After recently having configured the new netgear wireless router for our home, there was a huge increase in the firewall alerts that I started getting. Every 2 seconds there would be a new alert. I withstood the annoyance for some time and then after fantasizing that this might be some malcode related activity, I fired up Wireshark and logged all packets from my computer.
I must add that the firewall alerts had a pattern. All alerts blocked were from a specific port on my computer to the router. The port which was associated with the alerts on my end was running svchost.exe. My firewall would block a Syn packet from my computer to the router's port x and then after a second or two would block a similar packet to port x+1 and so on.
Looking at the packet capture files, I noticed that these connections had something to do with UPnP. Once I determined that, the rest was easy. I realised that I had to turn off the UPnP feature on the router to stop all the unecessary alerts. After doing that my poor stressed out firewall had some relief at last !!
,
,
Thursday, October 19, 2006
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment