PrivacyFirewall's Blinking

Discussion in 'other firewalls' started by TDoGChad, Feb 28, 2015.

  1. TDoGChad

    TDoGChad Registered Member

    Joined:
    Feb 28, 2015
    Posts:
    8
    How am I suppose to know what privacy firewall's taskbar icon (next to clock) is using the internet because there is an activity blinking every now and then ... it is so difficult to read NUMBERS but what program is accessing the network or internet ... here is the umm ... "activities/blinking" screenshot ?

    What I am trying to say is I am not doing anything on computer and firewall is blinking every now and then ... and no, I am not infected at all, that's for sure.

    CaptureBlinking.jpg

    I simply wanted to know what is using the internet while idling ... how do I know that ?
     
  2. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    103
    Salut,

    In your router, disable UPnP, remote connection, and WPS pearing.
     
  3. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,736
    239.255.255.250:1900 is MULTICAST protocol

    have you installed the recent version of firefox (v36) last days?
    firefox 36 hast built-in multicast feature right now. you have to add multicast to your rules/zones.
    see http://forums.mozillazine.org/viewtopic.php?f=23&t=2911235

    btw its NOT "hello" as some stupids consider
    and nope - SSDP ist port 1900 only, but not only ip 239...250 - last is so called multicast protocoll <ip : port>
     
  4. TDoGChad

    TDoGChad Registered Member

    Joined:
    Feb 28, 2015
    Posts:
    8
    Sorry that I do not like FireFox Browser ... Thanks.
     
  5. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    103
    Privatefirewall must block traffic on port 1900 to internet (inbound and outbound), configure, your rules are bad.

    ps : IP 169.254... problem in your local network.


    For me, Privatefirewall is an abandonware for geeks, Windows firewall is better.


    Dont forget...

    "In your router, disable UPnP, remote connection, and WPS pearing."
     
    Last edited: Mar 2, 2015
  6. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    Have you set your "Network Security" level to "High"? If yes, it is normal for me since it blocks whatever files, media or printer sharing communication.
     
  7. TDoGChad

    TDoGChad Registered Member

    Joined:
    Feb 28, 2015
    Posts:
    8
    thanks for all those replies ... I am aware of it and i normally use all HIGH level of security ...

    for example ... ok there it goes again ... blinking (something moving or access on network) ... I wanted to know how do I identify what was that ... google updating ? windows updating ? just checking the internet to see if its alive ? using wifi printer but nothing printing ? ... numbers does NOT tell me exactly which program is using the internet traffic ... when I set it HIGH ... it always asking me ok to allow it ? ... just ip or numbers or dns etc ... i even tried the dns reverse look up ... ok ... let me rephrase ... is there a software that allows me to see whats the traffic doing as in full description ... say as in example ... 1325r52135321 is a screensaver wanted to check windows update ... oh ... what the freak screensaver has to do with internet ... thank you i know something and allow me to explore more and understanding ... FUNNY THING IS ... you just cant block it all then why have a firewall in the first place to allow it to access the internet ... that is when antivirus/malware scanning traffic before reach my computer ... you know what ? ... Antivirus program is awful ... so I use VirusTotal.com and Phrozen Uploader (multi-files virustotal uploader) ... AWESOME ... I am virus free for long time for sure ... I just reformatted my harddrive few weeks ago to start fresh again since about 2 years ago ... because I checked it out carefully before installaitons ... that is not the whole point ... I simply wanted to know what is using the traffic/internet in a full details ... the blinking (traffic in use) giving me suspense ... just wanted to know what accessing the internet .. is there a software or RTFM website ? ... I looked up and answers are not narrow ... I spzend few hours and decided to ask away in forum.

    Funny thing is my main router does not have any uPnP, remote connection is still disabled, WIFI is encrypted but not sure what is WPS pairing (gone to learn it) (back) oh ... Wifi is protected in a gibberish password ... if that what you meant.

    (DSL, only available in the "outside of the city" country)

    (searched about firewall) and found this seems got some good information ?
    http://www.sophos.com/en-us/support/knowledgebase/57757.aspx

    better information
    http://www.smashingmagazine.com/2013/01/30/introduction-to-firewalls/

    but still does not tell me what/which program/something is accessing the internet

    grc.com is a good site to get security test

    https://www.grc.com/unpnp/unpnp.htm
    Found it and now disabled and router still dont have UPNP
     
    Last edited: Mar 2, 2015
  8. MikeMT

    MikeMT Registered Member

    Joined:
    Feb 7, 2015
    Posts:
    63
    Location:
    Malta
  9. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    As MikeMT said, IMHO you need to refer to port tracking window of PW that is very useful and would let you know which programs are listening for packets or listening for connections (IMHO, it means ports are opened and services are available and waiting for connection to be formed or packet to be received). Besides, you could also know that which program is connecting, communicating and transmitting data with the remote host or server. However, as for the alerts, I do not know whether you have enabled Trusted Publisher (TP) feature and Auto Response feature (you should check at Settings) but if yes means IMHO you shouldn't always been asked to allow the connection or not or the alerts would inform you that the program which is attempting to connect to an address is a trusted program or not but sometimes it won't because the program's publisher is not in the database of the TP of PW. Although if the two features are disabled, the alerts would ask you for decision but it should state clearly which program (even the path of the program folder) is attempting to connect to a host or server. However, you need to know that if the program is good or malicious without the help of TP (in case you have disabled it or not in TP database). It is just my opinion. If any wrong in my reply, anyone could rectify. Thank You.
     
  10. TDoGChad

    TDoGChad Registered Member

    Joined:
    Feb 28, 2015
    Posts:
    8
    Thank you ... Brummelchen, Boblvf, MikeMT and yongsua ... it will gives me a good start learning deeper ... thanks a bunch ... oh yeah ... DUH ... I didn't think of privacyware user manual :)

    one question to yongsua ... PW ? Properties Window ? or password ? ... I believe you meant PF ? Privacy Firewall ?

    yes, there is a TP and Auto Response in PF ... I let PF do it itself and I even let me do it myself ... believe or not ... PF have been asking me alot than comodo did (was my favorite for about 3 years until broken/sluggish) ... somehow comodo did not catch the warface's Africa DNS accessing the internet ... PF asked me so many time ... I blocked it permanently :) ... PF is very light and yet strong in my opinion and PF passed all at grc.com ... I know nothing is ever be 100% flawless perfect.
     
  11. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    Sorry I mistyped it, it should be PF. :) Nice to see you happy with PF.
     
  12. TDoGChad

    TDoGChad Registered Member

    Joined:
    Feb 28, 2015
    Posts:
    8
    i have tested about 5 firewalls ... first one was zonealarm which is a laugh ... 2nd one was Outpost by Agnitum ... i dont really remember which 3rd one ... it was then 4th was comodo (version 5) turned out great and then 6 and 7 ... GOOD GRIEF ... I have tried 3 times and dealing with it ... it is not worth it due sluggish, hard to navigate the sandbox to override ... v5 was simple and know where those tweaks are at ... now someone mention about privacyfirewall ... i went for it ... WOW ... PC performance have never changed and super fast alerts ...

    Guess what ? ... I have not see any blinking on my taskbar PF until I submit or using internet ... right now i am just typing and no traffic blinking ... I believe this tweak solved the blinking to stop ... tweak : "In your router, disable UPnP and remote connection"
     
  13. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,274
    To stop all that usually useless uPnP chatter,
    In Control panel on your PC, Admin tools, Services, STOP and DISABLE: SSDP discovery and UPnP device host services, in that order because uPnP depends on SSDP.
    The worst thing that will happen is that some devices (chromecast, Roku, maybe some TVs ...) will stop communicating with your computer which unlikely is needed.

    Seems like you have some devices connected. Their IPs are 192.168.1.89 and .97 on your LAN - what are they? The one ending with .87 might be a computer considering the netbios stuff. Check in the router who got what IP.
    Ignore all those 169.x.x.x they didn't get an IP.
     
  14. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    Good! Thank You!
     
  15. TDoGChad

    TDoGChad Registered Member

    Joined:
    Feb 28, 2015
    Posts:
    8
    according to ipconfig ... I see .91 and .254 ... not sure ... maybe tablet and/or asus laptop ? ... I am on my own custom pc

    i just opened netflix and it went thru just fine ... ... i just double checked ...its disabled ... both of them

    .97 is directv ... and .89 is between android IP ... but .89 is not showing who/what are those ... .87 not showing either
     
    Last edited: Mar 3, 2015
  16. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,274
    ipconfig tells you about your computer IP and unless is static, it changes, so today it's .91, next day is .97...
    Router devices tab should tell you about other devices.
    Yes, if tablet and laptop are Windows they too will do the uPnP messages, and you can shut it off there as well.
     
  17. TDoGChad

    TDoGChad Registered Member

    Joined:
    Feb 28, 2015
    Posts:
    8
    Samsung Galaxy Note 10.1 (2012) Tablet ... whereabout the upnp ?
     
    Last edited: Mar 4, 2015
  18. TDoGChad

    TDoGChad Registered Member

    Joined:
    Feb 28, 2015
    Posts:
    8

    uPNP is same as DLNA ... so here is the answer :)

    Share Media On/Off (DLNA) - Samsung Galaxy Note® Tablet 10.1
    [Device-Specific Instructions]
    http://scache.vzw.com/kb/images/common/note.gif Notes:

    • To share media files, an active Wi-Fi connection must be established.
    • To play or copy media to/from other devices (e.g. computer, TV, etc.), they must be connected to the same Wi-Fi network and may need to be configured for sharing. Refer to the equipment manufacturer for assistance.
    1. From a home screen, select Apps (located in the upper-right).
    2. From the Apps tab, select Settings.
    3. Select More settings.
    4. Select Nearby devices.
    5. Select File sharing.
      http://scache.vzw.com/kb/images/common/linote.gif Enabled when a check mark http://scache.vzw.com/kb/images/samsung/i415/check_icon.gif is present.
    6. If prompted, select OK.