OutPost learning thread

FWIW, I also got rid of the 1900's by disabling SSDP service.

I've forgotten how to check the NIC ? Age I guess.

Is in the router settings itself?

I have OP FW Pro windows 7 64 bit so that is the same anyway. The LAN settings I have at do not detect new networks automatically.

Speaking of ARP's, every time my better half boots up the xp sp3 desktop hard wired into the router, my wireless note book get this block.

10:53:06 AM 0.0.0.0 Host blocked for 5 min ARP_SCAN

I don't like this but don't know what to do?

 

Can you confirm those are actually leaving the PC? Those comms are from the loopback interface and may not be actually broadcast outbound.

I remember seeing those, but I disabled (un-checked) the 2 entries "Link Layer Topology Discovery Mapper/Responder" in the NIC Adapter settings (I dont need those comms in my LAN). I will re-enable to see if those comms start again.


- Stem

 

Not sure if it would be the ARP before boot DHCP or the "ARP announcements" causing that as the IP is zero.
Have you changed the default settings for the ARP protection in OP?


- Stem

 

Sorry, when I first exposed my doubt regarding this connection, it merely had to with the fact that if no rules are enabled to allow communications to port 1900, then this communication shouldn't be happening, should it?

Also, if I create a rule blocking communications to port 1900 for svchost.exe bound to SSDP Discovery service, the communications will still occur. Shouldn't, also here, be blocked straight away?

My doubt is: Why do they occur if no rules exist allowing such communications, and even with a rule blocking it, they still will occur?

The same applies here. If no rules are enabled to allow it, then shouldn't they be blocked?

In a policy of blocking all inbound unless allowed (default) and block all outbound unless allowed, everything that does not match a rule is blocked. This means, to my own understanding, these communications (loopback or otherwise) shouldn't be happening. I cannot see a single rule enabled to allow such. It beats me why they occur.

Anyway, I'm not part of any network, and so SSDP and UPnP have no use for me, at all. But, I'm intriguided by it.

 

The rules are being set on the NIC interface not the loopback interface.
If the comms are only(as they appear) to be going across the loopback, then they are not a problem, they are only internal comms.

Yes, and they are on my setup.

I re-enabled the "link-layer Topology" on my NIC to check. I am now seeing blocked packets in the firewall log of the outbound attempts to multicast:224.0.0.252; 5355. There is nothing getting out to my gateway.


- Stem

 

OK. I wonder why Outpost blocks it, though?

I guess this is the obvious question then: Why doesn't it block it? (I'm running Windows 7 Ultimate 32-bit, by the way.) I wonder if it could be happening to more people

-Edit-

By the way, do you have DNS Client enabled/disabled? LLMNR is bound to DNS Client service. Most likely it is DNS Client performing these lookups, and since it is enabled, it won't matter if LLMNR firewall rules are disabled

 

In Outpost FW Pro 7 64 bit windows 7 note the following:

Loopback filtering is skipped

Here are the settings from machine.ini