Why so many intrustions with Comodo?

Hi, I'm running the latest version of Comodo.

So far I have had about 438 intrusion attempts blocked (in only a matter of a few days). Is this normal?

To me it looks more like outbound attempts but I'm still learning.

My IP is the source each time. Most of the protocalls are IGMP but a few are UDP. Most of the destination IPs are the same and when a port is listed (only a few times) both the source and the destination are 1900.


When I look at my network security policy there are no blocked items except "block and log unmatching requests" that is set for firefox, IE, and Comodo.

By the way, I have a router with an SPI firewall.



Sorry if this is a noobish question.

 

What are the names of the programs being blocked? This is my set up for Windows programs.

 

Are you using Messenger by chance? It will (most common example) use IGMP protocol. Comodo will block this by default, you would need to make an explicit rule to allow it.

As for UDPs on port 1900, this is caused by SSDP Windows' service. It is a peart of Universal Plug'n'Play (automatically opening ports on a router for say online gaming), and it is not needed in most cases.

Whether you want to allow or block both is up to you.

 

A few comments:
1) an "intrusion" is anything incoming that is blocked and logged by CFP3. So to get rid of them, you can just create a rule to block the unnecessary traffic but not log it. The source is often your router, since there can be a lot of chatter in a network.
2) you can reset the counter to zero by turning cfp3 off and on.
3) There is a lot of SSDP (and other) activity even at start up, as part of the network setup. CFP does selective logging, but doesn't ignore everything. Attachment is a Wireshark log of just getting a NIC on the air in a LAN, before anything actually happens. So block and not log the unnecessary crap is a good tool.