Strange intrusion attempts

In the past few weeks i had noticed that comodo firewall blocks a lot of intrusion, even 10000 at a session login.I realy dont know what its all about.Down are 2 screenshots for you to understand better what i am talking about.

[attachment deleted by admin]

Do you use a P2P application, like Bittorrent or Emule?

At that moment I wasnt using utorrent at all.That was after 2 hours, using firefox and yahoo messenger, thats all.

So i guess you have utorrent set to the port 56850.

Even when you shut it down, some peers will continue their attempts to connect with you.

No, the rule for utorrent specifies that it only use port 23456.This is the only port set for it, not random ports.

it is also possible that if your internet connection is DHCP, as most peoples are, that some one else had your IP before and had thier P2P set to that port. This could be clients trying to connect to that PC. This port is in the range of Dynamic and/or Private Ports from 49152 through 65535

The only way to see more info would be with a packet capture, then you would have to be able to read and decipher the packet info.

It should calm down after a while no telling how long that will be.

you could create a rule to block this and make sure logging is not enabled. This will eliminate the logging

Hope this helps

[attachment deleted by admin]

I agree with the above post.

I have fttb or optical fiber, different ip each time.In this ss you can see that are different ports, the other one was only with those ports.

[attachment deleted by admin]

It still looks like probable P2P traffic to me Incoming port= 56850
next post Incoming port= random

With this, it is harder to stop the logging you would have to block all Windows operating system with logging disabled. I would not do that unless the logging is affecting your system performance.

Still, the only way to see more info would be with a packet capture, then you would have to be able to read and decipher the packet info.


[attachment deleted by admin]

PS I hope you did not mind me butting in on your thread Pedro

The ip`s are different because i restarted my pc.In the first ss you can see only that port because there were about 50 intrussions on that port, but before that there were still just some random ones.Ok, i will try to see how can a i do a packet capture and hopfully find out what are those.

Forget it. You arrived at the right time :slight_smile:
I was going to say “it still looks P2P traffic”, but i like your version best.


But you understand what OD is saying? You change IP, and now you’re using an IP someone else was using before. So you seem to be getting P2P traffic intended for them.

If you use Wireshark or another Open software we might be able to see if we can find something. You can go straight to the download here. If you want post or send the capture by PM. Most P2P Traffic is encrypted, and can be difficult, however, not impossible to identify. We will need the CFP event log during the same time frame as the capture to help fish out the IPs we are going to look at. You can identify P2P traffic with out this but I don’t have the time. If you send a capture please let us know what program you used


PS I assume there is no router on your end and that you are directly connected to the internet more or less. Because if there was a router doing NAT you probably would not be seeing this traffic.

Ive sent you a capture, frames 87 and 88 on pm.There is no router.I also posted a topic on softpedia forum, and the guys there said that is not a problem, and I also saw some very numerous intrusions, a lot more than on my pc.So after all it seems that is just some p2p traffic coming from the guy who had my ip before me.

I can’t open the capture and you did not tell me what program you used to make the capture


I`ve used wireshark.I opened that file with notepad.

No. Time Source Destination Protocol Info
87 109.784180 TCP 58052 > 46229 [SYN] Seq=0 Win=8192 Len=0 MSS=1440 WS=8

Frame 87 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: b4:ba:20:00:01:00 (b4:ba:20:00:01:00), Dst: Xerox_00:00:00 (01:00:01:00:00:00)
Internet Protocol, Src: (, Dst: (
Transmission Control Protocol, Src Port: 58052 (58052), Dst Port: 46229 (46229), Seq: 0, Len: 0

This is not the info I needed, I need the HEX and the file save as A file readable by Wireshark, but If you are satisfied so am I. I really did not have the time to be doing packet analysis anyway. (:WAV)