Should I block UDP datagrams to dynamic/private ports?

Discussion in 'other firewalls' started by Bob2000, Jul 3, 2009.

Thread Status:
Not open for further replies.
  1. Bob2000

    Bob2000 Registered Member

    Joined:
    Jul 21, 2008
    Posts:
    27
    I have been using Kerio 2.1.5 on my p.c., which is connected to the internet via a 4-port router. A couple of other p.c.s are also connected to the router.

    The system has been working fine for a year and I've been using BlitzenZeus's rules (slightly modified for my own situation).

    I've just changed my p.c. and reloaded all the software that I had on my old one. My OS is still XP Pro SP2, as before.

    My new p.c. can't seem to access the internet unless I unblock local ports 49152 - 65535. svchost.exe is now sending UDP datagrams from these ports to the router port 53.

    I never had this problem on my now discarded p.c. which is about six years old.

    Is it ok to leave these ports unblocked? Could it be the modern hardware spec of my new p.c. that's causing the difference?
     
  2. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Hi,
    Local ports 49152 - 65535 must be unblock to svchost.exe.Because DNS service need local ports 49152 - 65535 and 1024-5000.



    regards
    cqpreson
     
  3. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,565
    The default dynamic port range for TCP/IP has changed.
    http://support.microsoft.com/kb/929851
    Panagiotis
     
  4. Bob2000

    Bob2000 Registered Member

    Joined:
    Jul 21, 2008
    Posts:
    27
    This is for Vista, isn't it?

    I'm using XP Pro SP2. Never had the same issue on my last XP Pro SP2 machine, (which last had a Windows update in June 2008.)

    Unless the port range has been changed by a recent Microsoft Security update for XP... Has it?
     
  5. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,565
    Yes, it is for Vista.

    On my xp SP3 I do not see local connections from ports 49152 - 65535.

    Panagiotis
     
  6. Bob2000

    Bob2000 Registered Member

    Joined:
    Jul 21, 2008
    Posts:
    27
    Be interested to know if that's still the same after a "Windows Update"...

    Anyway, my main question is: Is it safe to unblock ports in the 49152 - 65535 range to svchost.exe for both TCP/UDP in and out?

    I've read that some malware can be disguised as svchost
     
  7. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,565
    It is still the same.
    It is safe to unblock those ports.
    As long as svchost.exe resides in the directory "\WINDOWS\system32" of your system partition you should not worry.

    Panagiotis
     
  8. Bob2000

    Bob2000 Registered Member

    Joined:
    Jul 21, 2008
    Posts:
    27
    Thanks, Panagiotis! :thumb:
     
  9. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,565
    Glad I could help. :)

    Panagiotis
     
Loading...
Thread Status:
Not open for further replies.