same ip
accordng to ip-adress.com its warpdriveonline.com but why would they try to access my pc on port 5900 im guessing that its some kind of online backup service.

i am asking because as soon as i started my pc i went to comodo and their was already a block for this and im wondering if it could have infected e while i was starting my pc.

also what start first comodo or the internet connextion?

is the connection attempt TCP or UDP ?

the firewall should initialize before the internet connection.

If your that concerned create a global rule to block in/out TCP and UDP from

the connextion are tcp
i just created 2 rule for in/out for it.

Are you behind a router or you do connect directly to the internet? Are you using a cable or ADSL connection?

cable connection

but can i get infected or can those attack get in when the pc is not in windows when i start my pc?

Warp Drive Networks offer a lot of different services to both company’s and individuals, the fact you’re seeing a connection to a port used by VNC is coincidental, as any service can make use of ports in the dynamic port range (49152–65535) Likewise, just because your seeing these connections doesn’t mean you’re under attack. Unfortunately, when you have a direct connection to the Internet, it’s often the case you will see a lot of ‘noise’ traffic. Out of curiosity, which service, appears in your logs, as the destination (your PC) for these connections?

the destination for all is Windows Operating System

Which means there’s no service available on your PC to intercept the traffic. Basically these packets are being discarded. What are your Global firewall rules - post a screenshot.

for the global rule i did the stealth port wizards and the port you told me to close a few weeks ago in https://forums.comodo.com/firewall-help-cis/255255255255-t79803.0.html

Is logging enabled on the Global Block rule? Also, are you using a p2p application, if so, what port number(s) does it use?

logging is enabled on the Global Block.
i dont use p2p.

When you enable logging for all unsolicited traffic - as that rule does - you can expect to see spurious log entries from time to time. If you want to make sure, use something like Wireshark to look at the raw packets.

thanks Radaghast.

i will leave logging enable because i know not all of those blocked ip are attack but i still see sometimes within a minute 10 or more block from diferent ip on diffenrent port, i might be wrong but those look suspicious.

It’s good to be cautious. If you ever have any doubts, don’t be afraid to ask.