I’m still a bit unclear. Will setting up an application block on SPI - cause problems? be pointless? Is it the “block and log all unmatching requests” within “system” in “application rules” that is generating these log events? Perhaps I need a link to a generic example of a global and application ruleset that I can study. I am using a wireless USB modem and I don’t currently have the benefit of a NAT router.
I get a flurry of these “System Idle Process” Blocked TCP logged events from 3 IP addresses that I believe are Comodo servers: 83.170.113.144 85.91.228.132 208.122.24.146 Can anyone confirm that these are Comodo servers and if so why is Comodo trying to contact me? There are a few from other IP addresses but these are the main ones.
Thanks. I got those too. But on further noodling on the internet I found a reference to 208.122.24.146 as: us3.download.comodo.com and 83.170.113.144 as eu2.comodo.com. Still the question: What’s up? why is comodo calling? See also: post by “adric” yesterday reply #17 in Re: Intrusion Attempts [Merged Threads]
I can’t seem to find a connection between the UK2NET and Voxel to Comodo. It’s possible Voxel is Comodo’s ISP, as they are in NYC.
Interestingly, I don’t get the SIP alerts for UK2 or Comodo, but I do get them from Voxel…
I’ll have to analyse this with wireshark.
I don’t know about 15-20 per hour but I get 5-10 per minute… I don’t suppose that’s normal?
Hi :
Hmmm, hope this can help you
If you want fewer alerts :
Go to Summary then choose the Alert Settings Tab and adjust the Alert Frequency Level and enable/disable the 3 check boxes and the press Apply
If you want to disabled the logs :
Go to Miscellaneous → Settings → Logging and the disable the Firewall logging check box and the Defense logging check box and then press Apply
But if I were you I wouldn’t worry at all, it’s better to be alerted than being hijacked or being attacked, well you know what I mean , and take in account that always says BLOCKED
Regards
MiguelAngelXP
(V) (B) (R) (S)
It’s just kind of funny seeing 10000+ blocked events in 24 hours. And they’re all system idle process.
Thanks MiguelAngelXP.
That, unfortunately, is not the issue. The issue was/is finding out why these SIP alerts are being generated. Right now it’s about unsolicited packets, that is, packets sent to ones computer that ones computer did not wish to receive.
Some have already been identified, as I mentioned in an earlier post, they are NetSend messages. Others seem to originate at the ISP, others…
Have you tried to investigate any of the alerts? You could try using something like wireshark or tcpdump to find out what’s causing so many.
I receive around 200 alerts over a period of 3 or 4 days, but I’m on dial-up, so I’m not connected 24/7.
Do you have a UPnP router?
Will do so when I get back home tonight.
How do I tell if the router is UPnP?
You can probably enable/disable UPnP in the router settings.
Is there ANY solution for that? I have the latest comodo firewall version 3.
If I can’t fix that spamming attacks I have to change firewall 
what do you mean? please give us some more details please
I have Windows XP & latest Comodo firewall 3.
The problem is uTorrent + comodo = problems!
It works fine to download with utorrent when I followed the guide in FAQ but when I close uTorrent after finished downloads I get thousands of intrusion attacks on that port that utorrent used!
Please help!
well, seems like other torrent users are trying to connect to you but since there’s no more utorrent running - they just keep being blocked. if that annoys you - turn off logging/popups or don’t use torrent at all. That’s file sharing, not the firewall to blame.
How do I turn of logging for that? I don’t wanna miss real attacks!
This works without any problems in other firewalls so why not in comodo?
I like comodo alot! But if this problem recovers I have to change to another firewall
why do you need these attacks? if you want to turn off popups - go to Miscellaneous → Settings and turn off “Show popups” or something like that. You’ll see no more popups. As for logging - what for? Isn’t it easier just not worrying about the attacks? Comodo is unbeatable from the outside, so no attacker will penetrate you from outside. But if you want to turn off logging - search app and global rules and turn off logging in every rule. I personally use logging only for trouble shooting e. g. if something doesn’t work - this helps me determine what is going on.
(But if you want to turn off logging - search app and global rules and turn off logging in every rule.)
But does that work?? The app (utorrent) is closed when the attacks begins!?