I got strange inbound connections after using the block all incoming connections (stealth wizard) :o
Ignore ports 67-68, DHCP. Netbois and upnp are disabled. Is this normal ?
[attachment deleted by admin]
Logs file is messed up
COMODO Firewall - Log Viewer Logs
Firewall Events
2011-08-07 08:42:38
Records count
:
358
Date Application Action Direction Protocol Source IP Source Port
Destination IP Destination Port
2011-08-07 00:25:08 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:25:26 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:28:11 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:29:03 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:30:06 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:30:41 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:31:22 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:31:31 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:36:45 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:36:47 Windows Operating System Blocked In UDP
192.168.15.4 138 192.168.15.255 138
2011-08-07 00:36:49 Windows Operating System Blocked In UDP
192.168.15.4 54192 239.255.255.250 1900
2011-08-07 00:36:50 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:36:52 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:36:54 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:36:55 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:36:57 Windows Operating System Blocked In UDP
192.168.15.4 63050 239.255.255.250 3702
2011-08-07 00:36:59 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:01 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:03 Windows Operating System Blocked In UDP
192.168.15.4 49466 239.255.255.250 3702
2011-08-07 00:37:04 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:06 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 00:37:08 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:37:09 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:11 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:13 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:15 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:18 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:19 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:21 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:23 Windows Operating System Blocked In UDP
192.168.15.4 138 192.168.15.255 138
2011-08-07 00:37:25 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:28 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:31 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:34 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:36 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:37:37 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:39 Windows Operating System Blocked In UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:37:41 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:44 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:45 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:47 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:49 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:57 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:37:59 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:00 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:02 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:04 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:10 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:12 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:13 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:15 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:17 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:18 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:20 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:22 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:23 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:25 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:27 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:38:28 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:30 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:32 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:34 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:35 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:37 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:39 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:41 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:42 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:44 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:46 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:47 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:49 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:51 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:56 Windows Operating System Blocked In UDP
192.168.15.4 138 192.168.15.255 138
2011-08-07 00:39:30 Windows Operating System Blocked Out IGMP
192.168.15.6 224.0.0.22
2011-08-07 00:39:32 Windows Operating System Blocked Out UDP
192.168.15.6 53038 239.255.255.250 1900
2011-08-07 00:39:34 Windows Operating System Blocked Out TCP
192.168.15.6 52298 192.168.15.1 55345
2011-08-07 00:39:36 Windows Operating System Blocked Out UDP
192.168.15.6 53038 239.255.255.250 1900
2011-08-07 00:39:39 Windows Operating System Blocked Out UDP
192.168.15.6 53038 239.255.255.250 1900
2011-08-07 00:39:43 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:39:58 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:42:09 Windows Operating System Blocked In UDP
192.168.15.1 67 255.255.255.255 68
2011-08-07 00:42:13 Windows Operating System Blocked In UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:43:56 Windows Operating System Blocked In UDP
192.168.15.4 138 192.168.15.255 138
2011-08-07 00:44:18 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:44:21 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:44:24 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 00:44:51 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:45:19 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:45:25 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:45:28 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:45:31 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:45:34 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:45:54 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:45:59 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:46:07 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:46:28 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:47:57 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:49:26 Windows Operating System Blocked In UDP
192.168.15.4 138 192.168.15.255 138
2011-08-07 00:49:33 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:49:40 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:50:01 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:50:35 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:50:42 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:51:25 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:51:27 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:51:29 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:51:32 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:51:41 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:51:45 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:51:48 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 00:51:51 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 00:51:52 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 00:51:54 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 00:51:56 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:52:43 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:52:46 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:52:49 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:52:52 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:52:55 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:52:59 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:56:25 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:56:28 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:56:31 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 00:57:09 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 00:57:12 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 01:10:10 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 01:10:13 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 01:10:19 Windows Operating System Blocked Out UDP
192.168.15.6 53038 239.255.255.250 1900
2011-08-07 01:10:36 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 01:10:42 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:11:44 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:11:54 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:11:57 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:12:06 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:12:59 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:13:05 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:13:08 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:13:11 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:13:15 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:13:24 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:13:32 Windows Operating System Blocked In UDP
192.168.15.4 138 192.168.15.255 138
2011-08-07 01:13:56 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:14:01 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:14:04 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:14:07 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:14:08 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:14:10 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:15:11 Windows Operating System Blocked Out ICMP
192.168.15.6 Type(3) 8.8.8.8 Code(3)
2011-08-07 01:15:16 Windows Operating System Blocked Out ICMP
192.168.15.6 Type(3) 8.8.8.8 Code(3)
2011-08-07 01:15:21 Windows Operating System Blocked Out ICMP
192.168.15.6 Type(3) 8.8.8.8 Code(3)
2011-08-07 01:16:19 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 01:16:22 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 01:16:29 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:16:32 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:16:45 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 01:17:09 Windows Operating System Blocked Out ICMP
192.168.15.6 Type(3) 8.8.8.8 Code(3)
2011-08-07 01:18:18 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:19:18 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:19:20 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:19:23 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:19:26 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:19:29 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:19:32 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:19:35 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:20:19 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:20:21 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:20:24 Windows Operating System Blocked Out ICMP
192.168.15.6 Type(3) 8.8.8.8 Code(3)
2011-08-07 01:20:28 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:20:31 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:20:34 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:21:25 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:21:28 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:21:30 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:21:32 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:21:34 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
2011-08-07 01:21:43 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:22:16 Windows Operating System Blocked Out UDP
192.168.15.6 53278 224.0.0.252 5355
2011-08-07 01:22:30 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
2011-08-07 01:22:42 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 01:23:30 Windows Operating System Blocked Out UDP
192.168.15.6 51033 224.0.0.252 5355
2011-08-07 01:23:55 Windows Operating System Blocked Out UDP
192.168.15.6 50511 224.0.0.252 5355
2011-08-07 01:24:19 Windows Operating System Blocked Out UDP
192.168.15.6 56143 224.0.0.252 5355
2011-08-07 01:24:44 Windows Operating System Blocked Out UDP
192.168.15.6 57338 224.0.0.252 5355
2011-08-07 01:25:09 Windows Operating System Blocked Out UDP
192.168.15.6 53419 224.0.0.252 5355
2011-08-07 01:25:31 Windows Operating System Blocked In UDP
192.168.15.4 138 192.168.15.255 138
2011-08-07 01:25:58 Windows Operating System Blocked Out UDP
192.168.15.6 59000 224.0.0.252 5355
2011-08-07 01:26:04 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:26:10 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:26:22 Windows Operating System Blocked Out UDP
192.168.15.6 60087 224.0.0.252 5355
2011-08-07 01:26:47 Windows Operating System Blocked Out UDP
192.168.15.6 61916 224.0.0.252 5355
2011-08-07 01:26:57 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:27:00 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
2011-08-07 01:27:06 Windows Operating System Blocked In UDP
192.168.15.4 59170 239.255.255.250 1900
End of The Report
The traffic you’re seeing is quite normal, however, I’d guess your firewall rules are a little messed up, as there appear to be some things being blocked that shouldn’t be. Please post screen-shots of your firewall application and Global rules.
Thanks for the help Radaghast 
I did some searching on those ports. Their are some past vulnerabilities with those ports.
Port 1027 - DCOM ??
https://www.grc.com/port_1027.htm
Port 132 - Netbois
https://www.grc.com/port_137.htm
Port 1900 - UPNP
https://www.grc.com/port_1900.htm
I disabled Netbois and UPNP. Why have them connect Inbound when I am not using them.
What is Code(3) or Type(3) ICMP outbound to Googles DNS. I tried searching, haven’t found anything.
New global rules I am testing for HTTP for now.
[attachment deleted by admin]
DCOM/RPC uses port 135 over TCP. I’m not seeing any events related to this service in the log entries you previously posted.
Port 132 - Netbois https://www.grc.com/port_137.htm
NetBIOS uses ports 137 to 139 over TCP and UDP. You appear to be on a home network, or at least behind a router. In this case, if you’re sharing files or printers, you need to allow NetBIOS traffic between devices on the LAN. Using the Stealth Ports wizard with the first option is the easiest way to enable this.
If you’re not sharing files or printers, you can disable NetBIOS over TCP/IP on the properties of the Network Adapter. However, this still allows direct hosting which uses TCP/UDP over port 445 and should be blocked to the Internet.
Port 1900 - UPNP https://www.grc.com/port_1900.htm
UPnP/SSDP is used by devices such as routers and media players etc. to enable easier configuration and discovery. If, for example you’re using port forwarding on your router, you can use UPnP to perform this task. To fully allow UPnP/SSDP traffic for these services, you need both inbound and outbound UDP port 1900 and TCP 2869.
I disabled Netbois and UPNP. Why have them connect Inbound when I am not using them.
How have you disabled these services?
What is Code(3) or Type(3) ICMP outbound to Googles DNS. I tried searching, haven't found anything.
ICMP Type 3 Code 3 is Destination Unreachable, specifically Port unreachable. it’s not uncommon to see ICMP messages to/from your chosen DNS servers, however, your Global block rule may also be causing some problems here.
With regard to you Global rules, you don’t need to specifically create outbound rules, as this is allowed by default. Your final block rule is also likely to cause you problems, as it’s probably blocking traffic that you need to allow. Personally, I’d use a final block rule that simply blocks IP IN. However, if you do this, you will need to ensure you have ‘Allow IN’ rules above this, for Applications/Processes that need this, such as p2p applications.
What you do need to do is configure your Application rules correctly. Don’t forget, the firewall uses SPI, so traffic received as a direct response to a request, from one of your applications, is allowed by default.
With regard to you Global rules, you don't need to specifically create outbound rules, as this is allowed by default. Your final block rule is also likely to cause you problems, as it's probably blocking traffic that you need to allow. Personally, I'd use a final block rule that simply blocks IP IN. However, if you do this, you will need to ensure you have 'Allow IN' rules above this, for Applications/Processes that need this, such as p2p applications.
I am still tuning Global rule setting. For HTTP, I feel its almost perfect. For P2p I need to tune that.
If I have one global outbound rule that only allows HTTP ports, would other programs still be able to open non-http ports ?
How have you disabled these services?
Netbios open Network connection status —> properties —> IPV4 properties —> Advance —> WINS TAB
Disable Netbios
Or just kill it with Process Hacker.
Upnp can be disabled from start —> run —> services.exe
[attachment deleted by admin]
Because of your final block rule, any process that tries to open a port not covered by your Allow rules will be blocked.
Netbios open Network connection status ---> properties ---> IPV4 properties ---> Advance ---> WINS TAB Disable Netbios Or just kill it with Process Hacker.Upnp can be disabled from start —> run —> services.exe
The inbound UPnP requests appear to be coming from your router (15.1?) and another device on your LAN (15.5):
2011-08-07 00:25:08 Windows Operating System Blocked In UDP
192.168.15.1 1027 239.255.255.250 1900
2011-08-07 00:51:54 Windows Operating System Blocked In UDP
192.168.15.4 1900 239.255.255.250 1900
If you want to block those you’d need to disable UPnP on the router and the other device.
The inbound NetBIOS requests are coming from, what looks like, another PC/device on your LAN (15.4 - I guess your PC is 15.6?)
2011-08-07 00:38:46 Windows Operating System Blocked In UDP
192.168.15.4 137 192.168.15.255 137
2011-08-07 00:38:56 Windows Operating System Blocked In UDP
192.168.15.4 138 192.168.15.255 138
These are local subnet broadcasts for name registration and service advertisments
You’re also blocking inbound DHCP broadcasts, although the requests seem to be from the router, which is curious.
2011-08-07 00:42:09 Windows Operating System Blocked In UDP
192.168.15.1 67 255.255.255.255 68
As well as outbound requests, which you need to allow, otherwise you may fail to communicate with the DHCP server correctly:
2011-08-07 00:45:54 Windows Operating System Blocked Out UDP
0.0.0.0 68 255.255.255.255 67
You’re also blocking LLMNR (A sort of Local DNS):
2011-08-07 01:25:58 Windows Operating System Blocked Out UDP
192.168.15.6 59000 224.0.0.252 5355
Not crucial, I’m just pointing it out.
The most important issue here, is that, all of these inbound and outbound requests, either originate from, or are being blocked by, Windows Operating System. This suggests a problem with Application/Global rules, as the correct processes required for servicing these connections are not being seen.
If you really want to restrict the outbound ports that processes can use, you’re better doing it as an Application rule, that way you control a specific process, instead of the blanket approach you’re currently using, which is likely causing failures.
Thank you for you time Radaghast and analyzing.
I created rules to Allow DHCP in and out. I stop LLMR from the registry, and I will disable Netbios from the other devices because we have no old OS that need Netbios.
I am experimenting with the global rules. I feel the blanket approach is more effective than the normal application rule approach, with the new rules I am able to see standard protocol ( Upnp, Netbios). I can allow Upnp whenever I need it for router firewall punching. I have more control. The global rule allows HTTP Ports - DNS - and specific ports for P2P. If I ever encounter in future programs that require other ports to be open, I can create rules. Such as Tor or games.
You are obviously free to manage rules however you wish, but please understand that you have a problem, because the Windows Operating System pseudo process is acting as the surrogate for the real processes involved in servicing these connections. The two ‘real’ processes responsible for the connections in your log are svchost.exe and system.