Firewall questions

Dman · January 11, 2007, 11:40am

This is what I got from the shields up website:

[b]Probing Your Port 59136

The GRC server is attempting to establish a TCP
connection to Port 59136 of your computer located
at Internet at IP address 222.xxx.xxx.xx[/b]

This is the port my utorrent uses. Is it normal for ports being used to be visable on the net even if you are behind a firewall? Does it pose a security risk?

panic · January 11, 2007, 12:13pm

G’day,

If you had utorrent running at the time, of course Shields Up is going to see the port as open, because it is.

If you are going to use Shields Up to test the status of your ports, please make sure that you have no software running that holds ports open when you are going to run the test. Also, if you are behind a router, or access the internet thorough your ISP’s proxy, Shields Up will actually be testing the status of either of those devices.

Hope this helps,
Ewen

Dman · January 11, 2007, 5:25pm

So it is normal then.

Thanks for the info!

Dman · January 12, 2007, 4:16am

Another question.

Sometimes when I’m using firefox and other applications at the same time, I occasionally get a firewall alert that svchost is trying to use firefox, etc. to connect to the net so I click allow but afterwards my net connection gets blocked and I have to restart to get it working again. The next time it happened I clicked block and the same thing happens. What should I do? Is this a bug or something?

This is what was on the alert log:

[b]Date/Time :2007-01-12 10:05:37
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (IEXPLORE.EXE)
Application: D:\Program Files\Internet Explorer\IEXPLORE.EXE
Parent: D:\WINNT\system32\svchost.exe
Protocol: TCP Out
Destination: 127.0.0.1:10080
Details: D:\Program Files\Mozilla Firefox\firefox.exe has tried to use the Parent application D:\WINNT\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-01-12 10:05:36
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (IEXPLORE.EXE)
Application: D:\Program Files\Internet Explorer\IEXPLORE.EXE
Parent: D:\WINNT\system32\svchost.exe
Protocol: UDP Out
Destination: 202.163.208.31:dns(53)
Details: D:\Program Files\Mozilla Firefox\firefox.exe has tried to use the Parent application D:\WINNT\system32\svchost.exe through OLE Automation, which can be used to hijack other applications. [/b]