What"s this?
am 08.04.2007 04:42:00 von unknownPost removed (X-No-Archive: yes)
Re: What"s this?
am 08.04.2007 06:09:26 von bullseyeOn Sat, 07 Apr 2007 19:42:00 -0700, BDS wrote:
> Hi,
> If this is the wrong place to post this, I apologize and would
> appreciate if someone would point me to the correct newsgroup.
>
> This is the log from my firewall:
> http://i11.tinypic.com/40ac2us.jpg
>
> Can someone help me understand what is going on here? I get about 10-20
> of these per minute.
>
> Date/Time :2007-04-07 18:45:18
> Severity :Medium
> Reporter :Network Monitor
> Description: Inbound Policy Violation (Access Denied, IP =
> 91.124.195.18, Port = 35865)
> Protocol: UDP Incoming
> Source: 91.124.195.18:4672
> Destination: 192.168.1.66:35865
> Reason: Network Control Rule ID = 5
>
> Help.
This looks like a log from Comodo firewall. Am I correct? WHOIS lookup
shows:
Information related to '91.124.0.0 - 91.124.255.255'
inetnum: 91.124.0.0 - 91.124.255.255
org: ORG-USTC1-RIPE
netname: UA-UKRTELECOM-20061006
descr: JSC "Ukrtelecom"
country: UA
admin-c: ARM3-RIPE
tech-c: DKZ1-RIPE
notify: *******@ukrtel.net
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: AS6849-MNT
mnt-routes: AS6849-MNT
changed: **********@ripe.net 20061006
source: RIPE
Information related to '91.124.0.0/16
route: 91.124.0.0/16
descr: AGGREGATE BLOCK FOR UKRTELECOM
origin: AS6849
mnt-by: AS6849-MNT
changed: *******@ukrtel.net 20061006
source: RIPE
I don't know who your ISP is, but possibly Comodo is causing a
communications problem between your router and ISP. Just a guess. Would
be more helpful if I knew what Rule 5 is specifically.
--
Posted via a free Usenet account from http://www.teranews.com
Re: What"s this?
am 08.04.2007 08:29:08 von unknownPost removed (X-No-Archive: yes)
Re: What"s this?
am 08.04.2007 08:30:27 von unknownPost removed (X-No-Archive: yes)
Re: What"s this?
am 08.04.2007 09:57:05 von Volker BirkBDS wrote:
> If this is the wrong place to post this, I apologize and would
> appreciate if someone would point me to the correct newsgroup.
> This is the log from my firewall:
> http://i11.tinypic.com/40ac2us.jpg
> Can someone help me understand what is going on here? I get about 10-20
> of these per minute.
Yes, it means that you're using software, which you don't understand.
It's useless to log all such things. And I hope, your software does not
show you ridiculous popup windows for each event ;-)
Yours,
VB.
--
"Terror eignet sich mehr als irgendeine andere militärische Strategie dazu,
die Bevölkerung zu manipulieren."
(Dr. Daniele Ganser, 2005)
Re: What"s this?
am 08.04.2007 17:39:33 von Ansgar -59cobalt- WiechersBDS wrote:
> This is the log from my firewall:
> http://i11.tinypic.com/40ac2us.jpg
>
> Can someone help me understand what is going on here? I get about 10-20
> of these per minute.
>
> Date/Time :2007-04-07 18:45:18
> Severity :Medium
> Reporter :Network Monitor
> Description: Inbound Policy Violation (Access Denied, IP =
> 91.124.195.18, Port = 35865)
> Protocol: UDP Incoming
> Source: 91.124.195.18:4672
> Destination: 192.168.1.66:35865
> Reason: Network Control Rule ID = 5
Well, UDP packets from various hosts on the Internet to port 35865/udp
on your computer triggered Comodo's "Network Control Rule 5". Whatever
that's supposed to be.
First step should be to find out why your router forwards this traffic
to your computer in the first place. Your computer has a private IP
address, so it shouldn't receive any unrequested traffic from the
Internet unless there's a good reason for it. Next step would be to find
out what exactly "Network Control Rule 5" is, and why it is in place
(IOW what purpose it serves). Any subsequent action would depend on the
outcome of the aforementioned two steps.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Re: What"s this?
am 15.04.2007 04:24:06 von unknownPost removed (X-No-Archive: yes)
Re: What"s this?
am 16.04.2007 08:52:41 von bullseyeOn Sat, 14 Apr 2007 19:24:06 -0700, BDS wrote:
> Thanks for everyone's help. I found out it was eMule listening for the
> packets. Now I'll try to figure out why.
If you use emaule to download anything, the other IP's will continue to
probe that port for the entire session. If you are on a broadband
connection, that will probably continue until you reboot your computer.
Also, if you attempt to download with emule and don't have a specific rule
created for it, you'll get those alerts from Comodo since the other peer
IPs are not reaching the port emule is listening on. If your emule program
is not running, it shouldn't be listening on that port. In that case, you
might want to check task manager and make sure all the elements for emule
are not running. I know that when I've used Bittorrent or Utorrent, once I
close out the program the IP's will continue to probe until I go offline.
Then, once I go back online, it will stop. You probably also want to
create a specific rule for emule to receive packets at port 35865.
--
Posted via a free Usenet account from http://www.teranews.com