Do I block access from svchost to DHCP?

From time to time I get this message from my Sygate firewall.
Should I let this program through?

"Generic Host Process for Win32 Services (svchost.exe)
is trying to connect to [62.255.64.20] using remote
port 67 (BOOTPS - Dynamic Host Configuration Protocol
[DHCP] Server). Do you want to allow this program to
access the network?"

This is my setup:

1. I use WinXP + SP1 at home.
2. My broadband ISP is NTL Cable
3. I connect direct to my ISP am am not part of a network.
4. I have disabled XP's firewall and use only Sygate firewall.

To my untutored eye it seems like a good thing to allow this and let
svchost on PC communicate with what I think is my ISP's DHCP server.

However this web page says I should completely block svchost.exe in
Sygate. http://www.howtodothings.com/ViewArt...spx?Article=51

Who is right?

Mister C wrote:

> From time to time I get this message from my Sygate firewall.
> Should I let this program through?
>
> "Generic Host Process for Win32 Services (svchost.exe)
> is trying to connect to [62.255.64.20] using remote
> port 67 (BOOTPS - Dynamic Host Configuration Protocol
> [DHCP] Server). Do you want to allow this program to
> access the network?"
>
> This is my setup:
>
> 1. I use WinXP + SP1 at home.
> 2. My broadband ISP is NTL Cable
> 3. I connect direct to my ISP am am not part of a network.
> 4. I have disabled XP's firewall and use only Sygate firewall.
>
> To my untutored eye it seems like a good thing to allow this and let
> svchost on PC communicate with what I think is my ISP's DHCP server.
>
> However this web page says I should completely block svchost.exe in
> Sygate. http://www.howtodothings.com/ViewArt...spx?Article=51
>
> Who is right?

It sounds like this is you dhcp client. I would not advise blocking that!

Michael

On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
> From time to time I get this message from my Sygate firewall.
> Should I let this program through?
>
> "Generic Host Process for Win32 Services (svchost.exe)
> is trying to connect to [62.255.64.20] using remote
> port 67 (BOOTPS - Dynamic Host Configuration Protocol
> [DHCP] Server). Do you want to allow this program to
> access the network?"
>
> This is my setup:
>
> 1. I use WinXP + SP1 at home.

Hmmm, missing lots of updates there. Poor security practice.

> 2. My broadband ISP is NTL Cable

Well that explains it.
nslookup 62.255.64.20
shows name = dhcp1-popl.server.ntli.net.

> 3. I connect direct to my ISP am am not part of a network.

You are part of NTL cable network and your node gets it's ip address
from NTLI's DHCP server. Your DHCP client and their DHCP server chat with each
other through ports 67,68 to get/renew your DHCP assigned ip address.

Mister C wrote:
> From time to time I get this message from my Sygate firewall.
> Should I let this program through?
>
> "Generic Host Process for Win32 Services (svchost.exe)
> is trying to connect to [62.255.64.20] using remote
> port 67 (BOOTPS - Dynamic Host Configuration Protocol
> [DHCP] Server). Do you want to allow this program to
> access the network?"

62.255.64.20 is an NTL DHCP server, so this is completely normal and
should be allowed. If you block it, your PC may have difficulty
obtaining or renewing a DHCP lease, which will cause you to lose your
internet connection.

> This is my setup:
>
> 1. I use WinXP + SP1 at home.

You're pretty behind with your security updates. I'd highly recommend
you head over to Windows Update asap.

> However this web page says I should completely block svchost.exe in
> Sygate. http://www.howtodothings.com/ViewArt...spx?Article=51

That website doesn't appear to exist at the moment, but if it's
suggesting you block svchost.exe from contacting your DHCP server then
it would seem to be talking bollocks.

In article <(E-Mail Removed)>,
Bit Twister <(E-Mail Removed)> wrote:
:On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
:> This is my setup:

:> 1. I use WinXP + SP1 at home.

:Hmmm, missing lots of updates there. Poor security practice.

As best I (not a Windows expert!) can tell, Microsoft is making
security patches available for both SP1 and SP2 at present.
Is there a significant security difference between fully-patched SP1
and fully-patched SP2?

I was running SP2 but there was something that wasn't working that
did work under SP1 that I installed on a different partition. If
one cannot effectively run one's system with SP2 but can with SP1,
then is it truly "good security practice" to upgrade to the version
that is functionally unusable under the local circumstances?

If so, then would it not be even better security practice to upgrade
to Windows HP -- a version of Windows that consists of nothing other
than repeated processor HALT instructions, to keep the system from
running anything at all ?
--
Oh, to be a Blobel!

From: "Walter Roberson" <(E-Mail Removed)>

| In article <(E-Mail Removed)>,
| Bit Twister <(E-Mail Removed)> wrote:
| :On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
| :> This is my setup:
|
| :> 1. I use WinXP + SP1 at home.
|
| :Hmmm, missing lots of updates there. Poor security practice.
|
| As best I (not a Windows expert!) can tell, Microsoft is making
| security patches available for both SP1 and SP2 at present.
| Is there a significant security difference between fully-patched SP1
| and fully-patched SP2?
|
| I was running SP2 but there was something that wasn't working that
| did work under SP1 that I installed on a different partition. If
| one cannot effectively run one's system with SP2 but can with SP1,
| then is it truly "good security practice" to upgrade to the version
| that is functionally unusable under the local circumstances?
|
| If so, then would it not be even better security practice to upgrade
| to Windows HP -- a version of Windows that consists of nothing other
| than repeated processor HALT instructions, to keep the system from
| running anything at all ?
| --
| Oh, to be a Blobel!

There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
available for Win9x/ME and Win2K.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On 14 Jun 2005 20:03:56 GMT, Walter Roberson wrote:
> In article <(E-Mail Removed)>,
> Bit Twister <(E-Mail Removed)> wrote:
>:On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
>:> This is my setup:
>
>:> 1. I use WinXP + SP1 at home.
>
>:Hmmm, missing lots of updates there. Poor security practice.
>
> As best I (not a Windows expert!) can tell, Microsoft is making
> security patches available for both SP1 and SP2 at present.

(not a Windows expert either) but I would bet they are not.

> Is there a significant security difference between fully-patched SP1
> and fully-patched SP2?

Then why make a SP2.

> I was running SP2 but there was something that wasn't working that
> did work under SP1 that I installed on a different partition.

See there is a difference between SP1 and SP2. I would guess sp2 closed
a security flaw on a system call used by the defunct application.
Could have been an update to make a system call argument mandatory
which is not provided in the failing application causing it to fail.

> If one cannot effectively run one's system with SP2 but can with
> SP1, then is it truly "good security practice" to upgrade to the
> version that is functionally unusable under the local circumstances?

You might want to read the above sentence out loud.

Having an unpatched system is negligent.

Let's say someone uses your unpatched system to steal credit cards and
sells them using your system. Do you think, "but, but, judge, I
installed a patch and I could not run one of my applications so I
backed out the patch." is going to keep you out of jail.

> If so, then would it not be even better security practice to upgrade
> to Windows HP -- a version of Windows that consists of nothing other
> than repeated processor HALT instructions, to keep the system from
> running anything at all ?

Now you are just being stupid.
http://www.eeye.com/html/research/upcoming/

My solution was to install Mandrive/Mandrake linux.

In article <(E-Mail Removed)>,
Bit Twister <(E-Mail Removed)> wrote:
:Having an unpatched system is negligent.

:Let's say someone uses your unpatched system to steal credit cards and
:sells them using your system. Do you think, "but, but, judge, I
:installed a patch and I could not run one of my applications so I
:backed out the patch." is going to keep you out of jail.

In your strawman argument, are you speaking in terms of being
convicted of "negligence" or of being convicted as if you were yourself
the perpetrator of the credit card trafficing?

My Windows XP SP1 system is behind a firewall that is configured to
disallow incoming connections, and is patched with the latest SP1
patches (well, before the ones released earlier today.) A finding
of "negligence" is unlikely in such a matter.


Microsoft has a list of "Top 10 Reasons to Install Windows XP
Service Pack 2",
http://www.microsoft.com/windowsxp/sp2/topten.mspx

Reasons #1 thru 4, and 8 thru 10 have to do with products such
as Internet Explorer and Outlook that I do not run.

Reason 5 has to do with the Windows Firewall -- unnecessary for
someone who has a real firewall.

Reason 6 is the convenience of the Windows Security Centre. Being
able to "manage key security settings in one convenient place" is
not exactly at the top of my list of must-have security features.

Reason 7 is enhancements to Windows Automatic Updates. I have my
system set to notify me of updates, which I then examine first
-before- blindly installing.


If you examine the list of "Key Security Technologies" for SP2,
http://www.microsoft.com/windowsxp/s...soverview.mspx
you will not find much of interest to someone who runs their own
firewall and doesn't use IE or OE.
--
"Never install telephone wiring during a lightning storm." -- Linksys

In article <N7Hre.8307$2K4.4103@trnddc08>,
David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
:From: "Walter Roberson" <(E-Mail Removed)>

:| Is there a significant security difference between fully-patched SP1
:| and fully-patched SP2?

:There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
:available for Win9x/ME and Win2K.

David, I've re-read your sentance several times, but I am having
difficulty in parsing it. Are you saying that IE6/OE6 SP2 is available
for XP SP2 but not for XP SP1? I am thrown a bit by the
9x/ME and 2K reference ?

If one does not use IE6 nor OE, are the differences relevant?

--
Feep if you love VT-52's.

On 14 Jun 2005 21:02:37 GMT, Walter Roberson wrote:
>
> In your strawman argument, are you speaking in terms of being
> convicted of "negligence"

The site cracked could go the negligence route asking for damages.

> or of being convicted as if you were yourself
> the perpetrator of the credit card trafficing?

That is what is going to cost you the big lawyer bucks to get out of
going to prison.

> My Windows XP SP1 system is behind a firewall that is configured to
> disallow incoming connections,

Depending on what kind of firewall, that is a good first step.
SP1 patched systems were getting cracked in about 4 minutes after
connected to the net.

> and is patched with the latest SP1
> patches (well, before the ones released earlier today.) A finding
> of "negligence" is unlikely in such a matter.

Would guess the cracked site's lawyer would be pushing the fact that
you do not have all updates (SP2) installed so it is negligence.

> Microsoft has a list of "Top 10 Reasons to Install Windows XP
> Service Pack 2",

I seriously doubt MS would publish that SP2 fixes unpatched problems in SP1.
I wonder why MS thought about forcing SP2 or disallow any updates at
one point in time.

> If you examine the list of "Key Security Technologies" for SP2,
> http://www.microsoft.com/windowsxp/s...soverview.mspx
> you will not find much of interest to someone who runs their own
> firewall and doesn't use IE or OE.

Well there is my point. Based on that, there should be no reason for
your application to not run on SP2.
After all, sp2 just fixed a few applications.