I don’t know where to post, but since me and Comodo became such close friends, I’ll post here
I have my network adapter connected to the internet via ADSL-modem. I also have WiFi network card(Ralink 2500), which is set to get internet from the first adapter through internet connection sharing, therefore has the IP-address 192.168.0.1. I also have ad-hoc connection set up with WEP key and right now NOBODY is connected to it(you can see it by attachment “logs.jpg”).
Considering all I’ve said above, I see such log entry: uTorrent allowed from 192.168.0.3 to xxx. HOW IT CAN BE ?? :o Please, look at the attachments for current logs and current rules for applications.
And the second question, if you don’t mind: what do mean such entries like these on the attachment “logs.jpg” including “Windows operating system” words?
I can answer your questions about the logs;
That is all very normal with P2P software, It wouldn’t be unusual for those “Intrusion attempts” to continue raising for a few days. It’s nothing to be worried about… It’s just other p2p apps pinging you trying to see if you have the files they want to download.
all I can say - try to type ind command prompt “ipconfig /all” and look which network adapter really belongs this IP. If none of yours adapters - then someone else =)
if yours and REALLY WiFi, then it is strange.
My adsl network card IP is 126.96.36.199. My adsl modem works as a bridge,so my network card ‘looks’ directly in the world,and has this IP(which it got automatically from provider-so it’s dynamic)
You can see some records with similar IP in the log above,specified in destination column.
Lets clear your configuration!
Telephone Line → ADSL-modem → PC Ethernet.
Is this correct? Anyway, i think you have a private subnet between PC and ADSL. So does IP 192.168.0.3 belongs to this subnet? May be to a PC?
Yes, you’re right. See attachment, there is how my home network is made up.
I do NOT have any private networks between PC and ADSL, because my modem is set up to work as a BRIDGE, not as a router. But for sure I can go to configuration of my ethernet card and set there 192.168.1.XXX and then I can acces my modem web-interface by 192.168.1.1. But it’s not for using inet, it’s for using my modem ONLY.
If I set my ADSL-modem up to work as a router, then modem’s IP will be 87.x.x.x.x(looking into internet) and 192.168.1.1(looking home, to my ethernet adapter, which will have the IP of 192.168.1.x).
The problem still is that 192.168.0.X - it’s my wireless network’s IP. And how can it appear in the logs when this network is down - I don’t know. Does anyone?
The last I can offer to you - open Command Prompt and type
this will show records of ARP cash, there you can find wich MAC corresponded for this IP =)
It’s working only till nearest switch, but if it is in your privet subnet (192.168.0.0/24) then you should see it.
In my example, I have IP 10.151.49.x
then I pinged 10.151.49.16
after that i typed “arp -a” and now see MAC for 10.151.49.16