Router log entries from Cloud

My Router Logs are filling up with the following entries:

59|09/29/2010 13:00:17 |208.116.56.20:4448 |192.168.1.3:4453 |ACCESS FORWARD
Firewall session time out, sent TCP RST: TCP

60|09/29/2010 12:58:37 |208.116.56.19:4447 |192.168.1.3:4526 |ACCESS BLOCK
Firewall default policy: UDP (W to L)

208.116.56.20 and 208.116.56.19 are obviously the Comodo Cloud Servers and they always use ports 4447 and 4448.
192.168.1.3 is one of my LAN computers.

The last entry [60] is obviously an unsolicited attempt by the Cloud Server to make an UDP In connection and my router rightfully rejects it.

But there are lots more of the first entry [59]. However, my Router Firewall reports a time out for them.

Any idea what’s happening here? Why the Router Firewall time out and why the UDP In attempt?

Mark

Bump

I wish someone in the know would address this, because I suspect the Cloud isn’t working properly to be making these entries in my Router Logs.

Are these entries caused by big delays in Cloud Server responses to CIS inquiries?

Mark

Hi Guys,
It’s always CIS which connects to cloud and in case you are seeing any connection back from cloud to CIS, it must be in response to sent request.

Thanks
-umesh

How comes it gets blocked when it is an response? Is the stateful inspection failing? Did we find a bug in CIS?

I’m aware that initially CIS connects to the cloud and these could be responses back.

However, as pointed out one (log entry 60 above) is an UDP IN connection request. That isn’t a response to a CIS cloud connection because if I let the router send it through CIS then blocks it as it isn’t stateful.

You can test this yourselves surely. The Cloud servers aren’t just sending these to me…

The other log entry 59 is a TCP In and looks like there is a delay in these coming back from the servers and my router again doesn’t think they are therefore stateful but sends them through. I’ve no idea if CIS ‘captures’ them or if they just disappear.

My Router Logs are increasing ten-fold since installing CIS v5 and getting worse.
I’m getting hundreds of these in Router Logs now as well:
117|10/01/2010 23:40:56 |208.116.56.22:4448 |192.168.1.3:3712 |ACCESS FORWARD
Exceed MAX incomplete, sent TCP RST: TCP

and these where my laptop is sending a request to the cloud:
10|10/02/2010 05:52:38 |192.168.1.3:2612 |208.116.56.20:4448 |ACCESS FORWARD
Firewall session time out, sent TCP RST: TCP

as well as previously mentioned above:
128|10/02/2010 17:02:36 |208.116.56.24:4448 |192.168.1.2:1993 |ACCESS FORWARD
Firewall session time out, sent TCP RST: TCP

I’m not sure what “Firewall session time out, sent TCP RST: TCP” and “Exceed MAX incomplete, sent TCP RST: TCP” mean exactly.

UDP In connections from Server:4447 have stopped since Saturday 17:30 UT for some reason. Is someone listening ;D
[edited: No they’re back]

Hey, it’s no big deal. I’m just trying to point out what appears to me to be a problem with CIS cloud request and responses.