Question about ARP blocking

Hello, guys.

I wanted to ask a general question about the blocking of ARP protocol. I recently noticed that my firewall is blocking ARP connections since the start of July. Before the month began, I had no problems, and since July 1st, I’ve been getting quite a few entries in the “Network Intrusions” tab of the firewall. Should I be worried? Given that it started fairly recently, and I’ve scanned my computer with a number of anti-malware software, including Malware-Bytes, Avast, Ad-Aware, Spybot S&D, Comodo Cleaning Essentials and Antivirus… And nothing. My computer appears to be in perfect condition. No malicious items detected.

I am attaching a screenshot for the more experienced members of the Comodo community.

Thank you for your assistance.

P.S. Please note that I have whitened out only my IP address in the following picture.

P.P.S. I feel inclined to add that the actual reason for me asking you about this issue is that if you look closely at the last entries in the screenshot, you will see that the intrusions are regular, i.e., they started to occur every hour today. Quite puzzling.

Again, I thank you for your assistance.

Screenshot.

I’m not sure what is causing this but I get it as well. From what I can tell it’s not something to be worried about. So relax. It is down to some internal conflict I guess. Where is Radaghast when you need him? LOL! ;D

When you see the same IP addresses for source and destination then that means that that device did an ARP broadcast. That is normal operation. The only difference is that we now see it logged.

I had the same issue and it was discussed in the following topic

https://forums.comodo.com/firewall-help-cis/firwall-blocking-ip-t96450.0.html

It still dont quite understand that if an ARP broadcast is normal and the Firewall is just logging it, why does it block itand considered anintrusion.`

Like I said in the other topic, it is a little unnerving to open up CIS and see 31 network intrusions.

I tried the advice to set the stealth port wizard to notify me of network connections, but it still is logging a large amount of ARP blocking.

Thanks for your time.

I hear what you are saying, fellows, and I thank you for the quick and accurate responses.

Bitterboy, I understand the gut-twisting feeling when you mouse over the pane and see 31 entries in the “Network Intrusion” tab. But since those are just logs, I say we stop worrying about it and just let it be. Perhaps this function will be removed in then next version, who knows. :slight_smile:

I share my connection with others and have copious amounts of “intrusions” coming from the local network; it’s all chatter.

Do you also get a lot of blocked UDP connections, Eric? The ones with both ports “0”? I noticed I’ve been getting a lot of those as well, mostly when I am using uTorrent.

I know this is straying a bit from the topic of the thread, but I wouldn’t like to create a new one for one question. :slight_smile:

Can you post a screenshot of those UDP connections at port 0?

Apologies for the delay. Here is the screenshot.

Like I said, I am only getting those connections when I am using uTorrent, and rarely (almost never) when I am not.

This is a Gratuitous ARP request that is blocked.
If the source and destination IP are equal in the logging you can ignore these blockages.
In CIS v5 there where 2 options to block ARP spoofing and Gratuitous ARP packets, this last option is missing from the current release and will probably return in the future.

Gratuitous ARPs are uses by a lot of modern OS’s to detect if an IP the got assigned is already used on the network.