Strange ip attempts to connect to

Hello,

I have a series of strange problems which I don’t understand. Hopefully members on Comodo forum can help me out with this.

Everything started two days ago: It was two months before I installed comodo firewall and I were pleased with cfw.And thus I didnt always pay much attention to it. The day before yesterday,I opened it by chance and I suddenly noticed that system and svchost still connecting in.(No broswers and other programs requirng the Internet).Then I changed the default settings because it wouldnt give any popups and defautly allowed all.
Yesterday I kept seeing to it and comodo showed popups that a strange ip attempted to connect my system.exe every several huors.
Today morning,another strange ip tried to connect my system.exe and I blocked it again and just now I still find cfw shows svchost.exe tcp in(No broswers and other programs requiring the Internet). Does that mean a hacker is trying attacking me? Right now I let my antivirus software scan my computer and no virus or malware is found.

HELP,please!

Can you go to Firewall/View Firewall Events/More, find the entries that match the alerts and post screenshot. Without further information. it’s impossible to say much about these connections.

screenshot

[attachment deleted by admin]

Unfortunately, we need to see the ports in use in addition to the single IP address.

For what it’s worth, the IP addresses - 115.172.128.0 - 115.172.255.255 belong to:

FOR GREAT WALL BROADBAND NETWORK SERVICE ACCESS IN GUANGZHOU

Is this your ISP?

Strangely,I am in Shanghai.

Do you mean this?

[attachment deleted by admin]

That’s the port for the svchost connections, what about the system connections? Port 135, RPC, has a lot of nasties associated with it, so it might just be someone scanning for open ports or it may possibly be something more sinister. May I assume you’ve scanned your PC for malware?

I’ve already used avast free and hitman to scan my PC,and no malware was found.
And screenshot for system connections

What kind of Global firewall rules do you have (screenshot please) Firewall/Network Security Policy/Global Rules, as I notice the with the two svchost connections, one was asked and the other was blocked? Pleease also confirm the destination port for all connections.

I’ve do no changes with default rules(cfs).And the screenshots will be given soon.

The screenshot for another alert

[attachment deleted by admin]

Ok, that’s the other svchost connection. By the way, the source and destination addresses are both from the same place BROADBAND NETWORK SERVICE ACCESS IN GUANGZHOU so I guess it is your ISP?

ISP,so does it mean this strange ip was just from the network service provider not a hacker?
And here is a another question :why it often connect to system and svchost and next time what should I do?allow it or block it?

No, it just means it’s coming from somewhere on the same network.

And here is a another question :why it often connect to system and svchost and next time what should I do?allow it or block it?

You haven’t posted the information about the System connections? For now I suggest you run Stealth Ports Wizard with the third option: Block all incoming connections and make my ports stealth for everyone

Will it interfere with my p2p downloading software?

And how about the second one? What’s the difference?

You’ll need to create a rule to allow TCP/UDP In to the port used by your P2P software, and place this rule above the block rule. Here’s a graphical for setting up utorrent, but the principle can be used for any P2P software.

And how about the second one? What's the difference?

In the first screenshot you posted it shows inbound connections to System and svchost. The two subsequent screenshots you’ve posted, only shows information about the two svchost connections.

system

[attachment deleted by admin]

These are inbound connections to one of the Windows file and printer sharing protocols, they’re also from a different source address - somewhere else on the network - are all of the system connections the same? Regardless, I recommend you follow my earlier instructions, as now it seems some connections are getting through, which is probably not a good idea.

Thanks a lot ,I’ve followed your advice and it seems everything comes to peace again now.