Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Incoming connection on 80 port

- - - - -

  • Please log in to reply
16 replies to this topic

#1
PeterEl

PeterEl

    Newbie

  • Member
  • 17 posts
  • Joined 28-August 12
  • OS:none specified
  • Country: Country Flag
Hello!

My firewall outpost detected incoming connections on port 80 and blocked them.

I think that the router must block incoming connections on port 80, right? But it does not.

Please explain why this might be.
(i use windows xp)

176.57.209.48 - this SOURCE ADRESS, 192.168.1.100 - this TARGET adress.
Attached a screenshot.
Posted Image


How to remove advertisement from MSFN

#2
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,646 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag
It depends by a number of factors.

Which router do you have?
How exactly it is setup?
Is NAT enabled?
And how it is set?

jaclaz

#3
PeterEl

PeterEl

    Newbie

  • Member
  • 17 posts
  • Joined 28-August 12
  • OS:none specified
  • Country: Country Flag

It depends by a number of factors.

Which router do you have?
How exactly it is setup?
Is NAT enabled?
And how it is set?

jaclaz


1) linksys e1500
2) permission for incoming connections on port 80 is not installed.
3) NAT is enabled
4) "And how it is set?" - what do you mean?

#4
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,369 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag
Me accessing MSFN.ORG (the Port 80 one) through my router (my router address=192.168.8.17 - multiple ports):

Attached Files


Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#5
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,958 posts
  • Joined 28-April 06
  • OS:Server 2012
  • Country: Country Flag

Donator

You should maybe run

netstat -b

To see if you have anything besides your browsers or known clients accessing the internet.
MSFN RULES | GimageX HTA for PE 3-5 | lol probloms
tpxmsfn1_zps393339c1.jpg

#6
PeterEl

PeterEl

    Newbie

  • Member
  • 17 posts
  • Joined 28-August 12
  • OS:none specified
  • Country: Country Flag

You should maybe run

netstat -b

To see if you have anything besides your browsers or known clients accessing the internet.


I looked, all processes are known.

The question is still valid.

Edited by PeterEl, 28 August 2012 - 09:00 AM.


#7
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,369 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag
Can't disagree. The IP in your screenshot seems to indicate a Russian website that's being accessed.

edit - ULP! Is that YOUR External IP address?
http://jaguar.timewe...rror_domain.htm

Edited by submix8c, 28 August 2012 - 09:01 AM.

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#8
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,369 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag
???
http://en.timeweb.ru/support/faq/
If that's YOUR IP address, maybe you've set up a Web Server? I have one on my PC (via "no-ip") and had to make "exceptions" to allow folks to access it.

edit - (stupid me... I made a second post...)

Edited by submix8c, 28 August 2012 - 09:14 AM.

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#9
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,646 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

Me accessing MSFN.ORG (the Port 80 one) through my router (my router address=192.168.8.17 - multiple ports):

I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones.... :unsure:

@PeterEl
I mean how exactly is NAT (or any other similar setting) set to?
From what I can see (not from the E1500 manual here: http://homesupport.c...t/routers/E1500 which is pretty much "useless") but from the more "generic" one:
http://www.manualowl.../236876?page=40
There is no specific setting/page for NAT, and if you want to "expose" a device to the internet you need to put it in the DMZ.
The *whatever* that blocks (or should block) unwanted packets is seemingly SPI (Stateful Packet Inspection), but as well I cannot find any detailed settings guide, see also:
http://www6.nohold.n...=80&converted=0
See if this applies to your router (these are the kind of settings that might affect the possibility to "go through"):
http://www6.nohold.n...d=8&converted=0


jaclaz

#10
PeterEl

PeterEl

    Newbie

  • Member
  • 17 posts
  • Joined 28-August 12
  • OS:none specified
  • Country: Country Flag


Me accessing MSFN.ORG (the Port 80 one) through my router (my router address=192.168.8.17 - multiple ports):

I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones.... :unsure:

@PeterEl
I mean how exactly is NAT (or any other similar setting) set to?
From what I can see (not from the E1500 manual here: http://homesupport.c...t/routers/E1500 which is pretty much "useless") but from the more "generic" one:
http://www.manualowl.../236876?page=40
There is no specific setting/page for NAT, and if you want to "expose" a device to the internet you need to put it in the DMZ.
The *whatever* that blocks (or should block) unwanted packets is seemingly SPI (Stateful Packet Inspection), but as well I cannot find any detailed settings guide, see also:
http://www6.nohold.n...=80&converted=0
See if this applies to your router (these are the kind of settings that might affect the possibility to "go through"):
http://www6.nohold.n...d=8&converted=0


jaclaz


All security options on my router are turned on.
And i not use DMZ, it's disabled.

#11
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,369 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones....

Yeah, a little goofy-looking. It appears that the Outbound are legitimate. Apparently, it's part of the communications cycle. Details of one (Symantec Firewall, BTW):

Attached Files


Edited by submix8c, 28 August 2012 - 09:33 AM.

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#12
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,646 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

All security options on my router are turned on.

I will try again, are your settings EXACTLY like the ones on this page?
http://www6.nohold.n...d=8&converted=0
Does you router has other pages/settings?
How are they set?
Post a few screenshots of what you see (obviously removing personal information/private LAN Ip's etc).

And i not use DMZ, it's disabled.

Good. :)

BTW a possibility would be to go to a friend's house and try accessing your IP from the "outside", backtrack is the first tool/distro that comes to mind:
http://www.backtrack-linux.org/
This way you could have maybe an idea of what's going on.


jaclaz

Edited by jaclaz, 28 August 2012 - 09:46 AM.


#13
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,369 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag
Well, as I gave the address of the (apparently) Hosting site, perhaps someone has inadervtently HARD-WIRED you "dynamic" address into THEIR website.

Again, I use NO-IP and have a dynamic IP which is updated occasionally to allow others to access it and had to give an INCOMING exception to Port 80 for my INTERNAL "fixed" IP address.

http://martin-entltd.no-ip.org/
(No longer valid - NOIP deleted it from my Account and it's "stuck" to unusable.)

?Something odd with that IP address... What happens with the above (mine)?

Edited by submix8c, 07 April 2013 - 02:00 PM.

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#14
PeterEl

PeterEl

    Newbie

  • Member
  • 17 posts
  • Joined 28-August 12
  • OS:none specified
  • Country: Country Flag


All security options on my router are turned on.

I will try again, are your settings EXACTLY like the ones on this page?
http://www6.nohold.n...d=8&converted=0
Does you router has other pages/settings?
How are they set?
Post a few screenshots of what you see (obviously removing personal information/private LAN Ip's etc).

And i not use DMZ, it's disabled.

Good. :)

BTW a possibility would be to go to a friend's house and try accessing your IP from the "outside", backtrack is the first tool/distro that comes to mind:
http://www.backtrack-linux.org/
This way you could have maybe an idea of what's going on.


jaclaz


All the same like this page http://www6.nohold.n...d=8&converted=0, but Filter Multicast is ON and Filter Internet NAT Redirection... - is ON.
Other settings in attached file ->Attached File  router-settings-pic.rar   214.49KB   4 downloads

#15
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,646 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

All the same like this page http://www6.nohold.n...d=8&converted=0, but Filter Multicast is ON and Filter Internet NAT Redirection... - is ON.

From:
http://www6.nohold.n...d=8&converted=0

Filter Multicast – This feature blocks multicasting or the method of sending IP diagrams to a group of receivers in a single transmission. This option is set to Disabled by default. Select this option to enable filter multicasting.

NOTE: IP multicasting is widely used in enterprises, commercial stock exchanges and multimedia content delivery networks such as IPTV applications. If you do not use such applications, it is much advisable to keep this option disabled to protect your network from spoofing or Denial of Service (DoS) attacks.


It seems like "safe" is "disabled". :unsure:

Like many (most :unsure:) Cisco originated documentation is - to say the least - self referencing, I doubt Captain Obvious himself could have written a better article than:
http://www6.nohold.n...=80&converted=0
(please note how the title is "Definition of Filter Multicast and reasons to enable or disable it")

It is a very confusing matter:
http://homecommunity...ast/td-p/334178
but several sources (including the "default" settings) seem to imply that it should normally be disabled for increased security:
http://portforward.c...efaultguide.htm


jaclaz

#16
PeterEl

PeterEl

    Newbie

  • Member
  • 17 posts
  • Joined 28-August 12
  • OS:none specified
  • Country: Country Flag
1) So, probably, better is leave the default settings...

2) Today I noticed a strange thing, when my computer was turned off and no one LAN port is no worked (not light) and no used, and WI-FI is turned off also, the WAN-port (internet) is BLINKED, but not often.
I use DHCP connect to internet - dynamic ip.

Is it normal? that WAN is blinked when i not use internet???? Why it could be?


Thanks everybody fo answers.

#17
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,646 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

Is it normal? that WAN is blinked when i not use internet???? Why it could be?

It may be perfectly normal :yes: , as an example your ISP might want to "know" if the modem is coneected and working, there could be people (not necessarily malicious) pinging/arping/whatever, you may be part of an (ISP assigned) subnet range and get broadcasted packets, and of course there are thousands (or tens or hundreds of thousands) compromised machines/botnets that are randomly pinging/probing the internet for open ports and the like :ph34r: .

jaclaz




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users