What are these firewall events? (screenshots)

[Guest]

[LirvA]

"No, on both sides are your own IP address, but your first picture on this tread is "fishy""


This one?

[salmonela]

Sorry, it is not your IP on both side.
Yes like something scanning your ports: 80, 443 etc.

[Xw]

Hi,
When I'm using Stealth Ports Wizard to block all incoming (behind a routeur, but no trouble)

I've these firewall events, is it normal ?

Ty

edit :This happens only when I'm surfing (firefox, ie ....)

[salmonela]

172.133.58.119
AC853A77.ipt.aol.com
Host unreachable

172.128.0.0 - 172.191.255.255

America Online
22000 AOL Way
Dulles
VA
20166
United States

America Online, Inc.
+1-703-265-4670
domains[ at ]aol.net

Abuse:
+1-703-265-4670
abuse[ at ]aol.net

DAHA-01.NS.AOL.COM
DAHA-02.NS.AOL.COM
DAHA-07.NS.AOL.COM

AOL-172BLK
Created: 2000-03-24
Updated: 2003-08-08
Source: whois.arin.ne

Sorry, must sleep now, see you

[LirvA]

I looked up the 205.188.146.145 that was in question in the 3rd screenshot you mentioned I might need to allow if it was my ISP's, this is the return:

205.188.146.145

Hostname

      nstot.proxy.aol.com

Geo-Location Information

      Country   United States
      State/Region   
      City   
      Latitude   38
      Longitude   -97
      Area Code   0

[LirvA]

Thank you salmonela, certainly.

I think that IP is an AOL proxy?

In that cause I should allow this path that was blocked then, correct?


C:\WINDOWS\system32\svchost.exe - Source IP: 172.167.102.167 - source port: 2028 - Destination IP: 205.188.146.145 - Destination port 53

[Comofo]

Hi,
I'm using Stealth Ports Wizard to block all incoming (behind a routeur, but no trouble)

I've these firewall events, is it normal ?

Ty

Hello Xw,
Are you in The Netherlands per chance?

[salmonela]

Thank you salmonela, certainly.

I think that IP is an AOL proxy?

In that cause I should allow this path that was blocked then, correct?


C:\WINDOWS\system32\svchost.exe - Source IP: 172.167.102.167 - source port: 2028 - Destination IP: 205.188.146.145 - Destination port 53

Yes but long term rule for svchost.exe should be sourceIP: ANY, source port: 1025-65535 or ANY, Destination IP: Your ISP DNS servers or ANY, destination port: 53
Action: Allow
Protocol: UDP
Direction: OUT

[whogivesadayyum]

Interesting thread.  Curious, have you noticed a "LoadPref" entry (Rsop) in your Windows Event Log?  Also, is SYSTEM on your computer using UDPTCP port 139 to LISTEN for communications and sending broadcast packets to x.x.x.255:137 or x.x.x.255:138 on your router?

I am dealing with a similiar problem, not as bad, but slightly troubling.

[ailef]

do u use some torrent client or edonkey client?

[salmonela]

If you don't have any other PCs on your local LAN, then some services should be disabled, also UPnP and SSDP are useless noise makers (see pic)

[ailef]

u can uncheck enable LMHOSTS too.
and snapshots are not large enough to see all the infos.
do u have some process mDNSResponder.exe working on your system?

[salmonela]

Yes, its from Adobe and totally useless for me

Ehh, and If running CFP and do not have any PCs who will share your Internet connection then Windows firewall service should be also disabled...

[LirvA]

"Yes but long term rule for svchost.exe should be sourceIP: ANY, source port: 1025-65535 or ANY, Destination IP: Your ISP DNS servers or ANY, destination port: 53
Action: Allow
Protocol: UDP
Direction: OUT"


Interesting thing: it's now allowing that svchost.exe - it was blocking it before. I didn't change anything.



Also interesting, in my firewall alerts just now, there was an "asked" alert.

Windows Operating System - Action:asked - Protocol:IMGP - SourceIP:172.170.205.191 - DestinationIP:224.0.0.22

... never received a firewall alert asking me to do anything, never seen an "asked" alert before. 

[LirvA]

"do u use some torrent client or edonkey client?"

I hop onto Tor every once in a while .... maybe once a month or so. Downloaded with the Vidalia bundle.

Firefox (FoxyProxy and Tor button add ons) - Privoxy - Tor

[Tags:]