Need help w/ weird connection issue

Discussion in 'LnS English Forum' started by robertkn, Dec 12, 2010.

Thread Status:
Not open for further replies.
  1. robertkn

    robertkn Registered Member

    Joined:
    Jan 27, 2007
    Posts:
    8
    Hey everybody--

    Have been having this weird issue for the past month or so. Throughout the day I have no problems browsing and rarely hear a peep out of L&S. But, then in the evening around, say, 11:00p (give or take) all of a sudden I cannot connect to websites anymore and L&S starts beeping and generating messages in the log. Now, if I untick the Internet Filtering Enabled box I can connect to websites. As soon as a retick the box I can't connect anymore. The message in the log typically indicated that the connections are PC>Internet and the port#'s are mostly in the 5000 range. If I reboot the computer I can then start browsing again. This happens pretty much every night, not exactly the same time, I'd say anywhere from 10:30 to midnight.

    I've run a number of different anti-malware programs, but they don't seem to be picking anything up.

    I have L&S 2.07, DSL service.

    Any thoughts would be appreciated. Thanks in advance.
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Perhaps your BOOTP packets being blocked, don't know for certain without seeing a Logfile or you looking for yourself for BOOTP* packet blockings.
     
  3. robertkn

    robertkn Registered Member

    Joined:
    Jan 27, 2007
    Posts:
    8
    Thanks PhantOm.

    Well, I see a rule with the name UDP BOOTP / DHCP and Description: Authorize all necessary BOOTP data packets used in cable modem and DSL setups. This looks like a stock rule which I doubt I would have created myself. The weird thing is that I don't start having problems until late in the evening.

    What I can do is make myself a popup note to start a logfile this evening around 10 oclock. Should I post it, email it, or what?
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    If that rule is enabled and in original form, then it isn’t BOOTP problem.

    Attaching it to a post here should be fine.
     
  5. robertkn

    robertkn Registered Member

    Joined:
    Jan 27, 2007
    Posts:
    8
    OK, PhantOm the log is attached. Tonight it didn't occur until a little after midnight. What is in the log is fairly typical of what happens, but sometimes there are a few more different types of entries in the log.

    Let me know if you need anything else.

    Thanks again.
     

    Attached Files:

  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Seems to be a problem with the "TCP : Authorize most common Internet services" rule and the use of 'Local In', you might have to use 'In range A:B' and specify 1025-65535 and see if that helps.
     
  7. robertkn

    robertkn Registered Member

    Joined:
    Jan 27, 2007
    Posts:
    8
    Before making the change it is configured as follows:

    TCP/UDP: port
    In range A/B
    1024
    5000

    Now, this being the case, does it mean that attempts to access destination ports outside that range will be blocked by the firewall? Now, the log shows that the computer is trying to hit ports above 5000 correct?

    So, the question that comes to mind is: Why do I not have this problem all day, then late in the evening all of a sudden my machine wants to start hitting destination ports outside the 5000 range, including the very same sites I use throughout the day? Isn't that pretty strange?

    Could the DSL service be deciding to do that for some reason? They have made some recent improvements to the service here. We were having a terrible time with video buffering. Within the past 4-6 weeks ATT came through and replaced some interface posts and did some work on the overhead wiring as they are introducing TV service in the area. Suddenly our video buffering problem has improved greatly.

    I'll make the change this evening after the problem occurs and we'll see what happens. Thanks a lot for all the assistance!
     
    Last edited: Dec 14, 2010
  8. robertkn

    robertkn Registered Member

    Joined:
    Jan 27, 2007
    Posts:
    8
    OK, PhatOm. Tonight the problem occurred about 11:00p. I made the change you suggested and that seemed to resolve the issue.

    As a side note, when I made the change to 'Local In' the 'In range A:B and specify 1024-65535' appeared as a default and I could not change it anyway.

    Now, to be honest...and humble...I don't really know what I did. Is this anything that will lesson my security very much?

    Thanks again for your willingness to help!
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Glad to read it’s resolved! Your security still good regardless the wider range, but you might be-able to make some adjustments, what version of Windows you running?


    :)
     
  10. robertkn

    robertkn Registered Member

    Joined:
    Jan 27, 2007
    Posts:
    8
    XP. I do go through a router.

    Thanks, PhantOm.
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Sounds like a registry tweak was used to extend from the normal ephemeral ports range, so instead of going to 5000 and recycling through, it keeps going. Nothing to worry about. :)
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  13. robertkn

    robertkn Registered Member

    Joined:
    Jan 27, 2007
    Posts:
    8
    PhantOm, I see that the MaxUserPort entry is in my registry and set to ffff (65535). So, if that's a tweak, it makes me wonder how the heck it got in there. I sure don't recall doing such a thing.

    It still seems bizarre to me that everything had been fine during the day. Then, anywhere from 10p on in the evening I would start having problems related to those ports beyond 5000. Maybe ATT or maybe some malware. Anyway, thanks for the explanation!!
     
Thread Status:
Not open for further replies.