Useless logs

iamme99 · May 20, 2016, 6:21pm

I have a lot of these Network Intrusion events in the firewall log. But what am I supposed to do about these? Comodo does not provide much (any?) helpful information.

It does not tell me WHAT process is being blocked, other than Windows Operating System, which is completely useless.

And why are the IP addresses in IPv6 format, while the rest of my system seems to operate in IPv4?


  Date                          Application                                      Action                          Direction                                   Protocol                                    Source IP                                 Source Port                           Destination IP                                          Destination Port                        Alert
5/20/2016 10:07:23 A...        Windows Operating System          Blocked                        In                                              UDP                                           2001:558:1014:f:69:252:96:6        53                                         2601:640:8300:1712:6ce9:a966:c8f4:982      52612

iamme99 · May 21, 2016, 6:54pm

Ha! So seems like none of the 26 people who have viewed this post so far know what to do either. I would say that qualifies this problem for immediate attention from Comodo developers.

oldsod · May 21, 2016, 8:36pm

UDP port 53 (remote) is a DNS event.
Normal in most cases.
Connection going to, and replied from ,ports 53 and 953 both UDP, to dns servers, routers (acting as dns servers for your LAN or private network) and occasionally web servers (other forms of name resolutions and reverse lookups).

IPv6 is running on the latest and newer MS OS’s. Internet providers and web servers are becoming IPv6 capable and functional. Some of the programs running on your PC can use IPv6.

iamme99 · May 22, 2016, 6:53am

These are all listed under the title “Network intrusions” with a red icon in the Comodo Internet Security Premium main window. The activities are all BLOCKED.

I want to figure out WHY they are blocked and WHAT is blocking them. Because maybe I don’t want them to be blocked. If I did block them, maybe I blocked them by mistake. I don’t see why I would block DNS requests in the first place.

The Firewall Events log as presented by Comodo is USELESS.

If Comodo is going to worry users by calling these events “intrusions”, then they need to provide more detail as to what is going on and why.

iamme99 · June 4, 2016, 1:51am

OK, this has been hanging out here long enough to conclude that no one in the “community” understands what Comodo is showing me.

Looks like my only option is to take it to the real support. Or maybe I have to pay the geek squad to explain it? 88) :-TD

Citizen_K · June 4, 2016, 2:46am

When CIS logs Windows Operating System for incoming traffic it means there is no process listening ( a question that has been answered many a time and nothing a wee search would not have yielded). The IP address belongs to Comcast: 2001:558:1014:f:69:252:96:6 whois lookup information - who.is . Which is your provider. It’s coming from port 53 which is used for DNS. I don’t know why Comcast DNS server sends package that aren’t being requested though.