Look n Stop and Windows Update v5

Discussion in 'LnS English Forum' started by Curt_G, Aug 9, 2004.

Thread Status:
Not open for further replies.
  1. Curt_G

    Curt_G Registered Member

    Joined:
    Apr 13, 2004
    Posts:
    4
    Up until recently I had disabled SVCHOST.exe from accessing the Net.

    Since Windows Update v5 I have had to allow SVCHOST.EXE access to the internet. Specifically it wants to connect TCP outbound to destination ports 80 and 443, and TCP inbound on source ports 80 and 443.

    I've put together two rules (one for inbound and one for outbound) with a further block all rule after this, but I fear this is still allowing too much..

    Ideally I would like to limit access to specific IP addresses for windows update as well. A lofty goal, but perhaps some kind soul has already done the grunt work? :D
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    it would interest me too.
    If you have enabled the DNS client service, then do not forget to allow svchost to connect to your ISP DNS server's IP.

    About windows update, I do not have yet restricted svchost to IPs, since I do not know them all.
    I think it would be good that we post here the IP our svchost has tried to connect too, to know if it's always the same or not.

    On my side I see 3 IP :
    207.46.244.252
    64.4.21.124
    64.4.23.93

    regards,

    gkweb.
     
  3. Curt_G

    Curt_G Registered Member

    Joined:
    Apr 13, 2004
    Posts:
    4
    Thanks for the IP addresses! Here's one more to add to the list:

    64.91.226.241

    As for DNS, I'm using Phant0m's ruleset, so I placed the rules after the DNS-Allow rule.. and then moved them further down after the TCP Incoming block rule. This seems to take care of allowing SVCHOST.EXE access to my DNS servers, while reducing the number of invalid attempts a wee bit..
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    I think there is too much IPs :

    207.46.249.25
    207.46.157.93
    207.46.244.525
    208.175.198.29
    64.4.21.124
    64.4.23.93
    64.91.226.241

    and so one... I think it's not possible to restrict svchost by IP :-/

    regards,

    gkweb.
     
Thread Status:
Not open for further replies.