ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   Calling firewall gurus! (https://www.scoobynet.com/computer-and-technology-related-34/179863-calling-firewall-gurus.html)

Bravo2zero_sps 20 February 2003 10:35 PM
On my home network I am logging packets addressed to unopen ports on the gateway machine on an adsl connection. I have my firewall to notify me of any network activity and all the rules setup so far for such activity. For example in someone tried to send a UDP packet to an app it notifies me and I decide whether I want to allow it or prevent it etc.

However its not notifying of me of these packets going to unopened ports apart from in the log file.

If I disable all UDP traffic at the end of the rules then anything that I havent already configured will be blocked and I wont be notified or asked to configure a rule for it so this is not an option.

How come these UDP and TCP/IP packets are coming though the firewall to unopen ports but not asking me to block them etc? Are they doing anything bad as they are going to unopen ports? Are they just bouncing as the ports are closed? Its only if they try and contact applications that I get asked to configure a rule.

Whats the answer/advice to this issue? Many thanks in advance for any helpful replies. :D

Jeff Wiltshire 21 February 2003 12:08 PM
Assuming your final rule is something like

Source Any
Destination Any
Protocol Any
Action Drop
Logging Log

My guess would be that the general drop rule hasn't got the same level of alerting/logging as your specific rules have.

Bravo2zero_sps 21 February 2003 01:04 PM
Jeff thats the problem though, I can't have a final rule as that then stops me being notified of new activity which I may want to allow. Its set to notify of any new activity before allowing through. Then I decide whether to permanantly allow or drop.

This is where I don't understand it not notifying me of packets going to unopened ports. It only notifies me if traffic is going to an exectuable.

When I look at the open connections going to local host monitor there is nothing untoward connected or going out.

This is why I just wanted to know what happens to packets going to unopened ports? Am I being port scanned basically as there is no attempt to connect to my machine, are they are just trying to see if there is a route in anywhere?

Cheers for the help.


All times are GMT +1. The time now is 04:04 PM.


© 2024 MH Sub I, LLC dba Internet Brands