Escalader
October 26th, 2008, 11:04 AM
Hi Stem et al:
From the FW sticky forums see:
-{ Quote: "Dhcp client
Service Name: Dhcp
Process Name: svchost.exe -k netsvcs
Microsoft Service Description: Manages network configuration by registering and updating IP addresses and DNS names
(This is how your computer gets a Dynamic IP address so you can connect to the internet. If Internet Connection Sharing is enabled, you need DHCP Client. Also required for most DSL/Cable connections.)
UDP Ports 67:68
Allow UDP Local port 68 Remote port 67 " }-
I use Dhcp as I have a DSL/Cable with shared router and have disabled DNS. This works fine. But I have questions:
With my current FW I took this sticky port advice and tried to implement it. How? I have failed so far to achieve this!:-[
How do I create a rule allowing svchost.exe -k netsvcs UDP local port 68? if their is no way to put a local port in a rule? Does local imply incoming packet direction?
How do I create another rule allowing svchost.exe -k netsvcs remote port 67? Does remote imply outgoing packet direction?
If these rules can be created then what is not specifically allowed will be denied, right?
On any restricted port list should/how should/can users work these 67/68's in some way to advance PC security?
From the FW sticky forums see:
-{ Quote: "Dhcp client
Service Name: Dhcp
Process Name: svchost.exe -k netsvcs
Microsoft Service Description: Manages network configuration by registering and updating IP addresses and DNS names
(This is how your computer gets a Dynamic IP address so you can connect to the internet. If Internet Connection Sharing is enabled, you need DHCP Client. Also required for most DSL/Cable connections.)
UDP Ports 67:68
Allow UDP Local port 68 Remote port 67 " }-
I use Dhcp as I have a DSL/Cable with shared router and have disabled DNS. This works fine. But I have questions:
With my current FW I took this sticky port advice and tried to implement it. How? I have failed so far to achieve this!:-[
How do I create a rule allowing svchost.exe -k netsvcs UDP local port 68? if their is no way to put a local port in a rule? Does local imply incoming packet direction?
How do I create another rule allowing svchost.exe -k netsvcs remote port 67? Does remote imply outgoing packet direction?
If these rules can be created then what is not specifically allowed will be denied, right?
On any restricted port list should/how should/can users work these 67/68's in some way to advance PC security?