Re: Firewall settings to allow "Windows Updates"

From: Don Kelloway (dkelloway_at_commodon.com)
Date: 09/30/04

• Next message: morganlast: "are these copies of svchost.exe legitimate"
• Previous message: Don Kelloway: "Re: Blocking AOL for Broadband and NOT AIM"
• In reply to: Brendan DJ Murphy: "Firewall settings to allow "Windows Updates""
• Next in thread: Jordan: "Re: Firewall settings to allow "Windows Updates""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 30 Sep 2004 00:22:38 GMT

"Brendan DJ Murphy" <brendan@cpac.REMOVE.org.uk> wrote in message
news:cje5u5$ps$1$8302bc10@news.demon.co.uk...
> I'm in the process of tightning up my firewall settings.
> I use Kerio Firewall 2.1.5
>
> Up until recently, I had an "Allow" rule as follows:
>
> Protocol TCP(Out)
> Local Port: Any
> Remote address: Any
> Remote Port: 80,443
> Application: c:\.....\svchost.exe
>
> This was to allow the Windows Update to work.
>
> I'd rather tie it down to specific remote IP address, but they keep
> changing.
>
> Is there a definitive list (or range) of Ip address that I should use
> instead?
>
> Brendan
>
>

Allow TCP ports 80 and 443 as well as ActiveX to the IP's associated with
'windowsupdate.microsoft.com' and to 'v5.windowsupdate.microsoft.com'.
According to DNS the 'A' records define these IP's as follows:

Answer Section:
    windowsupdate.microsoft.com, CNAME, windowsupdate.microsoft.nsatc.net
    windowsupdate.microsoft.nsatc.net, A, 207.46.249.56
    windowsupdate.microsoft.nsatc.net, A, 207.46.249.57

Answer Section:
    v5.windowsupdate.microsoft.com, CNAME,
v5windowsupdate.microsoft.nsatc.net
    v5windowsupdate.microsoft.nsatc.net, A, 64.4.23.156
    v5windowsupdate.microsoft.nsatc.net, A, 207.46.156.88
    v5windowsupdate.microsoft.nsatc.net, A, 207.46.244.252

-- 
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security 
on the Internet". 

---

• Next message: morganlast: "are these copies of svchost.exe legitimate"
• Previous message: Don Kelloway: "Re: Blocking AOL for Broadband and NOT AIM"
• In reply to: Brendan DJ Murphy: "Firewall settings to allow "Windows Updates""
• Next in thread: Jordan: "Re: Firewall settings to allow "Windows Updates""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Remote access to my Windows XP home edtition computer ... no firewall settings (like with Remote Desktop and VNC ... Logmein uses http ... on port 80 and https on port 443 when no other ports are available. ... easy and simple enough for anyone to use for remote PC ... (microsoft.public.windowsxp.work_remotely) Re: Unable to Connect to Server/Client Desktop using RWW ... Port 4125 only needs to be forwarded to the external NIC IP address on your ... SBS server. ... When a remote user cannot connect, asre there any errors listed in the event ... logs of the SBS server or of the target LAN workstation? ... (microsoft.public.backoffice.smallbiz) Re: Remote Desktop ... I've gone to http://www.canyouseeme.org on the remote computer and it can ... Not sure if the modem is actually a router. ... As for port forwarding in my router, I've typed in 3389 for the ... Al Jarvi (MS-MVP Windows Networking) ... (microsoft.public.windowsxp.network_web) Re: Deny rules... ... all times i could port scan and get to see port 80 (as that is the only ... No remote SysAdmin should be doing anything ... > If you are writing code to populate a Client set, ... >>I have few outside servers to connect from to my servers ... (microsoft.public.isa) [NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana) ... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ... (Securiteam)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)