Blocked port

[SSri09]

I use win7 64 bit firewall. I have set to block all incoming and outgoing connections unless set by rules. All critical applications/updates are given permissions. I see a series of dropped connections for the following...

2012-09-14 17:33:17 DROP UDP x.x.x.x 8.8.8.8 63398 53 0 - - - - - - - SEND

The destination IP is Google DNS? Remote Port 53.

Any advice would be helpful.

Thanks,
Sundar

[Ring0]

Your network settings is configured to use the IP addresses 8.8.8.8 and 8.8.4.4 (Google Public DNS) as your DNS servers.

[SSri09]

Thanks. But I am using open DNS addresses...

[itman]

Quote:

2012-09-14 17:33:17 DROP UDP x.x.x.x 8.8.8.8 63398 53 0 - - - - - - - SEND

First, the firewall is doing it's job by dropping those packets.

For added security, I would modify the outbound DNS rule to only connect to remote IP addresses for the OpenDNS servers.

Then you have to investigate why something on your PC is trying to connect to the Google DNS servers.

[SSri09]

Thanks. I had gone through Security Audit and narrowed down the issues. Firefox was connecting through Google DNS. That was a strange rule, which I deleted, as the router is configured for OpenDNS.

[SSri09]

Would you set outbound DNS like this?



or would you recommend adding OpenDNS server addresses to the scope of the above outbound DNS rule?

[itman]

Also if that source x.x.x.x is in the 127.0.0.0 - 127.255.255.255 range, then you may have major router issues.

[itman]

See attachment. Shown are NortonDNS addresses.

[SSri09]

My ISP dynamically assigns a single IP address. My vigor router reassigns the IP address to my home computers.

Quote:

127.0.0.0 - 127.255.255.255 range

That's the IPV4 lookback range...

[SSri09]

And Win7 64 already defines a a core networking Outgoing DNS (UDP-Out) for port 53.

Furthermore, if the router is configured for the OpenDNS, why do we need another Outgoing DNS (UDP-Out) for port 53 with scope including OpenDNS addresses (208.67.222.222/220.220)



Defining a rule like this produces a Security Audit Failure as firewall blocks the connection, though it does not block the browser.



I am a little confused here.

[itman]

Quote:

Furthermore, if the router is configured for the OpenDNS, why do we need another Outgoing DNS (UDP-Out) for port 53 with scope including OpenDNS addresses (208.67.222.222/220.220)

Because anything going out of your PC is going to override the router DNS IP addresses.

For example, on my Netopia 3347 router, my DNS server IP addresses are set by default to my ISP provider servers. I also have a DNS server on the router. The router DNS server does most of address resolution with occasional refreshes from the ISP servers.

I added my NortonDNS IP addresses to my WIN 7 LAN connection DNS server entries. That overrides the the ISP DNS server addresses assigned on the router. I beleive this also overrides the router DNS server which leaves WIN 7 DNSCache service to perform all DNS caching on my PC.

The adding of the Norton DNS servers in the WIN 7 DNS firewall rule is just an additional layer of protection to ensure anything leaving my PC DNS wise is going to NortonDNS servers; strictly optional.

BTW - I don't trust my router. It has been hacked by DNS rebind exploits on prior occasions.

[itman]

Quote:

My ISP dynamically assigns a single IP address.

Your referring to the public IP address assigned to the WAN side of your router.

Quote:

My vigor router reassigns the IP address to my home computers.

Your referring to the private DHCP addresses assigned to your network by the LAN side of your router e.g. 192.168.1.1 - 192.168.1.255 or 253 addresses excluding your router and the broadcast address of 192.168.1.255. These addresses are non-routerable private IP addresses. Hence no need to black them out.

[SSri09]

Thanks for the heads-up on the router DNS!

I had set the notebook configuration properly and set the OpenDNS as the DNS address. The notebook was working without any issues.

I was confused after seeing the browsers seeking Google DNS servers on my desktop. I did not realize that the desktop configuration was obtaining DNS address automatically. That's why was getting the UDP-Out 8-8-8-8 dropped connection as firewall was blocking them.

I have now set the OpenDNS server address on my network cards and plugged-in the same on the DNS rule on the win7 firewall as well. Hopefully, the erractic browser connection is resolved with no more Audit failures for the browsers.

The only thing I need to figure out was my home computers not seeing each other on the network. I am unable to make much headway on the homegroup as my router (vigor 2820Vn) does not support IPV6. I have set it up as a Work network with the same group name on all computers. It was fine until the end of August.

[itman]

Quote:

I am unable to make much headway on the homegroup as my router (vigor 2820Vn) does not support IPV6.

For starters, WIN 7 will set up a IPv4 homegroup network by default. No need for a IPv6 router.

Check your WIN 7 firewall rules both inbound and outbound and ensure all network rules are enabled for the profile you are using which I assume is the private profile. You can do that automatically by selecting Windows Firewall from the Control Panel and then selecting "Allow programs to communicate through the firewall" option. Then checkmark Network Discovery.

If the above doesn't work, I would try the various WIN 7 network troubleshooters.

[SSri09]

Thanks. I will check.

[SSri09]

Quote:

Originally Posted by itman

You can do that automatically by selecting Windows Firewall from the Control Panel and then selecting "Allow programs to communicate through the firewall" option. Then checkmark Network Discovery.If the above doesn't work, I would try the various WIN 7 network troubleshooters.

All inbound and outbound connections are blocked except set by rules. Two computers can see each other as a home group as well as on the network but unable to access the folders/files. Homegroup troubleshooting and network troubleshooting could not identify the problem.

I looked at the firewall logs and set inbound/outbound permissions based on TCP any local/remote ports but scope tied to the respective DHCP IP address ranges and IPV6 addresses. The computer names are the same, while changing them from HomeGroup to WorkGroup or something else (after reboot) did not help.

I even disabled IPV6 as you indicated the win7 enables homegroup on IPV4. This also did not help.

[SSri09]

Problem was "error code: 0x80070035 network path not found".

Enabling NetBios over TCP/IP fixed the problem.