WRSA want's out via UDP ?

@ PrevxHelp

Hi, i'm sure you once told me that when i had PSO,

1 - It does NOT use UDP at All.

2 - That you don't use our browsers in Any way to get out.

Can you please explain what i saw in my FW logs today ?



TIA

 

I think this just DNS query for E.T. phone home and ask mamy u have new vesion of me?

 

Just a DNS lookup (port 53) not a phone home. Probably to check if internet is ON? No idea, just a wild guess.

[by the GUI, you must be using an ancient version of ZA ]

 

Yes, this would just be the OS resolving the DNS request. The agent doesn't perform its own UDP calls at all.

 

Yep. That is 100% accurate. 53 UDP is a DNS request. Any process that says "I want a DNS lookup on a hostname or IP to be done" will be associated with the resulting request from the TCP stack. The fact that they occurred at the same time may be completely unrelated (which is most likely), or for all we know it could be WSA double-checking on the DNS information about the site, such as through a reverse DNS. I'm thinking more likely to be unrelated.

But yeah, it's just a DNS lookup. You'll see Firefox do one of those for every new server it loads from.

 

Thanks guys

@ PrevxHelp

But why does my FW CLEARLY show WRSA as the program that requested out, if as you say, it's the OS ?

TIA

 

It's likely to be WSA doing the DNS lookup via the OS. You won't see OS X, Y or Z listed; it'll be the application on that OS, in this case WSA. Like Techfox says, Firefox does the same thing for every new server it loads from.

 

Exactly, the OS performs the actions on behalf of WSA, but it occurs within the caller process because of the context of the operation.

 

@ TonyW

Thanks

So even though it's not WSA directly trying to get out via UDP, WRSA is the cause.

What effect does my FW blocking it have ?

 

There is no reason to block it - it is a DNS lookup to verify a website. It will dramatically reduce protection if you block it.

 

@ PrevxHelp

I thought it might be that, Thanks