worried about IP inbounds

Hello,

I am getting entries in the log that incoming connections from dozens of IPs from all around the world are being granted. This is with no programs running or being loaded at startup except Comodo.

The entry is like:

Date/Time :2007-05-28 13:14:11
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = 68.104.96.86, Port = 29807)
Protocol: TCP
IncomingSource: 68.104.96.86:1247
Destination: 192.168.0.2:29807
TCP Flags: SYN
Reason: Network Control Rule ID = 5

Please can somebody shed some light on what might be happening. I have checked for malware,etc.
And another observation is that all are targetting port 29807.

Thankyou.

Hi Rockie, welcome to the forums.

Can you please post a screen shot of CFPs Network Monitor rules. I ask this, since the Log entry you have posted says “Reason: Network Control Rule ID = 5”. So, it seems rule 5 in the Network Monitor is responsible for this Access Granted… and an Allow NM rule with the Log option on, is very unusual.

Hi Kail,

The port where all the incoming connections are being allowed is open for BitTorrent use, and when I close the B.T client Comodo continues to allow connects through. I’m not sure if this is how it should be?

The info you asked for is attached.

Thanks for looking into this.

[attachment deleted by admin]

Hi Rockie

You’ll need to post another screen shot with NM Rule 5 selected, in order I can see the detail below. But, that’s the Rule that is causing the Log message you’re seeing. BTW Where’s your final Block & Log rule? Without that rule your system is accepting all unsolicited incoming communications (ie. it is wide open - not a good thing). You must restore the final Block & Log Rule of IP In/Out any - any.