Has anybody checked the firewall’s behavior on inbound port scans and noticed
any strangeness? I’m picking up something weird and new on 5.9, an issue I
did not appear to have with 5.8; at least not that I ever noticed.
For instance, tonight, a scan of my first 1056 ports produced a firewall alert telling
me that mirc.exe was accepting inbound connections on port 1038, and did I want
to allow or block it. I immediately did a netstat to see what was occurring, and
picked up th following:
Proto Local Address Foreign Address State PID
TCP local:1038 punch.va.us.dal.net:7000 ESTABLISHED 2668
As you can see, mirc.exe did have an active connection up, but it was an outbound
connection with a local port of 1038 and a remote port of 7000.
Naturally, mirc.exe is not configured to listen for any connections on that port.
My firewall rule for mirc.exe hasn’t changed since 5.8. As a matter of fact, just
for the sake of a test, I imported my old 5.8 configuration into 5.9. The result
was the same. The only rule I have set for inbound connections to mIRC is for
ident on port 113, and that port only listens for a few seconds while the main
connection is being established.
The issue is repeatable. In addition, if I close things down, restart the PC.,
fire up mirc, and re-run the scan, the firewall produces and inbound alert on
whatever port mirc happens to be using the next time for the outbound
I think what I’m going to do tomorrow, since the hour is late, is remove 5.9 and
reinstall 5.8 to see if I can reproduce the issue. I might also see if I can duplicate
this with a streaming media connection. I will report my results back to the forum.