Strange Firewall Messages

Discussion in 'other firewalls' started by tzic, Sep 15, 2003.

Thread Status:
Not open for further replies.
  1. tzic

    tzic Registered Member

    Joined:
    Sep 14, 2003
    Posts:
    12
    Hello,
    I installed Kerio Personal Firewall. Every time that a program tries to connect to the internet I get these messages:

    - 'Internet Explorer' from your computer wants to send UDP datagram to quote.tdc.com [127.0.0.1], port 3115

    - 'Internet Explorer' from your computer wants to send UDP datagram to quote.tdc.com [127.0.0.1], port 3168

    this is the first line of my "hosts" file

    127.0.0.1 quote.tdc.com #add by quotelf

    If I delete this entry, Kerio messages replace quote.tdc.com with the next entry of the host file (127.0.0.1 dial2.tdc.com #add by quotelf) and the message is:

    - 'Internet Explorer' from your computer wants to send UDP datagram to dial2.tdc.com [127.0.0.1], port 3115

    The same thing happens with MSN messenger

    - 'Messenger' from your computer wants to send UDP datagram to quote.tdc.com [127.0.0.1], port 3027

    - 'Messenger' from your computer wants to send UDP datagram to 65.54.240.62, port 7001

    - Someone from 65.54.240.62, port 7001 wants to send UDP datagram to port 3161 owned by 'Messenger' on your computer

    Actually every program that connects to the internet wants to send an UDP datagram to the first entry of the hosts file..! :) I have to click at least 5 times the deny or accept button in order messenger or internet explorer to load... I have scanned my PC with updated antivirus software and my system is winXP.

    Any idea why this is happening?

    thank you in advance

    tzic
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi tzic

    Do you have a loopback rule in place in Kerio?

    Allow, TCP/UDP, Direction Both, Remote Address 127.0.0.1, any port.

    Regards,

    CrazyM
     
  3. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    CrazyM is correct with the loopback rule, and if you run a software proxy on your computer should use port ranges to avoid letting every program, including programs you don't want getting out use that port. If the proxy listens on tcp 4444, then make the first remote range 1-4443, and make the second range 4445-65535. So then you would give programs permission to use 4444 by making, or editing a rule to allow it.

    In the hosts file I will usually put the computername, or localhost with the address 127.0.0.1 as the first entry.
    127.0.0.1 BlitzenZeus
    127.0.0.1 ad.server.com
    -or
    127.0.0.1 localhost
    127.0.0.1 ad.server.com
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi tzic

    As BlitzenZeus noted, the first entry in your hosts file should be the one that associates 127.0.0.1 with localhost. Especially if you are using your hosts file to stop connections to unwanted sites. Another example of how this entry could be made with a reminder:

    # localhost address - Do Not Remove
    127.0.0.1   localhost

    Regards,

    CrazyM
     
  5. tzic

    tzic Registered Member

    Joined:
    Sep 14, 2003
    Posts:
    12
    thank you (BlitzenZeus, CrazyM),
    I created a loopback rule (I should have done my homework reading Kerio's help file) and I also added localhost to the first line of hosts file. Everything seems to work fine for the moment.

    tziC
     
Loading...
Thread Status:
Not open for further replies.