Blocked port

Discussion in 'other firewalls' started by SSri09, Sep 14, 2012.

Thread Status:
Not open for further replies.
  1. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    I use win7 64 bit firewall. I have set to block all incoming and outgoing connections unless set by rules. All critical applications/updates are given permissions. I see a series of dropped connections for the following...

    2012-09-14 17:33:17 DROP UDP x.x.x.x 8.8.8.8 63398 53 0 - - - - - - - SEND

    The destination IP is Google DNS? Remote Port 53.

    Any advice would be helpful.

    Thanks,
    Sundar
     
  2. Ring0

    Ring0 Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    66
    Your network settings is configured to use the IP addresses 8.8.8.8 and 8.8.4.4 (Google Public DNS) as your DNS servers.
     
  3. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    Thanks. But I am using open DNS addresses...
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    First, the firewall is doing it's job by dropping those packets.

    For added security, I would modify the outbound DNS rule to only connect to remote IP addresses for the OpenDNS servers.

    Then you have to investigate why something on your PC is trying to connect to the Google DNS servers.
     
  5. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    Thanks. I had gone through Security Audit and narrowed down the issues. Firefox was connecting through Google DNS. That was a strange rule, which I deleted, as the router is configured for OpenDNS.
     
  6. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    Would you set outbound DNS like this?

    DNS.PNG

    or would you recommend adding OpenDNS server addresses to the scope of the above outbound DNS rule?
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Also if that source x.x.x.x is in the 127.0.0.0 - 127.255.255.255 range, then you may have major router issues.
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    See attachment. Shown are NortonDNS addresses.
     

    Attached Files:

  9. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    My ISP dynamically assigns a single IP address. My vigor router reassigns the IP address to my home computers.

    That's the IPV4 lookback range...
     
  10. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    And Win7 64 already defines a a core networking Outgoing DNS (UDP-Out) for port 53.

    Furthermore, if the router is configured for the OpenDNS, why do we need another Outgoing DNS (UDP-Out) for port 53 with scope including OpenDNS addresses (208.67.222.222/220.220)

    Capture1.PNG

    Defining a rule like this produces a Security Audit Failure as firewall blocks the connection, though it does not block the browser.

    DNS.PNG

    I am a little confused here.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Because anything going out of your PC is going to override the router DNS IP addresses.

    For example, on my Netopia 3347 router, my DNS server IP addresses are set by default to my ISP provider servers. I also have a DNS server on the router. The router DNS server does most of address resolution with occasional refreshes from the ISP servers.

    I added my NortonDNS IP addresses to my WIN 7 LAN connection DNS server entries. That overrides the the ISP DNS server addresses assigned on the router. I beleive this also overrides the router DNS server which leaves WIN 7 DNSCache service to perform all DNS caching on my PC.

    The adding of the Norton DNS servers in the WIN 7 DNS firewall rule is just an additional layer of protection to ensure anything leaving my PC DNS wise is going to NortonDNS servers; strictly optional.

    BTW - I don't trust my router. It has been hacked by DNS rebind exploits on prior occasions.
     
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Your referring to the public IP address assigned to the WAN side of your router.

    Your referring to the private DHCP addresses assigned to your network by the LAN side of your router e.g. 192.168.1.1 - 192.168.1.255 or 253 addresses excluding your router and the broadcast address of 192.168.1.255. These addresses are non-routerable private IP addresses. Hence no need to black them out.:)
     
    Last edited: Sep 14, 2012
  13. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    Thanks for the heads-up on the router DNS!

    I had set the notebook configuration properly and set the OpenDNS as the DNS address. The notebook was working without any issues.

    I was confused after seeing the browsers seeking Google DNS servers on my desktop. I did not realize that the desktop configuration was obtaining DNS address automatically. That's why was getting the UDP-Out 8-8-8-8 dropped connection as firewall was blocking them.

    I have now set the OpenDNS server address on my network cards and plugged-in the same on the DNS rule on the win7 firewall as well. Hopefully, the erractic browser connection is resolved with no more Audit failures for the browsers.

    The only thing I need to figure out was my home computers not seeing each other on the network. I am unable to make much headway on the homegroup as my router (vigor 2820Vn) does not support IPV6. I have set it up as a Work network with the same group name on all computers. It was fine until the end of August.
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    For starters, WIN 7 will set up a IPv4 homegroup network by default. No need for a IPv6 router.

    Check your WIN 7 firewall rules both inbound and outbound and ensure all network rules are enabled for the profile you are using which I assume is the private profile. You can do that automatically by selecting Windows Firewall from the Control Panel and then selecting "Allow programs to communicate through the firewall" option. Then checkmark Network Discovery.

    If the above doesn't work, I would try the various WIN 7 network troubleshooters.
     
  15. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    Thanks. I will check.
     
  16. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    All inbound and outbound connections are blocked except set by rules. Two computers can see each other as a home group as well as on the network but unable to access the folders/files. Homegroup troubleshooting and network troubleshooting could not identify the problem.

    I looked at the firewall logs and set inbound/outbound permissions based on TCP any local/remote ports but scope tied to the respective DHCP IP address ranges and IPV6 addresses. The computer names are the same, while changing them from HomeGroup to WorkGroup or something else (after reboot) did not help.

    I even disabled IPV6 as you indicated the win7 enables homegroup on IPV4. This also did not help.
     
  17. SSri09

    SSri09 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    36
    Problem was "error code: 0x80070035 network path not found".

    Enabling NetBios over TCP/IP fixed the problem.
     
Loading...
Thread Status:
Not open for further replies.