Jump to content

IP blocking (incoming)


Recommended Posts

Two days ago my friend switched ISPs from DSL to cable. The DSL modem had a NAT firewall, the cable modem does not.

She is running XP SP3 with the windows firewall.

Yesterday and again today, she woke up to find MBAM had blocked two different IP addresses (one per day). I looked the addresses up and one was from China, the other New Zealand. Under type, both IP addresses were incoming.

A quick scan with MBAM comes up clean as does a full scan with KAV.

MBAM is not blocking any IP addresses outgoing.

This never occurred until she changed modems and lost the NAT firewall.

How could these IP probes get past the windows firewall? Or does MBAM catch incoming traffic before it hits the windows firewall?

Thanks!

Link to post
Share on other sites

Greetings :)

MBAM doesn't block IP's before the Windows Firewall does so for some reason they're getting through. It may have to do with the settings for the firewall itself. Info on how to control the firewall in Windows XP can be found here as well as here. If you continue to have issues with such incoming connections then I'd recommend contacting Microsoft Support.

Link to post
Share on other sites

Thanks very much for your reply, including the links!

From what I can tell, I have her Windows Firewall configured properly. I have "Don't allow exceptions" checked and have unchecked everything on the Exceptions tab. There really isn't much to this firewall as far as configuration.

I think the best route now is to pick her up a router with a SPI firewall built-in. This should solve this rather puzzling issue.

Thanks again for your help, I am quite grateful. :)

Link to post
Share on other sites

I disabled all exceptions just before she made the ISP change because she was losing the NAT firewall.

Once she gets a router (hopefully today), I will heed your advice and allow exceptions.

Thanks so much for your input. I love MBAM and it means so much to be able to come here and get valuable advice. :)

Link to post
Share on other sites

You should be OK as long as you have it set to allow exceptions and prompt you when a program requests internet access. That's the default setting for the firewall and you should be fine as long as you allow the programs that require access such as your antivirus (if prompted), your instant messaging client if you use one etc.

Link to post
Share on other sites

Router purchased and setup Sunday.

I have also set the Windows Firewall exactly as you've recommended.

Fingers are crossed this solves the problem for her. Have you ever heard of traffic slipping past the Windows Firewall (incoming) on a non-infected PC?

The plan was to buy a router during the Black Friday sales but thankfully MBAM alerted us that she needed a router now!

Link to post
Share on other sites

One of the first things I did when she changed ISPs was run Shields Up. I scanned All Service Ports and everything showed as stealth. I believe this only scans the first 1056 TCP ports though.

I still have a lingering question. If I had "Don't allow exceptions" checked, shouldn't that close all ports?

I know we are getting off topic here so I will end with that last question.

Thanks once more for your help!

Link to post
Share on other sites

I think I will just leave things as they are as my friend does not like change, she just wants me to help keep her computer secure. I don't want the Windows Firewall popping up and telling her it has blocked a program and asking her what she wants to do. She would not be comfortable with that.

She has reported no more IP blocking alerts since I connected the router so she is happy.

Thanks so much for your help, it is greatly appreciated. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.