[RESOLVED] One IP address is being blocked over and over??

Good morning,

I am starting my second day with CFP and I am more than satisfied.

As a newbie please I hope you will take it easy on me as I start asking questions from time to time.

With that said:

(1) Since installing CFP I have noticed that one particular IP address is constantly being blocked by Comodo. It is listed by ‘DNS Stuff’ as being from my Cable provider (Comcast). In the first 34 entries this morning under ‘View Firewall Events’ in just a matter of minutes this IP address is shown 27 times.

Is this something I should be concerned about? If not, is there a way to put this IP address in some sort of trusted area so it won’t be clogging up my Firewall event logs?

Thanks and regards,

2harts4ever

Can you please post a screen shot of your logs.

Comodo → Firewall → Events.

Hi Kyle,

How’s this:


http://img.photobucket.com/albums/v328/2harts4ever/th_MWSnap001.gif

Thanks and regards,

2harts4ever

Good morning everyone,

After you have viewed my screenshot of my Firewall Event log in the above response is it safe to say that IP address 73.116.116.1 is my Internet Service provider (Comcast IP Services) trying to contact my computer for one reason or another?

If so, and if it is safe to do so, is there a way I can place that IP address in some kind of trusted zone so it doesn’t keep cluttering up my Event log all day long?

Thanks and regards,

2harts4ever

I’m sorry. I think it’s best that I’ll keep my mouth closed and wait for a user that is more experienced with this than I am.

Good luck :slight_smile:

Morning Kyle,

[b]I'm sorry. I think it's best that I'll keep my mouth closed and wait for a user that is more experienced with this than I am[/b]

No problem. I appreciate your responses and especially your willingness to admit your lack of experience on this particular subject. It is better to say nothing than something that is wrong which can cause someone grief at a later time.

As you can see from my posts I am new with CPF. I still have a few other questions but I am trying to wait until I get this one sorted out.

Thanks and regards,

2harts4ever

If you type ipconfig/all in the command prompt it will give you your correct IP address.
I have a router that is why mind is 10.10.1.10
Dennis
EDIT Please do not post your correct IP on the forum

[attachment deleted by admin]

Hi Dennis2,

Please do not post your correct IP on the forum

I didn’t think I did. In the screenshot I provided I thought the source IP was the one coming from Comcast not mine. Am I correct or wrong on that assumption?

Thanks and regards,

2harts4ever

This is a DHCP broadcast response, likely from your Comcast gateway. Easy way to get it out of the log is to add an explicit rule to block and not log inputs from this IP address on port 67 coming into Windows Operating System. You can find WOS under “running processes” when you do an add+select to make the rule. Do you have a global rule that blocks it? Then the explicit block and not log should be added to the global rules instead.
Try block/udp/in/73.116.116.1/any/67/68 with “log” not checked as a global rule.

Did you do ipcofig?
I always though that in DHCP 67 was the remote address, if I am wrong will somebody please correct.
Thank You
Dennis
EDIT Sorry Opps I should have read what I posted above I apologize if I caused any upset.

Morning sded,

[b]This is a DHCP broadcast response, likely from your Comcast gateway[/b]

I was hoping you would say that.

I am all for doing what you suggested so that CPF will not log it when it is blocked in the future.

My problem, quite frankly, is my 66-year-old ‘brain-housing group’ can’t figure out what you are telling me to do.

With that in mind I have a couple questions:

(1) If you have a moment is there any way you could walk me through this ‘step-by-step’?

(2) Also, if you have another moment, could you please tell me if my IP address is showing in the screen shot I posted a few responses above this one. I sure don’t want to be telling the world who I am.

I checked ‘ipconfig /all’ and the IP address ‘ipconfig /all’ shows for me is not anywhere on my screenshot.

However, Dennis2 seems to be thinking it is and right now I am ‘sweating bricks’.

Thanks and regards,

2harts4ever

The message is a broadcast message to all of the IPs connected to your gateway, so none of them appear explicitly. To make the rule, go to firewall/advanced/network security policy/global rules. Click on “add”, and fill in the fields as in the example above, but don’t check “log”. Put this rule ahead of any “block all in” rule you have that might block and log it. Let us know how that works for you, since cable networks have a few added features. BTW, Comodo will protect you even if you post your IP address; just not good policy to invite more attempts. Do you have a NAT router? This would also block unsolicited traffic to your IP, and is a good addition to your security.

Morning sded,

Your directions worked like a charm! That IP is now being blocked … but not being logged.

I appreciate you putting the directions in such a way that my ‘aging mind’ could follow them …lol

[b]BTW, Comodo will protect you even if you post your IP address; just not good policy to invite more attempts[/b]

That is good to know. Thanks.

[b]Do you have a NAT router? This would also block unsolicited traffic to your IP, and is a good addition to your security[/b].

Not that I am aware of … all I have hooked up to the processor is my ‘cable modem from Comcast’ and my External Drive. I’ll have to do a little more research and see what this NAT router is you are referring too.

Not to ‘beat a dead horse to death’ but am I correct that my actual IP address is not showing in the screen shot I posted several responses before this one. The reason I am concerned is because when DennisR responded to my post he said not to include my IP address in my posts. My IP address that shows on ‘ipconfig /all’ isn’t shown anywhere on that screenshot.

I have to go and do some serious honey-do’s right now. I will check back in when I return.

I appreciate all your help you have and are giving me.

Thanks and regards,

2harts4ever

Glad it works for you. The destination address (you) is missing because the message is a broadcast to everyone on the local Comcast network. A NAT router is not critical, but nice to have because NAT rejects the internet noise that is not in response to something you asked for. But Comodo does the same thing; you just need to unlog it sometimes. :wink:

I apologize for the upset I have caused you I have edited my post should have read it again, should have realise remote does not mean your computer :-[
Sorry Dennis

Hi Dennis R and sded,

DennisR: No problem. I didn’t think my IP address was showing but as you can see from my questions I wasn’t sure enough to keep me from asking someone … lol I appreciate you trying to help.

sded: Thanks for the added information and all your help in ‘unlogging’ this one particular Firewall alert.

Hope you both have a great day! :■■■■

Thanks and regards,

2harts4ever
PS: Honey do’s are done for today …lol