Strange source IP in logs...

I don’t know where to post, but since me and Comodo became such close friends, I’ll post here :slight_smile:

I have my network adapter connected to the internet via ADSL-modem. I also have WiFi network card(Ralink 2500), which is set to get internet from the first adapter through internet connection sharing, therefore has the IP-address I also have ad-hoc connection set up with WEP key and right now NOBODY is connected to it(you can see it by attachment “logs.jpg”).

Considering all I’ve said above, I see such log entry: uTorrent allowed from to xxx. HOW IT CAN BE ?? :o Please, look at the attachments for current logs and current rules for applications.

And the second question, if you don’t mind: what do mean such entries like these on the attachment “logs.jpg” including “Windows operating system” words?

[attachment deleted by admin]

I can answer your questions about the logs;
That is all very normal with P2P software, It wouldn’t be unusual for those “Intrusion attempts” to continue raising for a few days. It’s nothing to be worried about… It’s just other p2p apps pinging you trying to see if you have the files they want to download.

Hm… Thanks for your answer. Then I’ll try to stay calm :slight_smile:

But what means that uTorrens connects from It’s my WiFi network, which is NOT connected. How it can be?

all I can say - try to type ind command prompt “ipconfig /all” and look which network adapter really belongs this IP. If none of yours adapters - then someone else =)
if yours and REALLY WiFi, then it is strange.

Do you think I’m not sure in my Wireless card IP? :slight_smile: Well, anyway, as the card was not connected to anyone - ipconfig gives only this:

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Ralink RT2500 Wireless LAN Card
   Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX (corrected by me)
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

And here are its properties(see attachment). So… what will be your opinion, people? :slight_smile:

[attachment deleted by admin]

You misunderstood me.
Does your LAN connection have IP = ? Or it has different Address range? I’m talking about adapter, that has connection with ADSL.

My adsl network card IP is My adsl modem works as a bridge,so my network card ‘looks’ directly in the world,and has this IP(which it got automatically from provider-so it’s dynamic)
You can see some records with similar IP in the log above,specified in destination column.

Any suggestions?

Lets clear your configuration!
Telephone Line → ADSL-modem → PC Ethernet.
Is this correct? Anyway, i think you have a private subnet between PC and ADSL. So does IP belongs to this subnet? May be to a PC?

Yes, you’re right. See attachment, there is how my home network is made up.

I do NOT have any private networks between PC and ADSL, because my modem is set up to work as a BRIDGE, not as a router. But for sure I can go to configuration of my ethernet card and set there 192.168.1.XXX and then I can acces my modem web-interface by But it’s not for using inet, it’s for using my modem ONLY.

If I set my ADSL-modem up to work as a router, then modem’s IP will be 87.x.x.x.x(looking into internet) and home, to my ethernet adapter, which will have the IP of 192.168.1.x).

The problem still is that 192.168.0.X - it’s my wireless network’s IP. And how can it appear in the logs when this network is down - I don’t know. Does anyone?

[attachment deleted by admin]

The last I can offer to you - open Command Prompt and type
arp -a
this will show records of ARP cash, there you can find wich MAC corresponded for this IP =)
It’s working only till nearest switch, but if it is in your privet subnet ( then you should see it.

In my example, I have IP 10.151.49.x
then I pinged
after that i typed “arp -a” and now see MAC for

[attachment deleted by admin]

Cool! I’ll try it next time I see such entry in log! :slight_smile:

Thank you very much!

P.S.: By the way, you’re russian, as I can see by “мс” in your screenshot :slight_smile: I’m too :slight_smile: Comodo unites! (V)