Hi,
This has been driving me crazy!
I have two computers on my home network, both running CIS and Windows XP.
My laptop’s firewall keeps detecting intrusion attempts from my desktop PC.
However, I don’t know what firewall rule is triggering this. How do I find this out?
The Firewall event is:
Application: Windows Operating System
Action: Blocked
Protocol: UDP
Source IP: 10.1.1.3
Source Port: 56502
Destination: 45628
On the desktop PC it appears that Skype is using port 56502. I have recently installed Skype on that PC so believe it may have something to do with this problem
The new default Global Rules will block all incoming traffic (default stealth).
In case you want to allow that traffic there are two ways to go. One is to make your local network a trusted zone or only allow traffic on specific ports.
Hi Eric,
Thanks for your reply. I want to make my local network a trusted zone. I have had this set up for months, but perhaps there is a mistake in my set up. I’ve attached some files of screen prints
My Network Zone as in Firewall Tasks/My Network Zones
firewall/advanced/network security policy/Global Rules for IP in
Easiest way to go is to delete the four rules you made and run the Stealth Ports Wizard (Firewall -->Common Tasks).
When in the Stealth Ports Wizard choose “Define a new trusted network - stealth my ports to EVERYONE else” → Next → select “I would like to trust an existing network zone” → choose your network from the Zone name drop down box → Finish.
Now check Global Rules again and you will see one rule for incoming and one for outgoing traffic. Notice that in the one rule your network is Destination and in the other rule it is Source.
Hi Eric,
Thanks for your reply. I did what you suggested but it didn’t solve the problem.
The global rules created by that wizard are for IP protocol.
However, the problem I am having is firewall blocking events being triggered by the UDP protocol (see my original post).
Some rule must be triggering this UDP blocking. The only blocking rule I see (i.e. marked with a red cross in the list) in Network Security Policy/Application rules is right at the end and is called Comodo Internet Security and is marked as Outgoing Only, so it can’t be that.
So in summary I have two issues:
Identify what rule is causing the blocking to be triggered
Understand what is causing this UDP activity is anyway
After changing the Global Rules to allow for local traffic there needs to be an application listening for that traffic. When there isn’t an application listening it will still be blocked.
Incoming traffic first sees Global Rules and then Application rules; that’s the logic behind the behaviour you are seeing.
There are two ways to get rid off the Skype related traffic. First would be to stop Skype producing this type of traffic; I don’t know if this is a viable solution as I never really used Skype.
Second is to make a Global Rule for Windows Operating System to allow traffic coming from UDP port 56502.