This may be a daft question ...

Discussion in 'Home Networking' started by Mike Faithfull, Jul 17, 2003.

  1. .... but I've just been looking at my firewall log file (Windows XP Home
    Edition V5.1 + Service Pack 1) and noticed that I have several groups of
    'dropped packets' from 217.39.173.231. 'Whois' tells me this is a BT Public
    Internet Service address - my ISP is NTL and I'm connected via NTL cable.
    So why would a BT server somewhere be wanting to talk to my PC in such a
    manner that the Firewall disallows it? (You can probably tell I have just
    slightly less knowledge than is required to be dangerous ... !)
     
    Mike Faithfull, Jul 17, 2003
    #1
    1. Advertisements

  2. Mike Faithfull

    Groove Guest

    Mike Faithfull said this...
    Hi Mike. What sort of firewall are you running? Is it possible to give any
    further information from the log such as local and remote port numbers?
    It could be malicious or it may just be background noise, it's impossible
    to tell without more detailed info.
     
    Groove, Jul 17, 2003
    #2
    1. Advertisements

  3. It's the one built in to XP. It produces a log file called pfirewall.log
    that captures certain events. Here's an entry ...

    DROP TCP 217.39.173.231 213.104.104.35 4619 1433 48 S 1858592789 0 16384

    According to the headings, the data represents:

    action, protocol, source IP, destination IP, source port, destination port,
    size, tcpflags, tcpsyn, tcpack, tcpwin

    I have had similar entries (dropped packets, I mean, I don't know about the
    other numbers) from strange places like Poland, Slovenia and Japan.
     
    Mike Faithfull, Jul 17, 2003
    #3
  4. Mike Faithfull

    Groove Guest

    Mike Faithfull said this...
    If I read this correctly, this is something tapping at your port 1433. IIRC
    there was a worm a while back that used this port. However, the dropped
    packet is good, your firewall is not allowing access,
    Hopefully there are wiser heads than mine that can add to this thread, but
    in the meantime I would recommend you look at a "proper" firewall for your
    system. The xp built-in firewall is very limited in function.
     
    Groove, Jul 17, 2003
    #4
  5. Mike Faithfull

    Rob Morley Guest

    Port 1433 is used by MS SQL Server, so if you're not running that you
    needn't worry anyway. It's quite likely that a BTOpenworld customer
    (unknowingly) has a worm that is trying to exploit a known vulnerability
    in MS SQL Server.
    You will see dropped packets whenever something "outside" attempts to
    initiate a connection to your machine - any time the firewall thinks
    that the packets it receives aren't part of an exchange that you
    initiated. They are a result of worms, hackers, badly configured
    networks, buggy software ... if they're not getting in you don't need to
    worry about them too much.
     
    Rob Morley, Jul 17, 2003
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.