I have a lot of these Network Intrusion events in the firewall log. But what am I supposed to do about these? Comodo does not provide much (any?) helpful information.
It does not tell me WHAT process is being blocked, other than Windows Operating System, which is completely useless.
And why are the IP addresses in IPv6 format, while the rest of my system seems to operate in IPv4?
Date Application Action Direction Protocol Source IP Source Port Destination IP Destination Port Alert
5/20/2016 10:07:23 A... Windows Operating System Blocked In UDP 2001:558:1014:f:69:252:96:6 53 2601:640:8300:1712:6ce9:a966:c8f4:982 52612
Ha! So seems like none of the 26 people who have viewed this post so far know what to do either. I would say that qualifies this problem for immediate attention from Comodo developers.
UDP port 53 (remote) is a DNS event.
Normal in most cases.
Connection going to, and replied from ,ports 53 and 953 both UDP, to dns servers, routers (acting as dns servers for your LAN or private network) and occasionally web servers (other forms of name resolutions and reverse lookups).
IPv6 is running on the latest and newer MS OS’s. Internet providers and web servers are becoming IPv6 capable and functional. Some of the programs running on your PC can use IPv6.
These are all listed under the title “Network intrusions” with a red icon in the Comodo Internet Security Premium main window. The activities are all BLOCKED.
I want to figure out WHY they are blocked and WHAT is blocking them. Because maybe I don’t want them to be blocked. If I did block them, maybe I blocked them by mistake. I don’t see why I would block DNS requests in the first place.
The Firewall Events log as presented by Comodo is USELESS.
If Comodo is going to worry users by calling these events “intrusions”, then they need to provide more detail as to what is going on and why.
OK, this has been hanging out here long enough to conclude that no one in the “community” understands what Comodo is showing me.
Looks like my only option is to take it to the real support. Or maybe I have to pay the geek squad to explain it? 88) :-TD
When CIS logs Windows Operating System for incoming traffic it means there is no process listening ( a question that has been answered many a time and nothing a wee search would not have yielded). The IP address belongs to Comcast: 2001:558:1014:f:69:252:96:6 whois lookup information - who.is . Which is your provider. It’s coming from port 53 which is used for DNS. I don’t know why Comcast DNS server sends package that aren’t being requested though.