i am using CIS full suite from a long time. yesterday i got a firewall alert which i have never seen before . so i temporarily blocked it i.e without ticking remember box. i didn’t got the alert again. today i got the same alert again so i blocked it permanently i.e ticked remember box. yesterday when i got the alert i was directly connected to net i.e no router involved and today when i got the alert router was involved. (sometimes i use router so that my bro can access internet on his laptop. i dont use router always coz when i use router the net doesn’t work properly i.e for few min net works properly and for few min i get pages cannot be displayed)
any info on this alert?? should i allow/block it permanently??
win xp sp3 with latest updates
only CIS as security software
local broadband internet 2mbps
directly connected i.e the isp net wire is directly attached to the laptop
attached are the 2 screenshots. firewall alert and network security policy (a rule is there (1st entry) when i permanently blocked the alert)
[attachment deleted by admin]
ssdp upnp multicast, supposed to look for upnp devices on your lan.
The said ip adress is non routable (in english, it cannot be accessed by the wan).
If you don’t want to make a rule (block or allow, it is the same as most people have no reason of using upnp on their lan), disable the ssdp service.
you mean if i allow it or block it, no probs, right??
If you are paranoid, restrict the allowing rule for your ip lan zone, or block it for everything unless you regularly plug new devices on a lan, it won’t change anything (excepting of course the principle that the default behavior for something you don’t know about is always deny, reverting or sharpening the rule AFTER if something essential doesn’t work).
But, again, it is faster to disable ssdp, and more secure generally speaking (and ressources saving) to disable whatever is not needed.
Report, e.g., to:
the screenshots are of when i was connected with the router. now i am connected without router and there are few blocked entries in firewall events. blocked entries are like
windows OS - blocked - ICMP - my ip add - type(3) - ip add - code(3)
like this 4-5 entries are there. 2-3 entries are for IGMP and 2-3 entries are for UDP.
3,3 is destination not accessible, sending back to the requester port not accessible: it is not an issue, and even is rather good (request sent to closed port and refused).
Schematically speaking, some of the icmp requests are to be allowed while others have to be denied.
The global rules set i believe to be right (still cis 3):
the global rules are CIS 4.1 latest default i.e block all incoming connections
thanxx for all the info and help buddy