Hi, I have a few questions: i) I have BlackIce Firewall installed and was wondering whether a UDP connection (local port:1189) out to a remote destination (remote port:137) dangerous. BlackIce is listening port 137. ii) Because UDP is connectionless, is it as dangerous or more dangerous than TCP on a connection out? Thanks in Advance.
Hi, If you have already hardening Windows (by disabling some services and closing criticals ports) and if your firewall is well configured, your system has to appear stealth. UDP is a less secure protocol than TCP because he has a "blind functioning". When UDP transports/forwards IP, there's no acknowledge receipt of datas . Threfore,UDP is less codified than TCP. That's why there's many attacks with this protocol (like UDP 0). Regards
What was the remote IP/address? Did it match one in your BI logs for a blocked connection attempt/alert? Regards, CrazyM
Thanks I discovered the problem. I am on a small network and somehow I enabled the option that made the computer I was running the DMZ. Another computer on the lan was downloading something. Hence, that download was going through my PC. No wonder there was a huge spike in the intrusion scans. Everyone was probing for any weakness in the firewall, even though my firewall was stealthed. Grr.