Re: TCP/IP Filtering

From: dave (dave@netmedic.net)
Date: 10/22/02 

From: "dave" <dave@netmedic.net>
Date: Mon, 21 Oct 2002 19:09:49 -0700

Matt,

Thanks, but i want to use the OS and see what we can
accomplish.

Dave

>-----Original Message-----
>I would recommend you get a *real* software firewall,
what you are
>wanting to do is much easier in other products such as
norton personal
>firewall etc.
>
>dave kleiman wrote:
>> I have discovered (not sure if that is the right word)
an
>> interesting thing in reference to using TCP/IP
Filtering
>> on a W2000 client.
>>
>> I was attempting to setup my home system using the
built
>> in TCP/IP Filtering. I Allowed only Ports 25 Mail, 53
>> DNS, 67&68 DHCP, and 80&443 Internet.
>>
>> Well I found out that DNS returns to a client on a port
>>
>>>1024. So I picked the first 3 unassigned above 1024
>>
>> ports. Well that worked until the third time I opened
a
>> web browser (no DNS resolution). I looked with NETSTAT -
na
>> and found that it was now trying to use a port higher
than
>> the 3 I selected. I opened up 10 more >1024 ports.
Well
>> the worked till about the 7th time I opened the web
>> browser.
>>
>> I checked again it was now trying to use higher ports.
>> Well I continued this watching NETSTAT show that each
>> subsequent DNS request went up the above >1024 ladder.
>> The thing I could not figure out was how to
reset/release
>> the previously used ports.
>>
>> I waited for 24 hours, thinking it was a timeout issue,
>> and tried again it went up to the next port (not used
yet)
>>
>>>1024. I tried disabling and re-enabling the Interface,
>>
>> ipconfig /renew and /flushdns but it still new to go up
>> past the last >1024 port used.
>>
>> Rebooting the machine was the only way to start over.
Of
>> course examining again yielded the same results.
>>
>> Do you know a way to flush out the system to release or
>> reuse those same ports without rebooting?
>>
>> Thanks,
>>
>> Dave
>
>.
>

Relevant Pages

  • Re: TCP/IP Filtering
    ... I would recommend you get a *real* software firewall, ... I Allowed only Ports 25 Mail, ... > DNS, 67&68 DHCP, and 80&443 Internet. ... > Rebooting the machine was the only way to start over. ...
    (microsoft.public.win2000.security)
  • Re: WinXP cannot see network and internet
    ... > hi dave, thanks for your reply but first give you brief ... > three ports for new or old computers for new ... When I install the new XP computer to ... Does XP save some kind of MAC ...
    (microsoft.public.windowsxp.network_web)
  • Re: Too many COM ports used?
    ... I do appreciate your help but I don't think it's a hardware problem ... into the front set of ports but not the back set or vice versa. ... installed drivers for the COM ports. ... Dave Patrick ....Please no email replies - reply in newsgroup. ...
    (microsoft.public.windowsxp.general)
  • Re: under attack......
    ... Dave: Thanks for the image. ... | have no problem accessing the Internet. ... I have also set that blockage on ... | I know you are aware that Internet activity does not rely on ports 135 ~ ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Accessing com port with Sax Communication control
    ... So if can't open multiple ports with the single control at the same time, ... "Dave Baker" wrote: ...
    (microsoft.public.dotnet.languages.vb.controls)
Quantcast