Definition of "Intrusion Attempts"

Discussion in 'other firewalls' started by hexanol, Jul 4, 2013.

Thread Status:
Not open for further replies.
  1. hexanol

    hexanol Registered Member

    Joined:
    Jul 4, 2013
    Posts:
    1
    Location:
    South Carolina, USA
    Hi all,
    I tried using Comodo Forums for this question. Tho' I can sign in, for the life of me, I cannot figure out how to post a question there. I ran across this place and everybody seemed pretty friendly, so here I am. I hope I'm doing it correctly. I figure the question would be ok here because I assume other security software also would use at least something similar to "Intrusion Attempts".

    When using Comodo Internet Security Premium, the free Comodo Product, a glance at the Summary Tab page reveals to me that "Firewall has blocked 575 intrusion (s) so far" and "Defense+ has blocked 246 intrusion (s) so far".

    Not being an expert at Computer Security in general, I am not sure what to think. "Intrusion" sounds pretty aggressive. If there is an "Intruder" in my home, I will most likely shoot them.
    So I have 575 + 246 of the bastards at my computers door? Who are they? Can I find out? And how did they find out where I live? Why are they attacking me? Can I attack them back?
    There is nothing worse than a hidden enemy.
    When I look at the details of one of the attempted intrusions, and look up the associated IP, it looks like somebody in some foreign country is trying to access my operating system.
    Is the situation really as bad as it looks?
    Do other people have this many "Intrusion Attempts"? Or is it a conspiracy centered on me?
    I have tried to find out what is meant by "Intrusion Attempts", but am only getting vague information.
    Any enlightenment would be appreciated.
    Have a great day!
     
  2. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
  3. MyBlackBox

    MyBlackBox Registered Member

    Joined:
    Jun 28, 2013
    Posts:
    35
    Location:
    Italy
    Generally, an intrusion is an unrequested attempt at contacting a host. When a ping or packet is out of defined firewall rules it is logged as an intrusion.

    Bot, crawlers and scrapers do it by nature... Most probably the intrusions listed on the firewall will be from *.1e100.net or some adserver as akamai.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I believe Comodo is using the term "intrusion" here loosely. Comodo hasn't had IPS capabilty since ver. 4. I never saw response from Comodo on why they eliminated that feature for the firewall.
     
  5. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,694
    Location:
    Zagreb, Croatia
    What do you mean?
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Page down to "Advanced Settings" on this page:

    http://help.comodo.com/topic-72-1-451-4770-firewall-behaviour-settings.html#fw_advanced_settings

    Do you see a setting for Intrusion Prevention? If a firewall has the IPS feature there will be settings on how long to block the attacking IP address, etc. For example, both NAV/NIS/KIS and many other firewalls have a IPS option with corresponding settings. Comodo alludes to the fact the their protocol analysis feature is sufficient. That may be although debatable but there are no options on what to do if a DoS attack is underway. Note that the protocol analysis feature is set to off by default.
     
    Last edited: Jul 8, 2013
  7. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,694
    Location:
    Zagreb, Croatia
    I see.
    Thanks!
     
Loading...
Thread Status:
Not open for further replies.