Recommended Posts

My Hotmail account was hacked last week, so I have been watching my firewall logs after scanning for anything. I can't find any malware so that is a relief, but there is a repeating internal IP blocked and no information on what or why. Is there a way to find what is in the packet?

03/04/11 14:38:30 TCP <- 192.168.10.2:2869, 192.168.10.1:53335, System(4/0)Blocked by restricted port list. This is the only information about the blockage and it happens over and over sometimes only a few seconds between blocking.

I have a laptop with the free version of OA and it blocks the same IP's.

Thanks for any info.

Share this post


Link to post
Share on other sites

Hi Jean,

TCP Port 2869 is on the list of Restricted Ports that are restricted from making internet connections. Since it's being blocked in your log for an internal IP, I am guessing that you either have untrusted your interface under Firewall -> Interfaces, or that you have marked the computer the connection originates from as Distrusted in the Computers list as these are the circumstances in which Restricted Ports are also blocked for local connections.

I think from XP SP2 onwards (may not be applicable to other O/S's), the SSDP event notification service relies on TCP port 2869.

Share this post


Link to post
Share on other sites

Hi Cat,

Thanks for the reply. What your saying makes sense except I have not blocked anything, but I started poking around in the interface and found something else using that port. verclsid.exe is shown twice on the rules list and the rule was created 3/22. It also has a UDP rule for outgoing but different ports, 49909 & 49911.

Logs for today show nothing blocked, so I really don't know what's going on. :blink: One thing I did check to trust was my PCI Wireless adapter it wasn't trusted.

Found this to be a good resource http://support.microsoft.com/kb/832017

Share this post


Link to post
Share on other sites

One thing I did check to trust was my PCI Wireless adapter it wasn't trusted.

Under Firewall -> Interfaces you mean? If that's the case, that would be why the connection is being blocked. Restricted ports are allowed for local network connections if the interface is trusted.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.