# firewall alerts question.



## kesuki (Aug 27, 2007)

recently I switched firewalls from mcaffee to comodo and comodo has shown way more allerts (mostly for software reasons) but i am somewhat concerned about outbound broadcasts coming from my machine to 192.168.1.255 on port 6646. now i know that the ip is a shortcut to broadcast packets to all machines on 192.168.1, but couldnt find any reason why they'd be broadcasting about once a day on that specific port. does anyone know if that specific port is being used by mcaffe (which i as still using as an av software) or could it be somthing more malicious that mcaffe hasnt caught onto yet?

I also would like to know if there is a way to stop windows from trying to resolve computer names over ports 137/138 since i had to set a non logging block for all the automatic attempts by windows to broadcast and resolve its computer name (with any computer on the local network) disabling sharing doesnt stop windows from broadcasting the machine name and i'd like to have a better solution than a non logging block rule in comodo since i could be non logging external hacking attempts over those ports. 

mcaffee also had an alert log about real-time av protection being enabled on 8/24, but there was no reason why real-time should have been disabled (my parents didnt disable real-time checking, and neither did i, but mcaffe had to have the protection re-enabled on 8/24) and apparently when we updated mcaffee their firewall was reimplemented because its showing a number of portscans supposedly coming from my isps nameserver on ports commonly used for exploits... (eg:2001 udp, a scan for curry/trojan cow/transcout)


----------



## kesuki (Aug 27, 2007)

I've confirmed that it is indeed mcaffe that's sending those 6646 packets mcaffe is looking for other mcaffee software on the local network. why its doing that at least once a day is beyond me, but apparently mcafee software talks to other copies of mcaffe software...


----------

