System port question

My comodo firewall has been showing alerts about my system wanting to connect to 192.168.1.1 and 192.168.1.2
First one is my router and the other one is my desktop.
I’m using my laptop right now.
My system has been trying to connect to Nbname137 and Nbdgram138 and so on.
there has been a few more ports but i dont remember the rest.
Are they safe or should I block them?
How come everytime I use my laptop or desktop I always getting 1000+ blocked intrusions?
Is there something wrong with my connection?

I’m running Comodo Firewall pro v3, Windows Vista Home (NO SP1), firefox, spyware doctor and nod32 av. Sorry I forgot to include those stuff. I am a 1st time user so I’m still blank about this kind of stuff.

Welcome to the forums uhohkimee,just a few questions to kick us off.

Do you share files between your computers?
Do you need to share files between computers?
Have you ran the “Stealth Ports Wizard”?

More than likely all the intrusion attempts will just be router chatter,are a lot of them associated with port 1900.
It might be a good idea to go into your router settings if you haven`t allready and just check stuff like remote access is off.To do this type the router IP into you address bar(192.168.1.1)

Regards,Matty

ps THIS is an excellant thread by toggie which concerns ports 137/138

I don’t really plan on sharing files between 2 computers. How do I fix all those blocked intrusions? I think getting 1k+ is too much. Should I post the firewall events here so you guys can tell me whats going on? I have no idea.

What would be the best setup for comodo firewall? In terms of Network and Proactive defense?

Try editing the rule for System, see if there’s a box ticked that says alert, or something. Untick it.

Run the stealth ports wizard.

Okey dokey,

Lets start with Network issues.“Custom Policy Mode” is the the way to go if you have allready ran most of your programs which require internet access.In this mode any application which is not listed in “Application Rules” will generate an alert from the firewall.
You can also set up your “Application Rules” ie you have a web browser policy for Internet Explorer/Firefox.
Click Firewall/Advanced/Network Security Policy: This will bring up “Application Rules”.To edit an entry right click on it and choose edit,you will get an option window.Here you can choose a pre-defined policy(e mail,outgoing only etc)

To block without log the intrusions it would be ok to make a rule in “Global Rules” and place it at the top.

e.g. In Global Rules:-Block(make sure box for logging is unchecked) TCP or UDP /IN/A Single IP-192.168..(source IP)/Destination IP-Your IP/Source Port **/Destination Port **

Place This at the top of your rules.

Matty

I have made some of my programs into trusted applications. Does that mean it has open access or do I still need to do some changes?

I don’t mind about the logs at all since I want to know whats going on but so far my firewall event logs is filled with alot of blocked stuff that confuses me.

I’ve always use the windows firewall so I’m sorry if I’m asking too much.

Yes in Application Rules “Trusted” allows all incoming and outgoing requests.It may be better to change some to “Outgoing only” and Definately change your browsers and e mail to the pre defined policy.

Matty

ps The only daft question is the one not asked :-TU

I reinstalled CPF and turned off the netbios and upnp and access control from the router. CPF started with training with safe mode on the firewall and clean pc mode on D+ so is that a good setting for new CPF users? I haven’t seen any system alerts too so I don’t know if thats normal or not…

I’m planning to make some of my programs into trusted apps such as steam, yahoo msngr, xfire, wow, ms office, nod32 and some common known programs that ive been using for awhile. I was wondering if this is a good idea or no?

Most applications will be okay with the setting outgoing only,this way only when they initiate a response are they active.Once you are happy with your “Application rules” it would be wise to move the slider up to Custom Policy this way anything not in “Application Rules” will create a pop up.
It should be okay to set these apps as trusted in Defence+ if you know they are from a legit source and dont want to be bothered with pop ups(which can happen with games).

Remember if you get a pop up which your not sure about,BLOCK it but make sure “Remember my Answer” is NOT TICKED this way no rule will be created.

Matty

ps how`s the logging and router situation now?

[attachment deleted by admin]

So far everything is fine… I’ll stick to training with safe mode and clean pc mode for awhile just to get used to CPF. I also made some apps trusted and I gave my other most used apps outgoing only.

My pending files has some stuff thats unknown whenever I do the look up process. What should I do with those unknown files?

Is there anything else I should disable? Is there like a site where I can test my security or something just so I can have an idea.

Thanks for the help! I really appreciate it… it’s good that people respond here so quickly unlike in other forums.

:BNC (:CLP)