Author Topic: 255.255.255.255?  (Read 7942 times)

Offline el-diablo123

  • Comodo Member
  • **
  • Posts: 36
255.255.255.255?
« on: December 23, 2011, 01:31:54 AM »
is it normal for a game to try to connect to 255.255.255.255?
the game is world of tank.

thx in advance!

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: 255.255.255.255?
« Reply #1 on: December 23, 2011, 02:49:02 AM »
According to this page, access should be given to the entire subnet. As address 255.255.255.255 is a  broadcast (one to all) I imagine the game client makes some sort of announcement to other clients/servers during play.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

Offline el-diablo123

  • Comodo Member
  • **
  • Posts: 36
Re: 255.255.255.255?
« Reply #2 on: December 23, 2011, 06:21:37 PM »
ok thanks but where does 255.255.255.255 connection go?
is it safe to allow it?

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19571
Re: 255.255.255.255?
« Reply #3 on: December 23, 2011, 06:33:42 PM »
Radaghast. Can you check you provided the proper url in your reply?

The connection to 255.255.255.255 broadcasts to all computers on your local network its presence. I assume the game you are running is capable of playing online. In this case it makes its presence known at your local network. It is needed when you want to play with other people on your local network.

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: 255.255.255.255?
« Reply #4 on: December 23, 2011, 08:18:35 PM »
Radaghast. Can you check you provided the proper url in your reply?

Hi Eric. It's the correct URL. It doesn't explicitly say allow broadcasts, so I was going off point 3 for Outpost and the first point under ISA server. Both seem to imply access should be available to the entire subnet. If it was server specific, there'd be no need for this, but allowing the entire subnet caters for broadcasts...

Quote
3. Open access to the subnet: 213.252.131.0/24 (i.e. all the IP addresses in this range).
Quote
Make sure, that the server's IP's are in the trusted-list: 213.252.131.0/24 (i.e. all the IP addresses in this range);

I'd hazard a guess and say it's for finding the game channels.

“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

Offline el-diablo123

  • Comodo Member
  • **
  • Posts: 36
Re: 255.255.255.255?
« Reply #5 on: December 23, 2011, 08:37:39 PM »
the connection seem to be when im login in when i start the game and when i logout.
and i just look and its on port 20018

and thanks you for your reply
« Last Edit: December 23, 2011, 08:39:22 PM by el-diablo123 »

Offline el-diablo123

  • Comodo Member
  • **
  • Posts: 36
Re: 255.255.255.255?
« Reply #6 on: January 08, 2012, 05:30:39 PM »
i dont know if i should create a new post so im gonna ask here


i see on some game trying to connect to 239.255.255.250 port 1900 and if i block it it try to connect every 5sec until i stop playing.

the game is Dragon Age Origins the game dont have internet play but have a DRM and connect to bioware website to upload my gameplay stats.

i block it because from what i heard port 1900 is not safe and the game still seem to work but im wondering what is 239.255.255.250 port 1900 and why would the game try to connect every 5sec.

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: 255.255.255.255?
« Reply #7 on: January 08, 2012, 05:44:01 PM »
UDP 239.255.255.250/1900 is for UPnP/SSDP and If I'm not mistaken, DAO uses Steam. So, the requests you're seeing are likely for port forwarding. Do you have a router?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

Offline el-diablo123

  • Comodo Member
  • **
  • Posts: 36
Re: 255.255.255.255?
« Reply #8 on: January 08, 2012, 05:57:30 PM »
i have a cable modem .
also in my log i see alot of outbound 10.30.0.1 to 255.255.255.255 that are being block, i search on google and it seem to be normal for cable modem i dont know if the 239.255.255.250 port 1900 could also be something normal for this kind of modem.
« Last Edit: January 08, 2012, 07:00:58 PM by el-diablo123 »

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: 255.255.255.255?
« Reply #9 on: January 08, 2012, 09:56:03 PM »
i have a cable modem .
also in my log i see alot of outbound 10.30.0.1 to 255.255.255.255 that are being block, i search on google and it seem to be normal for cable modem i dont know if the 239.255.255.250 port 1900 could also be something normal for this kind of modem.


A number of ISPs that offer cable services do use addresses from the private IP address range 10.0.0.0/8 and as we mentioned earlier, the 255.255.255.255 address is a broadcast, which is also fairly standard network traffic. You may find, depending on the options available on the modem, a way to prevent these broadcasts.

With regard to the UPnP connections, if you're not using this service, you can disable it and it's related service (SSDP) by running services.msc from start/run and setting:

SSDP Discovery
UPnP Device Host

To stopped and disabled.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

Offline el-diablo123

  • Comodo Member
  • **
  • Posts: 36
Re: 255.255.255.255?
« Reply #10 on: January 08, 2012, 11:11:59 PM »
after i disable them i still see the connexion being blocked.
maybe i should disable all home network related service i dont use it i already disable them in control panel but i still see connection to 239.255.255.250 port 3702 when i start my computer

« Last Edit: January 08, 2012, 11:24:38 PM by el-diablo123 »

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: 255.255.255.255?
« Reply #11 on: January 09, 2012, 12:07:26 AM »
UDP out to 239.255.255.250 port 3702 is Windows Network Discovery, it's a different process to the UPnP service mentioned above. If you want to disable this, you can do so from:

Network and Sharing Centre/Change Advanced Sharing Settings/Network Discovery.

However, even if you 'turn it off' in Network and Sharing Centre, you'll probably still see connections related to this function. The reason for this is because it's not a single service. If you wanted to prevent network Discovery entirely, you'd also have to think about the following:

Computer Browser Service
Function Discovery Resource Publication
Function Discovery Provider host
Link-Layer Topology Mapper
Link-local Multicast Name Resolution
NetBIOS

SSDP Discovery - You've disabled this
UPnP Device Host - You've disabled this

You'll also need to edit some registry entries.

Personally, I'd simply leave it as it is. You're likely to do more harm than good by making all the changes needed to stop, what is a normal part of the Windows Operating System.

If you really don't want to see these connections, create an application rules for svchost that:

Application name - svchost.exe
Action - Block
Protocol - UDP
Direction Out
Source Address - Any
Destination Address 239.255.255.250
Source Port - Any
Destination Port - 3702

If you've enabled IPv6 filtering in the firewall you'll also need

Application name - svchost.exe
Action - Block
Protocol - UDP
Direction Out
Source Address - Any
Destination Address - ff02::c
Source Port - Any
Destination Port - 3702

For SSDP

Application name - svchost.exe
Action - Block
Protocol - UDP
Direction Out
Source Address - Any
Destination Address 239.255.255.250
Source Port - Any
Destination Port - 1900

Application name - svchost.exe
Action - Block
Protocol - UDP
Direction Out
Source Address - Any
Destination Address ff02::c
Source Port - Any
Destination Port - 1900

For UPnP

Application name - svchost.exe
Action - Block
Protocol - TCP
Direction Out
Source Address - Any
Destination Address - Local subnet
Source Port - Any
Destination Port - 2869

For LLMNR

Application name - All Applications Group
Action - Block
Protocol - UDP
Direction Out
Source Address - Any
Destination Address - 224.0.0.252
Source Port - Any
Destination Port - 5355

Application name - All Applications Group
Action - Block
Protocol - UDP
Direction Out
Source Address - Any
Destination Address - ff02::1:3
Source Port - Any
Destination Port - 5355

For Function Discovery

Application name - svchost.exe
Action - Block
Protocol - TCP
Direction Out
Source Address - Any
Destination Address - Local subnet
Source Port - Any
Destination Port - 5357

Application name - svchost.exe
Action - Block
Protocol - TCP
Direction Out
Source Address - Any
Destination Address - Local subnet
Source Port - Any
Destination Port - 5358

I don't think I missed anything, but if I remember anything else, I'll edit the post later.


 
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

Offline el-diablo123

  • Comodo Member
  • **
  • Posts: 36
Re: 255.255.255.255?
« Reply #12 on: January 09, 2012, 09:16:23 AM »
the connextion to 239.255.255.250 every 15sec its safe to just ignore them?

and thanks you
you have been really helpful


« Last Edit: January 09, 2012, 10:03:21 AM by el-diablo123 »

Offline el-diablo123

  • Comodo Member
  • **
  • Posts: 36
Re: 255.255.255.255?
« Reply #13 on: January 19, 2012, 10:29:54 PM »
i have a new question is it safe to allow connection on port 137 138 i have system conecting to those every few minute and i have been told that its not safe and should block it

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: 255.255.255.255?
« Reply #14 on: January 19, 2012, 10:48:09 PM »
i have a new question is it safe to allow connection on port 137 138 i have system conecting to those every few minute and i have been told that its not safe and should block it

If the connections originate and terminate on PCs/devices on your LAN, you may want to allow them, as they're part of Windows file and printer sharing. Beyond that they should be blocked.

If they're inbound, create a Global rule to block TCP and UDP In, ports 137 to 139, or simply run Stealth Ports Wizard with the third option:

Block all incoming connections and make my ports stealth for everyone

If they're outbound create an Application rule for the 'System' process that blocks TCP and UDP Out, ports 137 to 139.

If you're not sharing files and printers, you can also disable NetBIOS on the properties of the network adapter, doing so will disable the ports.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek