Author Topic: Firewall settings  (Read 6536 times)

Atomic Mitten

  • Guest
Firewall settings
« on: October 12, 2003, 11:44:59 am »
Hi Gryphon, can you help me please.Every time I start my pc my Mcaffee firewall shows a log of 100 entries.
My firewall blocks Wan miniport by default.
Should I enable this?
I am attaching a screenshot of the log page.

I'm not sure if MSN messenger needs the Wanminiport or not ?? :-\
Well the bmp file must be too big,so I'll print  what I see in the log.

McAfee Firewall blocked an incoming TCP packet.The rermote address associated with the traffic was
217.42.XX.XX. The remote port was 4444(ephemeral).The local port on your PC was 135.The network adapter for the traffic was"WAN Miniport(IP)"
« Last Edit: October 12, 2003, 11:52:41 am by Atomic Mitten »

Offline Doc Nyar

  • When I call your name, be sure to duck...
  • Gameheaven Staff
  • CEO
  • *****
  • Posts: 4.870
  • No one knows a lot, but combined we do
Re:Firewall settings
« Reply #1 on: October 12, 2003, 12:55:25 pm »
BMP files are not allowed as attachement I think. Try saving the pic in jpg format. That should work.

Atomic Mitten

  • Guest
Re:Firewall settings
« Reply #2 on: October 12, 2003, 01:14:43 pm »
Thanks Doc, yeah I thought that was the problem.
Anyway I printed the log by hand. ;)

Offline gryphon

  • Just me...
  • Administrator
  • Manager
  • *****
  • Posts: 1.733
  • nothing can seem fool to those that winn. ...
Re:Firewall settings
« Reply #3 on: October 12, 2003, 02:50:00 pm »
Does your MSN messenger client start by default on your PC ?

And is the 217.xx.xx.xx IP always the same ? Port 135 shouldn't have access to the internet. Did you always have this ?
And is it with McAffee internet security or with just the firewall ?
[ the configuration is slightly different that's why I ask ]

I take it you look at your log just after you booted your PC and then find the blocks in your log ? Or do you get firewall warning popups all the time warning you for it ?

If you just find them in your log there isn't any problem I recon. You don't need you WAN miniport [ just your ethernet adapter needs to have access allowed ] and port 135 should be blocked to the internet.
Expect anything, and life will become boring...

Atomic Mitten

  • Guest
Re:Firewall settings
« Reply #4 on: October 12, 2003, 05:52:54 pm »
Yes my msn starts by default.I'm not sure if the ip always the same is,I will watch it.I have Mcaffee firewall only.
No I don't get pop ups.Just in the log.

Offline gryphon

  • Just me...
  • Administrator
  • Manager
  • *****
  • Posts: 1.733
  • nothing can seem fool to those that winn. ...
Re:Firewall settings
« Reply #5 on: October 12, 2003, 06:00:03 pm »
if it's in the log's it should be fine.

Is your MSN messenger able to connect online ?
If not try giving it full access in McAffee .. .
Expect anything, and life will become boring...

Atomic Mitten

  • Guest
Re:Firewall settings
« Reply #6 on: October 12, 2003, 06:09:24 pm »
Messenger works fine.I was just curious about the logs entries.

Offline gryphon

  • Just me...
  • Administrator
  • Manager
  • *****
  • Posts: 1.733
  • nothing can seem fool to those that winn. ...
Re:Firewall settings
« Reply #7 on: October 12, 2003, 06:17:44 pm »
depending on the source it could be anything. [ meaning a legit attempt to identify your computer or a less legit one. ] Port 135 is one of the famour Windows netbios ports. If you are directly connected to the internet it is probably a worm.
[ emagine this, security emails are comming in again sind this Monday or so that the RPC worm isn't stoped yet, to be more precies,. . . patched systems still appear to be vounerable for it. .  . we are just waiting now for the next guy who think's it's funny to exploid it and the whole mess starts over again .. ..]

McAfee is supposed to block those ports [ 135 - 140 ]. And without knowing the source at this time I can't tell you if they are or are not legit . .
Expect anything, and life will become boring...

Offline gryphon

  • Just me...
  • Administrator
  • Manager
  • *****
  • Posts: 1.733
  • nothing can seem fool to those that winn. ...
Re:Firewall settings
« Reply #8 on: October 13, 2003, 01:33:31 am »
looking at the current prefered ports to scan I am not supprised you have a lot of 135 scans. :)

http://isc.incidents.org/
Expect anything, and life will become boring...

Atomic Mitten

  • Guest
Re:Firewall settings
« Reply #9 on: October 13, 2003, 10:03:58 am »
What is epmap ? I see what you mean now thanks.Good job I asked you first, before I allowed port 135.lol ;)

Offline gryphon

  • Just me...
  • Administrator
  • Manager
  • *****
  • Posts: 1.733
  • nothing can seem fool to those that winn. ...
Re:Firewall settings
« Reply #10 on: October 13, 2003, 09:31:41 pm »
never allow port 135 access to the internet ! Nor 136, 137, 138 or 139.

this is a short explenation of the things on that port. Port 135 handles remote procedere calls from Microsoft mostly.
« Last Edit: October 13, 2003, 09:33:36 pm by gryphon »
Expect anything, and life will become boring...

RotteVis

  • Guest
Re:Firewall settings
« Reply #11 on: October 13, 2003, 09:43:20 pm »
I?m glad my router blocks those port automaticly

Offline gryphon

  • Just me...
  • Administrator
  • Manager
  • *****
  • Posts: 1.733
  • nothing can seem fool to those that winn. ...
Re:Firewall settings
« Reply #12 on: October 13, 2003, 09:44:55 pm »
lol dude. . . I wonder how you found that out . . . . ;)

make shure you don't have a DMZ configurated . .that would result in the forwarding of that port.
Expect anything, and life will become boring...

RotteVis

  • Guest
Re:Firewall settings
« Reply #13 on: October 13, 2003, 09:46:46 pm »
I never use a DMZ, when I bought my router I left all firewall settings on standard, only added MAC-adress control. Hail to sitecom for making a good working product  8)

Offline gryphon

  • Just me...
  • Administrator
  • Manager
  • *****
  • Posts: 1.733
  • nothing can seem fool to those that winn. ...
Re:Firewall settings
« Reply #14 on: October 13, 2003, 09:48:34 pm »
Hail to sitecom for making a good working product  8)

gryphon remembers an mutual friend of us wardriving infront of your house. . . :-X
« Last Edit: October 13, 2003, 09:49:12 pm by gryphon »
Expect anything, and life will become boring...

RotteVis

  • Guest
Re:Firewall settings
« Reply #15 on: October 13, 2003, 09:50:16 pm »
He never made contact with my wlan. He was trying to get me pissed, went through all the logs and my setting worked perfectly. As far as I don?t post my MAC-adress I?m safe here

Atomic Mitten

  • Guest
Re:Firewall settings
« Reply #16 on: November 20, 2003, 11:32:26 am »
Does anyone know the correct settings for the Mcaffee Firewall version 4.0. I mean which apps should be filtered, which should be blocked and which should be allowed full access to the net.

This seems to be a big issue with alot of members as I have not found this info anywhere on the web.
I bet alot of people don't know what settings to use ?

Offline Doc Nyar

  • When I call your name, be sure to duck...
  • Gameheaven Staff
  • CEO
  • *****
  • Posts: 4.870
  • No one knows a lot, but combined we do
Re:Firewall settings
« Reply #17 on: November 20, 2003, 06:09:41 pm »
Does anyone know the correct settings for the Mcaffee Firewall version 4.0. I mean which apps should be filtered, which should be blocked and which should be allowed full access to the net.

This seems to be a big issue with alot of members as I have not found this info anywhere on the web.
I bet alot of people don't know what settings to use ?

Good question..

Offline gryphon

  • Just me...
  • Administrator
  • Manager
  • *****
  • Posts: 1.733
  • nothing can seem fool to those that winn. ...
Re:Firewall settings
« Reply #18 on: November 20, 2003, 06:49:27 pm »
you might not have found anything on the net as the applications that need access will depend on your own needs.

ok .. that's the crappy answer .. [ which is true in a way but still ].

No application needs full access.. . . and when you are connected to the internet via an ethernet network.

Generic Host can be given acces if you can get a connection, svchost can be blocked just as that DLL Windows file. Windows logon can be blocked. . . wait. . . you can simple block anything. . . just allow DNS and DHCP protocols . . .and if you can't get a connection allow svchost access.
All other things can be filtered or blocked.

Giving applications just the access they need.. . . An internet browser port 80, 443 8000 and 8080 for example. . . .email client port 25 and 110 [ given it's a pop account ]. And so on.. . .so basically it will depend on the application you are using. Most of them won't be needing full access . . justthe ports they are using.
And you can check the manual of the software for that.

If you should notice that an application can't connect. . . check your firewall logs for blocked messages for that application.. . that's a good indication it needs another port. . ;)
« Last Edit: November 20, 2003, 06:50:21 pm by gryphon »
Expect anything, and life will become boring...

Atomic Mitten

  • Guest
Re:Firewall settings
« Reply #19 on: November 20, 2003, 07:31:08 pm »
Thanks ! so basically filter everything and allow access on demand. :)

Offline gryphon

  • Just me...
  • Administrator
  • Manager
  • *****
  • Posts: 1.733
  • nothing can seem fool to those that winn. ...
Re:Firewall settings
« Reply #20 on: November 20, 2003, 08:09:06 pm »
nope. . .you deny everything.  .. and start allowing individual ports for the applications you use and want to have an internet connection.

Directx diag for one will give you an prompt from your firewall.. asking internet access. . . you don't have to allow that one .. . so not on demand. . . just when you want it. . .

Use the full allow option only when there is no other option. . .
« Last Edit: November 20, 2003, 08:09:43 pm by gryphon »
Expect anything, and life will become boring...