Hello:
For days I see a port scan of the address 199.66.201.20. I wanted to who owns the IP, and I said it was Comodo Group. Is this common with the new version, or is it for updates?.
What port is being accessed?
20:05:50 Source:192.168.1.2:64744 Destination:199.66.201.21:4447 UDP
20:05:51 Source:192.168.1.2:50813 Destination:199.66.201.21:4448 TCP
20:11:55 Source:192.168.1.2:53626 Destination:199.66.201.21:4447 UDP
20:11:57 Source:192.168.1.2:50904 Destination:199.66.201.21:4448 TCP
20:12:31 Source:192.168.1.2:53628 Destination:199.66.201.21:4447 UDP
20:12:33 Source:192.168.1.2:50905 Destination:199.66.201.21:4448 TCP
20:35:01 Source:192.168.1.2:62737 Destination:199.66.201.21:4447 UDP
20:35:02 Source:192.168.1.2:51326 Destination:199.66.201.21:4448 TCP
Not very well that it is these connections is that I’m trying PeerBlock recently, and it blocks…
Traffic on pors 4447 UDP and 4448 TCP are related to the cloud look up services.
The cloud servers were too late responding to a look up request. The traffic is therefor not being processes by stateful inspection of the firewall as an answer to a request. It is then reported as an incoming access request.
In short nothing to worry about.