Port 500 and 1027

Discussion in 'privacy problems' started by Mrkvonic, Sep 20, 2005.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Recently I moved to a new flat and adequately changed my internet provider. Instead of phone I'm now using cable adsl. And likewise, I was forced to change my nice modem with a crappy cable modem.
    Now, the good ole modem had a firewall built in and acted sort of as a router. The new one lacks this. So every once in a while, I get a popup from the firewall, informing me that Generic Host svchost.exe is being contacted by a remote machine (some ip) through port 1027. Do you want to allow it to access network? and lsass.exe is being contacted throyg port 500 ... same story. I guess the spammers are simply scanning ranges and firing those messages regardless of ports being stealthed, closed or open.
    Now, when I check the traffic log (hexa turned into text), I see those are the spam messages "Your computer has many errors.... visit blahablahas.com to fix".
    I made full port checks at grc shields up and sygate and all ports are stealthed. So my questions are:
    Is firewall dropping ping BUT STILL telling me of the attempt? Sort of, door is locked, but all attempts at the handle are reported to the owner? If so, that's annoying.
    Firewall is Sygate.
    Would it be ok to close these ports permanently using advanced rules?
    I know svchost is needed for winupdate so I do not block it permanently, but do I need lsass to access network at all?
    Any ideas, paps?
    Mrk
     
  2. t772

    t772 Guest

    hi Mrkvonic, not sure if this is what you are after but there is some great info on different ports at this link @ http://www.dslreports.com/ports

    regards, T
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    All my ports are stealthed. I tried several tests online.
    My question is: is Sygate uselessly asking me about communication attempts at these ports? I west with the wing and I configured manual rules to block incoming, but I am curious. This is a bit annoying, but not necessarily a bad thing. I like firewalls that talk to you about what's happening.
    Mrk

    P.S. Bloody cable modem....such a piece of crap... maybe I'll get a router...
     
Thread Status:
Not open for further replies.