Bobbye...Comodo Q

Status
Not open for further replies.

steveow

Posts: 67   +0
Just curious what your thoughts are on this and of course I'll learn something.

I was updating and decided to look at the history of blocked intrusions and as I looked at the last weeks approximately 100 blocked I noticed the IP Sources of blocked intrusions were the following #'s:
192.168.1.66, .65 and .64. Across the description were the Destination IP's and they were always the corresponding IP's. For instance if the source was ending in 1.64 the Destination would be 1.66 and vice versa. What I'm wondering is if these are attempted auto updates from Microsoft that are being blocked? The reason I ask is a friend sent me an itinerary of her trip and I had to open Micro Office. It kept asking me to download Office related programs and when Comodo popped up before the 3rd download I denied the access and then went to Programs and I saw I already had Micro Office installed before I bought the laptop...hmmm? The 2 Office(?) related programs I had just downloaded I erased immediately. If I already have Office then why the extra programs just to open the itenirary?
I don't download many new programs, so I rarely see Comodo's warning screen. I never did view the intinerary. It all might have been OK, but when Comodo popped up I'm taking no chances. I did send it to Comodo for analysis, but have no idea the result.

thanks!
steve
 
Reviewing the firewall log will, at some point, become an obsession. You can't wait to see who tried to get in (FWIN in Zone Alarm) or out (FWOUT in Zone Alarm) SO I will refer you to Firewall Forensics- What am I seeing? which will tell you everything you wanted to know about firewalls, including things you didn't even know you wanted to know~!

It will help the upcoming obsession greatly! As will the following:

Paste the IP in the 'whois' lookup box.[B]http://www.dnsstuff.com[/B]/

This block> IP 192.168.1.xx is for Private Addresses- this is where you find router IPs-but you're getting 'destination' and 'source' confused. I think if you check the Forensics info, it will help clarify this for you. It will also help with the ports.

If you really get hooked, print the entire Firewall Forensics! I did, years ago and still have it but have recovered from the 'obsession.' :)

I don't think Microsoft would be sending update on a private IP.
 
Hey Bobbye,
the destination is 139, which apparently is my NetBios. The Source is 49XXX and 50XXX and I cannot find any info on those #'s. No upcoming obsession for me....I have other obsessions that already take up too much time like vintage tube amplifiers. As long as Comodo does its job I'm good to go. I'll do the IP paste and after that that's it.

thanks, steve
 
From Firewall Forensics:

139-NetBIOS> File and Print Sharing
Incoming connections to this port are trying to reach NetBIOS/SMB, the protocols used for Windows "File and Print Sharing" as well as SAMBA. People sharing their hard disks on this port are probably the most common vulnerability on the Internet.

Attempts on this port were common at the beginning of 1999, but tapered off near the end. Now at the start of year 2000, attempts on this port have picked up again. Several VBS (IE5 VisualBasic Scripting) worms have appeared that attempt to copy themselves on this port. Therefore, it may be worms attempting to propagate on this port.

Your firewall is doing it's job.
 
Comodo is the bomb!

I want to double check on something regarding opening a scam email. ""As long as you don't open up a link inside the email then we are OK? Any possiblilities of phishing or anything?

I'm asking because I opened an email from my bank and then hit delete instead of going back to the inbox page and then check marking many at once and then deleting them all at once. I always try to do it that way. Now there was an email from...lol...SUPERantispyware from the name Sexmailz (a dead giveaway!). So after viewing and deleting a non-important bank email I was now on that SAS scam email. Since I was on the page I decided to view just what kind of words and links they were using to lure the unsuspecting. The emaill had 3 links of clearly defined smut and A link at the bottom that was using ' superantispyware. com/forums........... I have no idea what everything else said because it looked like the Russian alphabet.

A few months ago you referred me to SAS's forums re: their upgraded scans. Those sneaky sob's will try anything.

thanks!
 
""As long as you don't open up a link inside the email then we are OK? Any possiblilities of phishing or anything?

Not OK.
  • Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email unless you are expecting it and have been advised that it is being sent by someone you know. Save to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Steve, I'm going to close this thread now. This is really not the correct forum for discussions of this nature.
 
Status
Not open for further replies.
Back