Jump to content

Incoming connection on 80 port


PeterEl

Recommended Posts

Hello!

My firewall outpost detected incoming connections on port 80 and blocked them.

I think that the router must block incoming connections on port 80, right? But it does not.

Please explain why this might be.

(i use windows xp)

176.57.209.48 - this SOURCE ADRESS, 192.168.1.100 - this TARGET adress.

Attached a screenshot.

wcnuw9.gif

Link to comment
Share on other sites


It depends by a number of factors.

Which router do you have?

How exactly it is setup?

Is NAT enabled?

And how it is set?

jaclaz

1) linksys e1500

2) permission for incoming connections on port 80 is not installed.

3) NAT is enabled

4) "And how it is set?" - what do you mean?

Link to comment
Share on other sites

You should maybe run

netstat -b

To see if you have anything besides your browsers or known clients accessing the internet.

I looked, all processes are known.

The question is still valid.

Edited by PeterEl
Link to comment
Share on other sites

Me accessing MSFN.ORG (the Port 80 one) through my router (my router address=192.168.8.17 - multiple ports):

I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones.... :unsure:

@PeterEl

I mean how exactly is NAT (or any other similar setting) set to?

From what I can see (not from the E1500 manual here: http://homesupport.cisco.com/en-eu/support/routers/E1500 which is pretty much "useless") but from the more "generic" one:

http://www.manualowl.com/m/Cisco/E1500/Manual/236876?page=40

There is no specific setting/page for NAT, and if you want to "expose" a device to the internet you need to put it in the DMZ.

The *whatever* that blocks (or should block) unwanted packets is seemingly SPI (Stateful Packet Inspection), but as well I cannot find any detailed settings guide, see also:

http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=349c2ccc3fb44e1b8878369cc84a56bb_KB_EN_v1.xml&pid=80&converted=0

See if this applies to your router (these are the kind of settings that might affect the possibility to "go through"):

http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0

jaclaz

Link to comment
Share on other sites

Me accessing MSFN.ORG (the Port 80 one) through my router (my router address=192.168.8.17 - multiple ports):

I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones.... :unsure:

@PeterEl

I mean how exactly is NAT (or any other similar setting) set to?

From what I can see (not from the E1500 manual here: http://homesupport.cisco.com/en-eu/support/routers/E1500 which is pretty much "useless") but from the more "generic" one:

http://www.manualowl.com/m/Cisco/E1500/Manual/236876?page=40

There is no specific setting/page for NAT, and if you want to "expose" a device to the internet you need to put it in the DMZ.

The *whatever* that blocks (or should block) unwanted packets is seemingly SPI (Stateful Packet Inspection), but as well I cannot find any detailed settings guide, see also:

http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=349c2ccc3fb44e1b8878369cc84a56bb_KB_EN_v1.xml&pid=80&converted=0

See if this applies to your router (these are the kind of settings that might affect the possibility to "go through"):

http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0

jaclaz

All security options on my router are turned on.

And i not use DMZ, it's disabled.

Link to comment
Share on other sites

I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones....
Yeah, a little goofy-looking. It appears that the Outbound are legitimate. Apparently, it's part of the communications cycle. Details of one (Symantec Firewall, BTW):

post-72994-0-25926200-1346167569_thumb.j

post-72994-0-87432300-1346167983_thumb.j

Edited by submix8c
Link to comment
Share on other sites

All security options on my router are turned on.

I will try again, are your settings EXACTLY like the ones on this page?

http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0

Does you router has other pages/settings?

How are they set?

Post a few screenshots of what you see (obviously removing personal information/private LAN Ip's etc).

And i not use DMZ, it's disabled.

Good. :)

BTW a possibility would be to go to a friend's house and try accessing your IP from the "outside", backtrack is the first tool/distro that comes to mind:

http://www.backtrack-linux.org/

This way you could have maybe an idea of what's going on.

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Well, as I gave the address of the (apparently) Hosting site, perhaps someone has inadervtently HARD-WIRED you "dynamic" address into THEIR website.

Again, I use NO-IP and have a dynamic IP which is updated occasionally to allow others to access it and had to give an INCOMING exception to Port 80 for my INTERNAL "fixed" IP address.

http://martin-entltd.no-ip.org/

(No longer valid - NOIP deleted it from my Account and it's "stuck" to unusable.)

?Something odd with that IP address... What happens with the above (mine)?

Edited by submix8c
Link to comment
Share on other sites

All security options on my router are turned on.

I will try again, are your settings EXACTLY like the ones on this page?

http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0

Does you router has other pages/settings?

How are they set?

Post a few screenshots of what you see (obviously removing personal information/private LAN Ip's etc).

And i not use DMZ, it's disabled.

Good. :)

BTW a possibility would be to go to a friend's house and try accessing your IP from the "outside", backtrack is the first tool/distro that comes to mind:

http://www.backtrack-linux.org/

This way you could have maybe an idea of what's going on.

jaclaz

All the same like this page http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0, but Filter Multicast is ON and Filter Internet NAT Redirection... - is ON.

Other settings in attached file ->router-settings-pic.rar

Link to comment
Share on other sites

From:

http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0

Filter Multicast – This feature blocks multicasting or the method of sending IP diagrams to a group of receivers in a single transmission. This option is set to Disabled by default. Select this option to enable filter multicasting.

NOTE: IP multicasting is widely used in enterprises, commercial stock exchanges and multimedia content delivery networks such as IPTV applications. If you do not use such applications, it is much advisable to keep this option disabled to protect your network from spoofing or Denial of Service (DoS) attacks.

It seems like "safe" is "disabled". :unsure:

Like many (most :unsure:) Cisco originated documentation is - to say the least - self referencing, I doubt Captain Obvious himself could have written a better article than:

http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=34da84c41ef2451e96dbc36f49b2f455_17372.xml&pid=80&converted=0

(please note how the title is "Definition of Filter Multicast and reasons to enable or disable it")

It is a very confusing matter:

http://homecommunity.cisco.com/t5/Wireless-Routers/Filter-Multicast/td-p/334178

but several sources (including the "default" settings) seem to imply that it should normally be disabled for increased security:

http://portforward.com/english/routers/firewalling/Cisco/Linksys-E1200/defaultguide.htm

jaclaz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...