What are these firewall events? (screenshots)

Oh, ONLY CHANGE the “log as firewall even if fired” (screenshot)

Resulting in (2nd screenshot)

Is this correct?

[attachment deleted by admin]

Yes :slight_smile:

Now Firewall events shows (3 screen shots)

(first 2 in this post)

[attachment deleted by admin]

(3rd screenshot)

All screenshots combine to show all firewall events.

[attachment deleted by admin]

Ahh. Thank you very very much. Much appreciated.

What will be the result of this edit? Will this lower the firewall events? Anything beneficial?

Also, in 3rd screenshot (after edit) it shows some things blocked, just like in my original screenshot (following screenshot)

Are these events like port scans or ping attacks or something?

[attachment deleted by admin]

Do you know what are your internet providers DNS servers?
On third screen you have blocked (cant see, is it svchost.exe?) on Domain Name Server port 53 on remote 205.188.146.???
If this is true and your DNS IP is 205.188.146.??? (cant see last number) then you should enable it…

what are you have in “your network zone”? (firewall - common task - My network zones)

“Do you know what are your internet providers DNS servers?”

No, but I can possibly find out if I need to. …

“On third screen you have blocked (cant see, is it svchost.exe?) on Domain Name Server port 53 on remote 205.188.146.”

Yes, the path is as follows:

C:\WINDOWS\system32\svchost.exe - Source IP: 172.167.102.167 -
source port: 2028 - Destination IP: 205.188.146.145 - Destination port 53

“If this is true and your DNS IP is 205.188.146.Huh (cant see last number) then you should enable it”

I need to allow this then? Do I need to contact my ISP (AOL) real quick?

“what are you have in “your network zone”? (firewall - common task - My network zones)”

One moment, I’ll fetch a screenshot.

My Network Zones …

[attachment deleted by admin]

You now see more firewall events

Are these events like port scans or ping attacks or something?

your first picture on this tread is “fishy”

“No, on both sides are your own IP address, but your first picture on this tread is “fishy””

This one?

[attachment deleted by admin]

Sorry, it is not your IP on both side.
Yes like something scanning your ports: 80, 443 etc.

Hi,
When I’m using Stealth Ports Wizard to block all incoming (behind a routeur, but no trouble)

http://img89.imageshack.us/img89/3457/icmpbb8.th.jpg

I’ve these firewall events, is it normal ?

Ty

edit :This happens only when I’m surfing (firefox, ie …)

172.133.58.119
AC853A77.ipt.aol.com
Host unreachable

172.128.0.0 - 172.191.255.255

America Online
22000 AOL Way
Dulles
VA
20166
United States

America Online, Inc.
+1-703-265-4670
domains[ at ]aol.net

Abuse:
+1-703-265-4670
abuse[ at ]aol.net

DAHA-01.NS.AOL.COM
DAHA-02.NS.AOL.COM
DAHA-07.NS.AOL.COM

AOL-172BLK
Created: 2000-03-24
Updated: 2003-08-08
Source: whois.arin.ne

Sorry, must sleep now, see you

I looked up the 205.188.146.145 that was in question in the 3rd screenshot you mentioned I might need to allow if it was my ISP’s, this is the return:

205.188.146.145

Hostname

  nstot.proxy.aol.com

Geo-Location Information

  Country	United States
  State/Region	
  City	
  Latitude	38
  Longitude	-97
  Area Code	0

Thank you salmonela, certainly.

I think that IP is an AOL proxy?

In that cause I should allow this path that was blocked then, correct?

C:\WINDOWS\system32\svchost.exe - Source IP: 172.167.102.167 - source port: 2028 - Destination IP: 205.188.146.145 - Destination port 53

Hello Xw,
Are you in The Netherlands per chance?

Yes but long term rule for svchost.exe should be sourceIP: ANY, source port: 1025-65535 or ANY, Destination IP: Your ISP DNS servers or ANY, destination port: 53
Action: Allow
Protocol: UDP
Direction: OUT

Interesting thread. Curious, have you noticed a “LoadPref” entry (Rsop) in your Windows Event Log? Also, is SYSTEM on your computer using UDPTCP port 139 to LISTEN for communications and sending broadcast packets to x.x.x.255:137 or x.x.x.255:138 on your router?

I am dealing with a similiar problem, not as bad, but slightly troubling.

do u use some torrent client or edonkey client?