tixati/any torrent app + comodo firewall

First of all, comodo firewall is pretty much just installed, so everything is on default except I set up the firewall on custom ruleset.

I have all my torrent apps configured to use upnp on a fixed port. And all then download and upload with no problems giving access to the port I have configured. After the program is opened for a minute or so, svchost starts to receive incoming connections through a session random port which is not configured(at leas for me and in sight…) . So anyone knows what kind of traffic could be it?

http://s15.postimg.org/6i3hspijv/svc1.jpg

If I deny the access, it keeps trying again and again to the point I have 14k tries at this moment since yesterday.
http://s13.postimg.org/8m4not3zr/image.jpg

Do anyone knows what kind of traffic could be it? Should I just allow it?

thanks in advance.

Is UDP 64537 your fixed torrent port?

No, the fixed port on the torrent clients is 64444 .

Also, the port 64444 has it’s own exception but it’s coming throught tixati.exe / utorrent.exe etc. not from svchost like those ones on the pics.

thanks for your time.

Does your torrent app and network have IPv6 enabled? This might be something to do with IPv6 tunnelling over IPv4… that uses a SVCHOST instance I believe.

Indeed, my pc has teredo / ipv6 on. and yes, after a little test it seems teredo related.

Tixati has 4 modes for it:

  • ipv4 only
  • ipv4 preferred (default)
  • ipv6 preferred
  • ipv6 only

i guess ipv4 preferred loads both. With ipv4 only selected, I don´t see any traffic like above on svchost. As soon as I select ipv4 preferred, closed tixati, wait a little for the connections to time out, open again, the popups start showing again .

thanks.

Any idea how to filter that traffic only when using torrent clients? :smiley: