Why so many intrustions with Comodo?

Discussion in 'other firewalls' started by phillip559, Mar 24, 2008.

Thread Status:
Not open for further replies.
  1. phillip559

    phillip559 Registered Member

    Jan 4, 2008
    Hi, I'm running the latest version of Comodo.

    So far I have had about 438 intrusion attempts blocked (in only a matter of a few days). Is this normal?

    To me it looks more like outbound attempts but I'm still learning.

    My IP is the source each time. Most of the protocalls are IGMP but a few are UDP. Most of the destination IPs are the same and when a port is listed (only a few times) both the source and the destination are 1900.

    When I look at my network security policy there are no blocked items except "block and log unmatching requests" that is set for firefox, IE, and Comodo.

    By the way, I have a router with an SPI firewall.

    Sorry if this is a noobish question.
  2. Dieselman

    Dieselman Registered Member

    Jan 6, 2008
    What are the names of the programs being blocked? This is my set up for Windows programs.

    Attached Files:

  3. Seer

    Seer Registered Member

    Feb 12, 2007
    Are you using Messenger by chance? It will (most common example) use IGMP protocol. Comodo will block this by default, you would need to make an explicit rule to allow it.

    As for UDPs on port 1900, this is caused by SSDP Windows' service. It is a peart of Universal Plug'n'Play (automatically opening ports on a router for say online gaming), and it is not needed in most cases.

    Whether you want to allow or block both is up to you.
  4. sded

    sded Registered Member

    Jun 4, 2004
    San Diego CA
    A few comments:
    1) an "intrusion" is anything incoming that is blocked and logged by CFP3. So to get rid of them, you can just create a rule to block the unnecessary traffic but not log it. The source is often your router, since there can be a lot of chatter in a network.
    2) you can reset the counter to zero by turning cfp3 off and on.
    3) There is a lot of SSDP (and other) activity even at start up, as part of the network setup. CFP does selective logging, but doesn't ignore everything. Attachment is a Wireshark log of just getting a NIC on the air in a LAN, before anything actually happens. So block and not log the unnecessary crap is a good tool.

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.