# [SOLVED] 76 intrusions from comodo firewall v5.0



## maxima2k2 (Feb 27, 2007)

Hello, I've used v3.0 before upgrading and this is the first time comodo alerted of a popup named "system" udp, source 192.168.x.x trying to access port 35072 to destination 192.168.x.x to port 35072. I blocked it first, then it kept asking so I finally let it through. Then another name "system" tcp, source 192.168.x.x wanting to access port 29189, 34565, 40709, 45573, 50181, 55301, 59397, 64773, 23814, 7430, and others to destination ip 192.168.x.x to port 35584. I blocked it at first, then everytime it wanted to get through, it gets automatically blocked. Both are inbound connections. Are these IP addresses suspicious? If there okay, how would I unblock them, they aren't listed under network security policy category.


----------



## johnwill (Sep 26, 2002)

*Re: 76 intrusions from comodo firewall v5.0*

Well, the 192.168.x.x addresses are on your local network, so you need to identify the machines/devices they're associated with to see if it's a problem.


----------



## maxima2k2 (Feb 27, 2007)

*Re: 76 intrusions from comodo firewall v5.0*

File sharing is enabled, but I'm not sure how? Before installing SP1 it was always disabled. Under network there are three connections, my laptop, my router, and my family laptop. Currently it doesn't have the green "T" link on the icons because file sharing is disabled now. When I logged on as my user created admin profile, I wanted to run some programs but the shortcuts were located in desktop folder in the limited profile, and it said "denied access" to that folder, so I had to share it. Is that the reason why sharing was enabled under the network category? What would happen to those IP's that I allow from comodo firewall now file sharing is disabled? The same IP is still wants to connect, but it's automatically being blocked, if it's safe is there a way to unblock it?


----------



## johnwill (Sep 26, 2002)

*Re: 76 intrusions from comodo firewall v5.0*

You can configure the subnet in the trusted zone, normally you would trust computers in your network, right?


----------



## maxima2k2 (Feb 27, 2007)

*Re: 76 intrusions from comodo firewall v5.0*

I solved my own problem, I just went to network and sharing and change it to public. Now there aren't any devices listed. Just learned something new, thanks for the assistance though.


----------



## johnwill (Sep 26, 2002)

*Re: 76 intrusions from comodo firewall v5.0*

Thanks for the feedback.


----------



## josephrios546 (Oct 15, 2010)

The configuration options below can be set in LocalSettings.php and can be used to enable or disable certain aspects of the blocking interface.

* $wgSysopUserBans controls the ability for sysops to block usernames. This is true by default. If a sysop tries to block a registered user account and this setting is not enabled, then an error message will be displayed, informing the sysop that the "IP Address does not exist".
* $wgSysopRangeBans controls the ability for sysops to block ranges of IP address. This is true by default.
* $wgAutoblockExpiry controls how many seconds need to pass until a block on an "autoblocked" IP address will expire. The default is 86400 seconds, which is the same as 24 hours (one day)
* $wgBlockAllowsUTEdit controls whether or not a blocked user is able to edit their own user talk page. This is false by default.
* $wgSysopEmailBans and the blockemail user right control the ability for sysops to prevent users from using the Special:EmailUser interface. $wgSysopEmailBans is true by default.
* $wgBlockDisablesLogin controls if blocked users will be allowed to login. This is false by default.
* The hideuser user right controls the ability for sysops to prevent a blocked user from appearing in the block log, the active block list, and the user list.


----------

