getting worried with IP inbounds

[Guest]

Hello,

I have comodo firewall and recently I have noticed that even with no other
programs running at startup there are dozens of log entries like this one:

Description: Information (Access Granted, IP = 209.133.121.235, Port =
29807)Protocol: TCP
IncomingSource: 90.202.177.58:53292
Destination: 192.168.0.2:29807
TCP Flags: SYN
Reason: Network Control Rule ID = 5

I'm getting worried because the sources are from all over the world and they
all target port 29807. I could configure comodo to stop these but then I
couldn't use bittorrent,so that's not an option.

Could someone please cast some light on what's going on here?
Is this a sign of malware(though I have scanned)?
Thankyou.

 

[Poprivet]

Hello,

I have comodo firewall and recently I have noticed that even with no
other programs running at startup there are dozens of log entries
like this one:

Description: Information (Access Granted, IP = 209.133.121.235, Port =
29807)Protocol: TCP
IncomingSource: 90.202.177.58:53292
Destination: 192.168.0.2:29807
TCP Flags: SYN
Reason: Network Control Rule ID = 5

I'm getting worried because the sources are from all over the world
and they all target port 29807. I could configure comodo to stop
these but then I couldn't use bittorrent,so that's not an option.

Could someone please cast some light on what's going on here?
Is this a sign of malware(though I have scanned)?
Thankyou.

I'm no guru and don't know the actual answer, but:
Hmm, since access is granted, you're correct to wonder. I think the first
thing is to see if it's bittorrent doing the communicating; it might be.
Temporarily unload it or uninstall, whatever it takes, and see if the comms
stop. I have no idea whether BT has to talk with anyone; just surmising
possibilities. But if it stops, then you know the source.

From a Command Prompt:
Try doing a netstat /a and check the connections list.
Also ipconfig /all and note the data.

Those will usually give you fair ideas of at least what's happening.

Hopefully someone will be along shortly with a more finite answer; but
that's what I'd start with.

HTH
Pop`

 

[Guest]

Hi Poprivet,

I tried what you said but it didn't give any new info. I have used autoruns
to disable
everything except comodo but I'm still getting connections from everywhere.
This too strange.

 

[M8RIX]

In all likelyhood, it is torrent clients seeking torrents. Use your
firewall to block that port and open it only when you are actively sharing
torrents.

 

[Vanguard]

Hello,

I have comodo firewall and recently I have noticed that even with no
other
programs running at startup there are dozens of log entries like this
one:

Description: Information (Access Granted, IP = 209.133.121.235, Port =
29807)Protocol: TCP
IncomingSource: 90.202.177.58:53292
Destination: 192.168.0.2:29807
TCP Flags: SYN
Reason: Network Control Rule ID = 5

I'm getting worried because the sources are from all over the world
and they
all target port 29807. I could configure comodo to stop these but then
I
couldn't use bittorrent,so that's not an option.

Could someone please cast some light on what's going on here?
Is this a sign of malware(though I have scanned)?
Thankyou.

Access granted on port 29807. That means you allowed the software
firewall to allow those connections, or specified an application rule
that lets a listening process to accept those connections on that port.
Maybe Commodo's firewall doesn't provide enough details as to what
process is listening on that port to actually accept those connection
requests. You could run "netstat -a -b" in a DOS shell or use Nirsoft's
CurrPorts to see what process is listening on that port.

 

[Guest]

HI Vanguard,

OK, I delved deeper and found I am getting DoS attacks on my Netgear
router(logs). These are coming in on all ports from about twenty addresses.
In comodo it was allowing access in on one specific port, which is what I
mentioned.Since having restored the system Comodo is behaving ok,so that's
pretty much solved.

I have only started having this problem, as far as I know, since I installed
peerguardian2.

Can you advise what to do about DoS attacks, and why am I getting them ??
thanks