@ Prevx Hi, i know i've mentioned it before, but i've just caught WRSA trying to get out via UDP, why is this ?
Hi, Ok thanks for that Strange why it should want to use UDP though, when ASFAIK it shouldn't do normally ?
? DNS Lookups are normally done via UDP and have been for decades. RFC 1035 ( http://tools.ietf.org/html/rfc1035 ), circa 1987 Section 4.2.1 P3: "UDP is not acceptable for zone transfers, but is the recommended method for standard queries in the Internet." *Pulls out his Old Network Engineer cane, "You kids these days and yer newfangled AAAA records! Get off my lawn!"
Learn something new every day, Thanks It's curious that even though my FW blocks those UDP attempts, i don't have a problem surfing etc !
UDP is the recommended manner per the RFC, but it can and will fall back to TCP if UDP doesn't work. The downside is the overhead in TCP in doing so. There's also a chance that your firewall is "inside" the system level of DNS, in which case it wouldn't see or block the normal system-level DNS lookups that can be tampered with by malware (and the hosts file). Or it could normally ignore the system-level DNS lookups.
@ Techfox1976 Thanks a LOT for the info How would i establish if "my firewall is "inside" the system level of DNS" ? I'm using ZA v.5.5.062.000 Don't laugh
If the firewall can log "all" traffic, look for stuff from the System process (PID 0) to the DNS server set in your network config, port 53 UDP or TCP. Or any process other than WSA for that matter. Just loading a web page should initiate a request or seven for each page.
Ya think @ Techfox1976 Sorry for the delay in replying ! Apart from WRSA which i allow, Zemana also tries out via that route, even though i have ALL the options set NOT to ? so i disallow it. Apart from those i always see this, when logging on, which i allow. AFAIK that's normal.
Generic Host Process, which contains the DNS resolver. If that ever gets blocked, doooom shall be the result.