I am not sure that this is the proper section to post in as I am new.
I am an experienced computer user. I have been using Comodo Firewall for 3 or 4 months
Currently I am using Vista 32, fully updated and also using AVG Full
I am behind a router, but have a DMZ set up and direct pppoe as I run a FTP.
Also have Apple TV connected to my router.
Now I have never had any problems until 2 nights ago, never had any attempts etc never
Now suddenly, it says that windows operating System is being blocked? always the same IP, sometimes a few other ones. usually 5~20 times a minute.
Did i just accidentally change a setting in comodo < i doubt it > Am I being attacked? I have scanned
my system with 3 different software, nothing comes up, so i am sure my PC is clean.
What is going on. Anyone some help please. I will post what my firewall says.
7/18/2009 12:02:52 AM Windows Operating System Blocked 88.232.212.88 10464 192.168.1.22 4102 UDP
7/18/2009 12:12:45 AM Windows Operating System Blocked 119.230.70.22 10883 192.168.1.22 55455 TCP
7/18/2009 12:12:48 AM Windows Operating System Blocked 119.230.70.22 10883 192.168.1.22 55455 TCP
7/18/2009 12:12:53 AM Windows Operating System Blocked 119.230.70.22 10883 192.168.1.22 55455 TCP
7/18/2009 12:13:28 AM Windows Operating System Blocked 119.230.70.22 14721 192.168.1.22 55455 TCP
7/18/2009 12:13:31 AM Windows Operating System Blocked 119.230.70.22 14721 192.168.1.22 55455 TCP
7/18/2009 12:13:37 AM Windows Operating System Blocked 119.230.70.22 14721 192.168.1.22 55455 TCP
7/18/2009 12:27:51 AM Windows Operating System Blocked 119.147.105.180 58932 192.168.1.22 22 TCP
7/18/2009 12:38:28 AM Windows Operating System Blocked 76.75.125.126 44103 192.168.1.22 4250 UDP
7/18/2009 12:44:46 AM Windows Operating System Blocked 119.230.70.22 50796 192.168.1.22 55455 TCP
7/18/2009 12:44:49 AM Windows Operating System Blocked 119.230.70.22 50796 192.168.1.22 55455 TCP
7/18/2009 12:44:55 AM Windows Operating System Blocked 119.230.70.22 50796 192.168.1.22 55455 TCP
7/18/2009 12:45:30 AM Windows Operating System Blocked 119.230.70.22 54619 192.168.1.22 55455 TCP
7/18/2009 12:45:33 AM Windows Operating System Blocked 119.230.70.22 54619 192.168.1.22 55455 TCP
7/18/2009 12:45:39 AM Windows Operating System Blocked 119.230.70.22 54619 192.168.1.22 55455 TCP
7/18/2009 12:46:34 AM Windows Operating System Blocked 119.228.36.211 45647 192.168.1.22 80 UDP
7/18/2009 12:52:19 AM Windows Operating System Blocked 24.87.189.226 58884 192.168.1.22 41525 UDP
7/18/2009 12:52:21 AM Windows Operating System Blocked 24.87.189.226 58884 192.168.1.22 41525 UDP
7/18/2009 12:52:26 AM Windows Operating System Blocked 70.71.13.16 56091 192.168.1.22 41525 UDP
7/18/2009 12:52:59 AM Windows Operating System Blocked 70.71.13.16 56091 192.168.1.22 41525 UDP
7/18/2009 12:53:01 AM Windows Operating System Blocked 70.71.13.16 56091 192.168.1.22 41525 UDP
7/18/2009 12:53:05 AM Windows Operating System Blocked 70.71.13.16 56091 192.168.1.22 41525 UDP
7/18/2009 12:55:57 AM Windows Operating System Blocked 24.87.189.226 58884 192.168.1.22 41525 UDP
7/18/2009 12:55:59 AM Windows Operating System Blocked 24.87.189.226 58884 192.168.1.22 41525 UDP
7/18/2009 1:03:16 AM Windows Operating System Blocked 70.71.13.16 56091 192.168.1.22 41525 UDP
7/18/2009 1:03:18 AM Windows Operating System Blocked 70.71.13.16 56091 192.168.1.22 41525 UDP
7/18/2009 1:03:22 AM Windows Operating System Blocked 70.71.13.16 56091 192.168.1.22 41525 UDP
Welcome to the forums.
Looks like a few things are happening here.
There are at least two possibilities, you have used Stealth Ports Wizard or you have been using some P2P software that is no longer running but other hosts are still looking for “you”.
On the other hand i also see a port probe for TCP 22 that is not a normal port on Windows (SSH Server) and that suggests that you system is configured as a DMZ host, and therefore receives all traffic destined to your external ip address, including all kinds of port scans and other “noise” that floats around the internet constantly.
Do you know what you are running on TCP port 55455, please check the Firewall, Active Connections and see if you can find the application related to that port.
No this is just blocked incoming traffic that the OS has no application for that is listening, so the OS in this case name “Windows Operating System” does not know where to route these packets to, setting Stealth Port Wizard to block all incoming traffic can cause this “noise” or overhead logging, it’s nothing to worry about.
It’s just logging traffic that is otherwise would have dropped anyway.
You can setup special rules so this traffic no longer get’s logged.
One more question.
In my network zones I have 3 local area networks: #1 IP 192.168.0.10/255.255.255.0 #2 IP 192.168.56.1/255.255.255.0 #3 IP 169.254.5.142/255.255.0.0
Is this normal? Only the first is my IP. I’m on a cable connection with a modem/router and was never connected any other way.
The first 2 are normal private ip range numbers.
The last one is used if you have DHCP on you network to assign numbers to devices and you fail to get an address from a DHCP server then MS will automatically assign a number from the 169.254 range.
If the current is 192.168.0.10 then you can remove the other two.
this thread relates to my situation, i’ve read all the help files etc and have set network rule for this application to block and NOT log, also have alerts set to very low and don’t log udp, none of this has made ANY difference; I’d be very grateful for suggestions, Thanks,N
Hello Ronny, thanks for your reply: I don’t seem to be able to get a screen shot, I 've put a couple up previously under “stealth ports” but It took a lot of fiddling and now won’t work at all. I changed the application rule to block don’t log for “system”, I also set alerts to" very low", no alerts for" udp". The global rules are not changed, I have only the preset ones. I’ll try a screenshot again but don’t hold out much hope; I’m not computer savvy and am obviously doing something wrong. N.
As I said in your other thread, the traffic you’re seeing is NetBIOS chatter and is being generated by the other computers on your network.
If you need to share files and printers with these other computers, then you will need to create a trusted network for each of them. This will allow the flow of NetBios and other related information to pass unimpeded.
If you have no need to share anything, then I suggest you disable NetBIOS on the properties of the network adapters on each of the machines, you really don’t want NetBIOS traffic flowing out on to the Internet.
You can also add a simple global rule and place it just above your final block rule
Action = Block without logging
Protocol = UDP
Direction = In
Source Address = Any
Destination Address = Any
Source port = 137
Destination port = 137
You could do then same for 138 and 139…
or you could create a port set which includes 137, 138 and 139 as well as 445 and instead of a single port as the source and destination use the port set.
Hi, Quill thanks for the reply, I’m on an open wireless connection, and only have one computer, don’t need to share at all. When I look under ‘network’ only my computer is shown, even under ‘view computers and devices’. There may be no others on here most of the time. Anyway I’ll see if I can set a rule as you suggest. Thanks again for your help, N.
Making progress, Quill: re your reply 12 thats the answer, I set up a rule for port 137 and now have no alerts from that port, so now I’ll do as you suggest and make a set with that rule and I presume it’s good to leave the netbios disabled? everything seems to be working just fine. Thanks for cracking the problem, I thought that as the alerts were coming from ‘system’ it would be in application rules, I appreciate your help, N.
