Alot of logs are showing up from various IP’s that go a little something like:
Blocked incoming TCP connection request from 218.6.9.49:6000 to ...:1433
Blocked incoming UDP packet from 122.141.75.3:37874 to ...:1026
Blocked incoming UDP packet from 125.211.198.26:42113 to ...*:1027
Obviously the (*) are my IP address…
Are these pings?
Traffic like that is typical junk on the Internet that is trying to locate a machine that isn’t protected. If you connect thru a NAT/router, then that router would block things like this. Since that doesn’t seem to be the case, CFP is doing it’s job in keeping this junk off your machine. It’s bad stuff, and you definitely don’t want it.
Actually, those logs were from my router’s firewall logs. My CFP displays nothing but this:
Windows should be outgoing only. Be sure your router is fully stealthed also.
Then your router is doing the proper job ;D You definitely do not want that stuff coming in from the Internet.
What your CFP log is showing, is normal router broadcasts to your LAN. It’s saying, in effect, “hello everybody, I’m a router, and I’m at 192.168.0.1”. The 224.0.0.1 address is a special broadcast address for all hosts on your LAN, using a method called “multicast”. The multicast address range is 224.0.0.0 thru 239.255.255.255, and is LAN-only. It doesn’t work over the Internet without special handling, which most ISPs don’t provide.
You could add a Global Rule like this
allow protocol IP in&out from zone[my LAN] to zone[multicast]
and have those entries no longer appear in your CFP log. You’d need to create a network zone called “multicast” to use that rule as outlined, or enter the multicast address range in the rule instead.
GRC shows me as fully stealthed, and their pings show up on my hardware firewall’s log and not CFP’s log…does this mean I’m a-ok?
So far as the GRC test is concerned, yes, you’re okay.
One thing I’d strongly suggest, given what malware is doing these days, is to change the router login password if you haven’t changed it from the factory default. There is malware going around that is attacking routers. It’s hard to describe how it happens, but it can and does even with your router being stealthed and no malware on your machine. What has been observed, is that the router DNS settings get changed, and so you would get set up for a man-in-the-middle attack. Changing the router password blocks the changes.
I have a new router password instead of the default (admin isn’t it)? Is that what you mean? Should I change the password more often than that? The name I enter the password under is still Admin, should I change that as well?
You can leave the name Admin unchanged. If you’ve changed the password from the factory default, then you should be okay. You likely need not change it again, just don’t have it be the factory default. It’s not really viable to try to guess passwords over the net, where as something like “admin/admin” isn’t a guess.
