Re: Norton Personal Firewall 2003

From: NeoSadist (neos@dist)
Date: 12/07/02

• Next message: NeoSadist: "Re: Blocking IM servers"
• Previous message: NeoSadist: "Re: ICMP port 3"
• In reply to: Alsvik Ture: "Norton Personal Firewall 2003"
• Next in thread: Alsvik Ture: "Re: Norton Personal Firewall 2003"
• Reply: Alsvik Ture: "Re: Norton Personal Firewall 2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "NeoSadist" <neos@dist>
Date: Sat, 7 Dec 2002 04:32:08 -0700

"Alsvik Ture" <ture@alsvik.dk> wrote in message
news:Nq9I9.60687$HU.4183068@news010.worldonline.dk...
> have some problems using NPF3.
>
> First problem:
> First of all: the port probing part of ShieldsUp tells me that my ports:
21,
> 25, 80, 110 and 443 are open.
> I am running services on these ports (ftp, smtp, pop3, and webmail) - but
> NPF2002 blocked this ports scan (the build-in autoblock on port scans).
> NPF2003 doesn't detect this scan at all!
>
> Second problem:
> i'm running a p2p-program (emule-client) and i get this firewall-log-entry
> every third second:
>
> TCP Syn Packet on non-listening port. Packet has been dropped
> Source IP address: 213.66.184.XX
> Destination IP address: server-i1(192.168.1.2)
> TCP Source Port: 2753
> TCP Destination Port: 4662
> TCP Message Flags: 0x00000002
>
> Third problem:
> In the log under "intrusion detection" i keep getting this log-entry every
> minute:
>
> Intrusion: Invalid Destination IP Address
> Intruder: server-i1(192.168.1.2)
> Risk Level: Low
> Source IP address: server-i1(192.168.1.2)
> Destination IP address: 0.0.7.132. This IP address is invalid.
> Protocol: TCP.
>
> Fourth problem:
> Emule-client can connect to servers, but very slow, and often i can only
> upload data. If i can connect to a server or other client using Emule, the
> download it less than 5% of my total download-bandwidth.
> Disconnecting the firewall solves this problem. Emule uses ports 4661-4665
> (TCP/UDP) and these are open on both local and remote ports. And the
program
> emule.exe is permitted all in the NPF2003 program-options.
>
>
> Can anyone explain or/and fix these problems. I did not have these
problems
> with NPF2002.
>
> Thanks
> Ture A.
>
> Just have to add that it's possible for me to play online games from a
> computer behind the firewall (have 3 computers - connecting to the server
> through seperate nic's. The server has the internet connection) with the
> firewall enabled. I could not do this before upgrading to NPF2002. I had
to
> create rules to let the traffic pass through to the other machines - or
> disable the firewall.
>
> Not a good sign :o(
>
>
>
>
>
>

First off, if you're using a p2p program behind the firewall and you're
complaining about ports being open, I'd reconsider. Still, contact Symantec
and ask. I still think, however, that your p2p program might have something
to do with it if it's "listening" on those ports (some work by "holding the
ports open")
If you're complaining about those ports that it's eating up, remember your
p2p program. It could be that.
Invalid Destination IP is the firewall is receiving stuff on an invalid IP
and it's protecting you by dropping the packets.
Lastly, if you're complaining about p2p program connectivity behind a
firewall, consider this: those two programs are almost opposites, since
firewalls are designed to keep people out, yet your p2p welcomes visitors to
download stuff from you. And, in a vague sense, p2p programs are a security
liability, but firewalls are a security asset. If I were you, I'd limit the
program to HTTP only (manually configure the rules) and create a second rule
underneath that for blocking all tcp and udp on all ports (i.e. you limit it
by only allowing http, then explicitely telling NPF to block the rest. This
is due to firewall rules being processed from top to bottom on the list).
If any further questions, contact Symantec.

---

• Next message: NeoSadist: "Re: Blocking IM servers"
• Previous message: NeoSadist: "Re: ICMP port 3"
• In reply to: Alsvik Ture: "Norton Personal Firewall 2003"
• Next in thread: Alsvik Ture: "Re: Norton Personal Firewall 2003"
• Reply: Alsvik Ture: "Re: Norton Personal Firewall 2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: IM Programs ... want to block these ports. ... you don't need an explicit deny for the other ports. ... Access-list 101 deny any tcp any any eq 5000 ... >Now, when applying these to your firewall, make sure the number ... (Security-Basics) Re: R2 DFS Replication failing ... Disabled the firewall and everything started magically working.. ... BTW: Found out the RPC patch is this one: ... System service name: DfsApplication protocol Protocol Ports ... NetBIOS Session Service TCP 139 ... (microsoft.public.windows.server.general) Re: Windows Firewall on Domain Controllers ... confgured for all the AD ports and you do some voodoo with RPC ports. ... Don't use firewall on a DC, use a diferent machine, if you can don't join ... Global Catalog Server TCP 3269 ... (microsoft.public.windows.server.active_directory) Re: Windows Firewall on Domain Controllers ... Are you talking about Windows 2003 or Windows XP? ... confgured for all the AD ports and you do some voodoo with RPC ports. ... Don't use firewall on a DC, use a diferent machine, if you can don't join ... Global Catalog Server TCP 3269 ... (microsoft.public.windows.server.active_directory) Re: R2 DFS Replication failing ... No don't open that range of ports. ... Try disabling the firewall and see if you are still getting this error, ... Microsoft MVP: Windows Server ... NetBIOS Session Service TCP 139 ... (microsoft.public.windows.server.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)