hello all.
i have a mystery with my firewall which i sincerely hope someone can solve.
ive just glanced at my summary page in CISv5 and it informs me that i have 4 intrusions blocked.
the application is mozilla firefox.and the destination IP is 91.121.1.211.
does anybody know how i can find out who owns the IP address please.
its weird as ive never had intrusions before since i installed comodo.
is there a utility i can use?
i know i could just block the communication but i would like to know who owns the IP.
many kind regards.
bye. ???
hi ronny.
thank you so much for your reply.
yes ive just looked myself on whois.com.
im still puzzled as to why this is happening.
the source is firefox.
and comodo is blocking this.
could there be something malicious on my computer that im unaware of.?
many thanks to you.
What are the Source and Destination ports involved here, and how is your Firewall policy set for FF?
hi ronny.
the sources vary from 49669 to 51818.different ports in-between those two ports ive mentioned.
firewall is on safe mode and firefox is custom policy.
hope that helps.
many thanks.
And the destination port is 80??
Did you create block rules on the Custom Policy?
hello,
the destination port is 81.
and firefox is configured as web browser.
it has stopped now anyway.
i thought it was a bit weird.
looking in my firewall logs it has been happening for the past four days.
ive set the stealth wizard to block all incoming connections.
theres nothing consistant in the destination ips.
im baffled by this.
many thanks.
Sometimes port 81 us used as alternative http port, there are several websites out there that use this “behavior”… could be legit.