Would anyone find it helpful to start a sticky topic for finding help on understanding the purpose/severity of the different entries that one might find in his/her firewall log?
For example, all I know is that this entry (my web browser) below was blocked. I have no idea what the application is trying to accomplish and if this something to worry about.
Application Action Source IP Source Port Dest. IP Dest.Port
C:..\seamonkey.exe Blocked MyIPAddr 2119 126.96.36.199 8080
If others have similar questions about their log entries, please chime in so we can get a sticky topic started for analyzing some of our occurring incidents.
In your example, it says your browser is accessing the website of a company called “Marathon Consulting” and being blocked because of using port 8080. Port 8080 is a very commonly used alternative to port 80. I have added it to my port list for “web browser” and have recommended to Melih that Comodo do the same.
The inbounds are more problematical, Some are “housekeeping” data from websites you have “visited”. Unfortunately, when you visit a website, it often reroutes you to various other addresses-advertising, hit counters, embedded http sites, … and all of those can try to send you data via a TCP connection. But makes it hard to make any sense out of “whois”. And then there are the others, that seem to make no sense at all. The one thing they seem to have in common in that blocking them does no harm. Most of us have NAT routers, so the unsolicited stuff from sites we have never visited is blocked by your router-disconnect your router and plug your connection directly into your computer if you really want to see a sea of ■■■■. I get a lot of inbound connection attempts when I don’t block them. Ashwebsv.exe is actually my major interface to the internet, since it is a virus checker for internet traffic, and gets a lot of inbound connection attempts. So does “system”, since a lot of the traffic seems to be system to system messages. Hope someone knowledgeable about the structure of the modern World Wide Web can illuminate this-and maybe do it well enough so that Comodo can block it automatically in a future upgrade.
It appears so. My browser gets me where I want to go perfectly well without hanging. Whatever was happening did so under the covers and I was not aware of my browser trying to access ‘Marathon Consulting’. It would be interesting to know which website I visited prompted this action.
Thanks for the explanation. Some of this is starting to make more sense.