From The DHCP Again Thread - Separate topic

hi Toggie,sir pls take a look,I don’t know what these firewall events they are,my web & pc are fine.my CIS is configured for maxi,according to FaZio93.thanks in advantage.
P.S.:these fireall events appeared with the last CIS version,3.9.9…509.

[attachment deleted by admin]

Hi. Are you on a LAN?

thanks for your attention;yes,i’m LAN,optical cable,direct connection on web

Hello Baptistul,

Please create the following GLOBAL rules to remove these alerts from the firewall logging.


Block UDP In Source Any Source Port Any Destination 239.255.255.250 Destination Port 1900
Block UDP In Source Ip Mask 89.0.0.0 / Mask 255.0.0.0 Source Port 68 Destination Single IP 255.255.255.255 Destination Port 67
Block TCP In Source Any Source Port Any Destination Any Destination Port 445

That should result in less logging of the firewall traffic.

Place then near the Global rule you created for UDP 137/138

hello,Mr.Ronny.i did the rules,placed them near the rule 67-68 and it seems it works,i.e.the numbers of those intrusion attempts decreased dramatically.thanks a lot for your concerning for me;i write to Toggie becase my shame to writte again and again to you.i please one more thing:take a look and tell me wich is my IP? my pc tells one number,CIS tells another number.again,I thank you!

[attachment deleted by admin]

If you wish to block all of your NetBIOS ports you may wish to block TCP IN Port 139.

The two Zones you can see are:

127… Loopback (generally needed)
169… This is a default network IP address space. If you have more than one PC on a home lan and the addresses you use for your PC’s do dot fall within this range, you may have to create another zone.

If you only have a single PC you can leave it or remove it…

Your IP Address is shown in your last picture 89.36…

I would also add, check your router udp uPnP settings. Appears you are getting tons off inbound udp uPnP traffic. If you don’t use any uPnP devices, you can block the traffic at the router.

hi every one.DonZ,i have no router anymore,i’m directly connected to web,LAN. Toggie,pls teach me how to make that rule you’re speaking about,since i’m newly in pc.that rule of yours block all NETBIOS ?is it affect my web speed? pls post what should i do to do,of course if you will.thanks a lot.

Just the same as the others bapistul:

Block
TCP
In
Source Any
Source Port Any
Destination Any
Destination Port 139

Hi Baptistul,
It’s absolutely no problem to ask me, if i have no time i will let you know :wink:
So don’t feel ashamed there is no need to.

There is one thing that we have to fix and that is your DHCP settings.
Your Ip address is assigned over the network from your Provider based on DHCP, the current global rules prevent your PC from communicating with the DHCP server.

Find the ip address of the DHCP server using the following commands, open a command-box (start, run, cmd) and press enter now type

ipconfig /all

And find the line that says
DHCP Server…: 83.x.y.z

Can you then please create the following global rule ?

Action: Allow
Protocol: UDP
Direction: In
Description:

Source Address:
Destination Address: 255.255.255.255
Source Port: A Single Port 67
Destination Port: A Single Port 68

And make it the nr 1 rule in the global rules all the way on top.

More information on Global rules and DHCP can be found here

hello Mr.Ronny.first of all thanks for your care.i’d followed your advice,make the rule,set it first rule.my DHCP server is 89.x.y.z,not 83.x.y.z.again,i thank you,have a nice day.

[attachment deleted by admin]

Your welcome…

Now the intrusions should be down to a minimum if you have more questions please feel free to ask.