How did these get past the firewall?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Running broadband, a US Robotics Wireless Turbo Access Point and Router,
and a PC with McAfee Personal Firewall Plus.

Looking at the McAfee firewall log, I see a few entries where an inbound
[1] source packet has attempted to communicate with a port inside the
PC. McAfee blocked these packets.

The US Robotics box is configured for NAT, and its internal firewall has
a default rule to drop all inbound traffic (except ping). To check that
the firewall is working properly, I have attempted to connect to the PC
from another PC over the Internet, and all attempts are blocked by the
firewall, as expected. There is no port forwarding or other mechanism
that overrides the firewall.

So how did the packets reported by McAfee get through the US Robotics

A clue (which I don't understand): nearly all the packets reported by
McAfee originate from well-known ports (119, 80, 443, 53), from servers
that I have already been in contact with.

Ideas anyone?

[1] By "inbound" I mean traffic that originates externally to the PC.


Re: How did these get past the firewall?

news kirjoitti:

Quoted text here. Click to load it


If they are UDP packets, the external box lets a few of them through,
because it has longer pinhole lifetime.

If they are TCP packets, they can occasionally get through after you
close a session or terminate an application. The internal filter knows
it immediately, but the external box waits till it sees the last packet.

-- Lassi

Site Timeline