is normal for chrome to connect to 1900 port UDP 239.255.255.250

Discussion in 'privacy problems' started by lucd, May 17, 2020.

  1. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    don't have any devices that should connect between themselves and media routers are disabled in about:config, I am confused about this connections, on some devices I don't have such traffic with chrome.exe
    if I block this Internet is gone on chrome
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,137
    Location:
    Member state of European Union
    This address is a IP multicast.
     
  3. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I hear this alot, but can it be dangerous, you too get multicast ip on chrome?
    As if everyone knows what is multicast but if a non techie tries to find how this can be exploited he finds nothing useful, only that it is a multicast (obviously)
    I don't get such on other browsers and not everytime on chrome , just this device
    I am thinking it might come from some addon/extension

    "224.* is a multicast "domain", wherein various apps will use it to connect to other apps etc." I do have browser addons

    so my question in short is, is it typical for chrome.exe? or I should investigate further
     
    Last edited: May 18, 2020
  4. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    it was indeed grammarly, not that I need it my English is perfect (joking)
    another one that seam to do that is ublock origin
     
    Last edited: May 19, 2020
  5. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I don't get it, it seams to be jumping around between extensions so removing one helps for a limited period of time only
     
  6. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,137
    Location:
    Member state of European Union
  7. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    the option for disabling it was the first thing I did, didn';t help though, also its random, on some pcs it doesn't want 255.255 but the normal dns I have set
     
  8. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    according to some forum user there is possibility of Windows using Shell32 DLL and API for Bing functionality in Windows 8 and later versions since that IP seems to point to Bing search server.

    On some systems chrome doesn't connect to 255 (...) but normal chrome ip addresses

    ok found something here https://www.lifewire.com/how-to-turn-off-chromecast-4801906#:~:text=Open%20a%20new%20Google%20Chrome,select%20it%20from%20the%20list.
    but apparently it is not possible to disable chromecast
     
    Last edited: Sep 19, 2020
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    OK found something, to stop at least some Chrome UDP connections:

    Chrome:
    “chrome://flags”
    Experimental QUIC protocol | Disabled
    it is on (Enabled) by default since 2013

    "The issue is not with the protocol or the technology itself. The supposed upside of QUIC is that it makes web communications more efficient and faster. The problem is that it is not supported by security appliances such as firewalls yet, and has therefore inadvertently created a security hole for many organization"
     
    Last edited: Apr 23, 2021
  10. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    thanks for your follow-up, luc. good info.
     
  11. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Just block the address in your firewall. For me, chromium is only allowed to connect through ports 80 and 443 and whatever localhost stuff I use, and only TCP

    https://i.imgur.com/VdE3HNJ.png
     
  12. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    thanks but that doesn't do anything unfortunately,
    I am trying some registry for non unicast (cmd) :
    reg add "HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp\DPNHUPnP" /v UPnPMode /t REG_DWORD /d 2 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV" /v Start /t REG_DWORD /d 4 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\upnphost" /v Start /t REG_DWORD /d 4 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SkyDrive" /v DisableFileSync /t REG_DWORD /d 1 /f
    reg add "HKLM\Software\policies\Microsoft\Windows NT\DNSClient" /v DisableSmartNameResolution /t REG_DWORD /d 1 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" /v DisableParallelAandAAAA /t REG_DWORD /d 1 /f
    disabled hotspot just in case, as it comes back on after an update (cmd):
    netsh wlan stop hostednetwork
    netsh wlan set hostednetwork mode=disallow
    reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" /v value /t REG_DWORD /d 0 /f
    reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" /v value /t REG_DWORD /d 0 /f
    also chrome flags,
    Connect to Cast devices on all IP addresses | Disabled
    Global media controls control Cast start/stop | Disabled
    Web Share | Disabled
    Cast Media Route Provider | Disabled
    Allow all sites to initiate mirroring | Disabled
    Enable shared clipboard feature signals to be handled | Disabled
    and finally chrome in registry editor
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
    "RemoteAccessHostFirewallTraversal"=dword:00000000
    "RemoteAccessHostAllowClientPairing"=dword:00000000
    "RemoteAccessHostAllowFileTransfer"=dword:00000000

    Finally harden windows 10 has some complex registry tweak for the Netbios with hex values, it costs 10 dollars I think but they are made by professionals so they work and well worth for what they do to account policies. I also like their cleaning task
    after I connected it said your connection has been changed, hopefully that did something

    @Floyd 57 thanks I am still learning how to use SW, if you mean "user rules" I have all that option unticked and Internet worked, added HTTP now after your advice, but I am not sure why I am adding it if Internet worked before, this is the way in SW to only allow http TCP protocol? have you set any special rule for chrome/chromium

    I would loose connectivity if I did, but now I let the prompt to expire in SW and SW asks again this time for normal TCP connection which I allow
     
    Last edited: Apr 28, 2021
  13. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Basically, as you could see from my pic, HTTP rule only allows TCP traffic through port 80 and 443, which is the basic you need to browse the internet. Although there might be a few more ports in the HTTP rule by default, I don't remember. So if you block chrome.exe internet access with SW, but you only allow the HTTP rule and disable notifications, now it can still browse the internet but won't connect to random stuff

    https://i.imgur.com/Ao3vxTS.png
     
  14. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    ok so block chrome.exe but allow http in user rules, interesting and clever
     
  15. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Yes check the pic I just editted in but you replied so fast! But yeah that is pretty much all you need to use the internet. There are rarely sites that use other ports. And ofc you don't have to disable notifications, but after a while it will be the same ones over and over that you already know and don't need
     
  16. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I did not do apply http for this app, and yet Internet works for chrome , hmm
     
  17. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Also, most programs that only need internet connection to check for updates but don't need internet to function, you can do the same. In fact, if you know the ip addresses that programs connect to, you can allow them to ONLY connect to those ip addresses and ports and what not. But that's very time consuming and quite paranoid.
     
  18. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Because you have to untick the checkbox to disable internet access, and then apply http. If the checkbox is ticked, then it has internet access for everything, regardless of what rules you applied I think.
     
  19. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    upload_2021-4-28_18-29-4.png
    And make sure those are checked too
     
  20. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I don't have to add HTTP to user rules in order for chrome to work with rule apply http for this app (chrome.exe), I think if you add HTTP rule to user rules it will just use the specified ports by the rule, eg. 80, 443, 8000, 8008, 8443-8444 which is better
    @Floyd 57
    also you have to thick the rule next to the app like so (attachment), your pic have them unticked so user rules don't apply but general HTTP rules, it would make sense ..
     

    Attached Files:

    • SW.jpg
      SW.jpg
      File size:
      17 KB
      Views:
      8
    Last edited: Apr 28, 2021
  21. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Yes when I meant HTTP rule, I meant ONLY for chrome.exe. And yes it would make sense, but that's not how it works. The checkbox represents if the process is allowed internet access or not, regardless of which category it is in. So you need to uncheck it, or the rules applied to it won't matter because it will be allowed to connect however it wants anyway.

    It is really quite simple, I figured it out immediately.

    Checked checkbox = all connections of process allowed
    Unchecked = not allowed

    And then you can apply http rule to the process chrome.exe to allow only that rule specifically (if it is unchecked)
     
  22. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I need to visit that github and check if they have some guide, it is "simple" wall unless you need to do more complicated stuff
    your clarification is clear
     
  23. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Ye I can explain more clear if u want
     
  24. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    no thank you I said all clear, at least for the chrome.exe part, interestingly I am not getting nagging consent prompts from google anymore, to the privacy policy & eula stuff for Youtube and more google related stuff.

    it is fun to break normal functionality sometimes

    @Floyd 57 sry for exploiting your knowledge like that, but I have to ask, did you manage to block svchost with SW? I can't do that, it still manages to connect somehow
    svchost is under the "apps without Internet access", blackfog is telling me svchost has connection though
     
    Last edited: Apr 28, 2021
  25. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Can u show pic of blackfog saying that? Also are u sure there are no rules enabled for svchost.exe ?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.