Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Allow or Block ?


  • Please log in to reply
4 replies to this topic

#1 apples

apples

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Location:Virginia but my Heart belongs 2 Jersey
  • Local time:09:13 PM

Posted 17 April 2005 - 05:12 PM

Hi,

I have installed a new firewall and am having trouble trying to figure out what to allow and what to block. The descriptions given really don't help. I have highlighted two in particular. I have tried to search out on the net but can't seem to finds anything that makes any sense. I am assuming its from my network (Home) - I hope :thumbsup:
I also get an "NDIS user mode i/o is trying to access the internet" - I have this in a temproray block until I can find out more.

I am using an xp system.

Thanks in advance :flowers:


4/17/2005 5:51:53 PM Allowed 10 Incoming UDP 192.168.0.101 00-10-B5-5B-D8-D2 138 192.168.0.255 FF-FF-FF-FF-FF-FF 138 C:\WINDOWS\system32\ntoskrnl.exe Owner PAIN Normal 1 4/17/2005 5:51:44 PM 4/17/2005 5:51:44 PM GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP

4/17/2005 5:40:43 PM Allowed 10 Outgoing TCP g.msn.com [65.54.195.188] 00-11-95-01-A6-50 80 192.168.0.100 00-40-2B-6C-00-4F 1064 C:\Program Files\MSN Toolbar Suite\AU\02.00.0001.1203\en-us\msnappau.exe Owner PAIN Normal 1 4/17/2005 5:39:40 PM 4/17/2005 5:39:40 PM Ask all running apps

4/17/2005 5:40:43 PM Allowed 10 Outgoing TCP download.windowsupdate.com [209.18.34.38] 00-11-95-01-A6-50 80 192.168.0.100 00-40-2B-6C-00-4F 1061 C:\Program Files\MSN Toolbar Suite\AU\02.00.0001.1203\en-us\msnappau.exe Owner PAIN Normal 1 4/17/2005 5:39:40 PM 4/17/2005 5:39:40 PM Ask all running apps

4/17/2005 5:40:21 PM Allowed 10 Incoming UDP 192.168.0.101 00-10-B5-5B-D8-D2 137 192.168.0.255 FF-FF-FF-FF-FF-FF 137 C:\WINDOWS\system32\ntoskrnl.exe Owner PAIN Normal 3 4/17/2005 5:39:13 PM 4/17/2005 5:39:15 PM GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP


4/17/2005 5:40:21 PM Blocked 10 Incoming UDP 192.168.0.101 00-10-B5-5B-D8-D2 137 192.168.0.255 FF-FF-FF-FF-FF-FF 137 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Owner PAIN Normal 2 4/17/2005
5:39:13 PM 4/17/2005 5:39:15 PM Ask all running apps

4/17/2005 5:40:15 PM Allowed 10 Incoming UDP 192.168.0.101 00-10-B5-5B-D8-D2 138 192.168.0.255 FF-FF-FF-FF-FF-FF 138 C:\WINDOWS\system32\ntoskrnl.exe Owner PAIN Normal 1 4/17/2005 5:39:13 PM 4/17/2005 5:39:13 PM GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP

4/17/2005 5:40:15 PM Blocked 10 Incoming UDP 192.168.0.101 00-10-B5-5B-D8-D2 138 192.168.0.255 FF-FF-FF-FF-FF-FF 138 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Owner PAIN Normal 1 4/17/2005 5:39:13 PM 4/17/2005 5:39:13 PM Ask all running apps

4/17/2005 5:40:15 PM Allowed 10 Outgoing TCP v5.windowsupdate.microsoft.com [64.4.23.220] 00-11-95-01-A6-50 443 192.168.0.100 00-40-2B-6C-00-4F 1059 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:39:10 PM 4/17/2005 5:39:10 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:40:15 PM Allowed 10 Outgoing TCP 192.168.0.1 00-11-95-01-A6-50 5678 192.168.0.100 00-40-2B-6C-00-4F 1057 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 3 4/17/2005 5:39:03 PM 4/17/2005 5:39:12 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:40:09 PM Allowed 10 Outgoing TCP download.windowsupdate.com [4.78.212.62] 00-11-95-01-A6-50 80 192.168.0.100 00-40-2B-6C-00-4F 1056 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:39:06 PM 4/17/2005 5:39:06 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:40:09 PM Allowed 10 Outgoing TCP v5.windowsupdate.microsoft.com [64.4.23.220] 00-11-95-01-A6-50 80 192.168.0.100 00-40-2B-6C-00-4F 1058 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:39:06 PM 4/17/2005 5:39:06 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:40:09 PM Allowed 10 Outgoing TCP 192.168.0.1 00-11-95-01-A6-50 5678 192.168.0.100 00-40-2B-6C-00-4F 1055 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:39:05 PM 4/17/2005 5:39:05 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:40:09 PM Allowed 10 Outgoing TCP download.windowsupdate.com [209.18.34.38] 00-11-95-01-A6-50 80 192.168.0.100 00-40-2B-6C-00-4F 1053 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:39:05 PM 4/17/2005 5:39:05 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:40:09 PM Allowed 10 Outgoing TCP download.windowsupdate.com [209.18.34.40] 00-11-95-01-A6-50 80 192.168.0.100 00-40-2B-6C-00-4F 1054 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:39:05 PM 4/17/2005 5:39:05 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:39:58 PM Blocked 10 Incoming TCP 192.168.0.1 00-11-95-01-A6-50 4204 192.168.0.100 00-40-2B-6C-00-4F 2869 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 2 4/17/2005 5:38:50 PM 4/17/2005 5:38:56 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCPLOCAL#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:39:58 PM Allowed 10 Outgoing TCP 192.168.0.1 00-11-95-01-A6-50 5678 192.168.0.100 00-40-2B-6C-00-4F 1052 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:38:56 PM 4/17/2005 5:38:56 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:39:58 PM Allowed 10 Outgoing TCP 192.168.0.1 00-11-95-01-A6-50 5678 192.168.0.100 00-40-2B-6C-00-4F 1051 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:38:56 PM 4/17/2005 5:38:56 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:39:58 PM Allowed 10 Outgoing TCP 192.168.0.1 00-11-95-01-A6-50 5678 192.168.0.100 00-40-2B-6C-00-4F 1050 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:38:56 PM 4/17/2005 5:38:56 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:39:58 PM Allowed 10 Outgoing TCP 192.168.0.1 00-11-95-01-A6-50 5678 192.168.0.100 00-40-2B-6C-00-4F 1049 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:38:56 PM 4/17/2005 5:38:56 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:39:58 PM Allowed 10 Outgoing UDP 192.168.0.255 FF-FF-FF-FF-FF-FF 138 192.168.0.100 00-40-2B-6C-00-4F 138 C:\WINDOWS\system32\ntoskrnl.exe Owner PAIN Normal 5 4/17/2005 5:36:58 PM 4/17/2005 5:38:57 PM GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP

4/17/2005 5:39:58 PM Blocked 10 Incoming UDP 192.168.0.100 00-40-2B-6C-00-4F 138 192.168.0.255 FF-FF-FF-FF-FF-FF 138 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Owner PAIN Normal 2 4/17/2005 5:38:43 PM 4/17/2005 5:38:57 PM Ask all running apps

4/17/2005 5:39:58 PM Allowed 10 Incoming UDP 192.168.0.100 00-40-2B-6C-00-4F 138 192.168.0.255 FF-FF-FF-FF-FF-FF 138 C:\WINDOWS\system32\ntoskrnl.exe Owner PAIN Normal 5 4/17/2005 5:36:58 PM 4/17/2005 5:38:57 PM GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP

4/17/2005 5:39:53 PM Blocked 10 Incoming TCP 192.168.0.1 00-11-95-01-A6-50 4204 192.168.0.100 00-40-2B-6C-00-4F 2869 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Owner PAIN Normal 2 4/17/2005 5:38:25 PM 4/17/2005 5:38:50 PM Ask all running apps

4/17/2005 5:39:47 PM Blocked 10 Incoming TCP 192.168.0.1 00-11-95-01-A6-50 4203 192.168.0.100 00-40-2B-6C-00-4F 2869 C:\WINDOWS\system32\svchost.exe Owner PAIN Normal 1 4/17/2005 5:38:45 PM 4/17/2005 5:38:45 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCPLOCAL#C:\WINDOWS\System32\svchost.exe

4/17/2005 5:39:08 PM Blocked 10 Incoming UDP 192.168.0.100 00-40-2B-6C-00-4F 68 255.255.255.255 FF-FF-FF-FF-FF-FF 67 Owner PAIN Normal 2 4/17/2005 5:38:02 PM 4/17/2005 5:38:05 PM Block_all

4/17/2005 5:38:40 PM Allowed 10 Outgoing UDP 192.168.0.255 FF-FF-FF-FF-FF-FF 137 192.168.0.100 00-40-2B-6C-00-4F 137 C:\WINDOWS\system32\ntoskrnl.exe Owner PAIN Normal 3 4/17/2005 5:37:32 PM 4/17/2005 5:37:34 PM GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP

4/17/2005 5:38:40 PM Allowed 10 Incoming UDP 192.168.0.100 00-40-2B-6C-00-4F 137 192.168.0.255 FF-FF-FF-FF-FF-FF 137 C:\WINDOWS\system32\ntoskrnl.exe Owner PAIN Normal 3 4/17/2005 5:37:32 PM 4/17/2005 5:37:34 PM GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP

Edited by apples, 17 April 2005 - 05:18 PM.

Be a Hero ~ Share Knowledge

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:13 PM

Posted 17 April 2005 - 10:11 PM

I would block every program that you specifically know does not need the internet. For example, if you msn messenger or aim, and you get a warning, and you do use it, allow it out. If you see another program that is trying to go out, and you dont know about it, dont allow it.

Make sure you give the wuaclt.exe program access out as that checks for new updates or any other program that is accessing windowsupdate.com.

The other ones that are trying to connect or come inbound to port 137,138,139,445 are usually for file sharing. From your ip addresses I am assuming you have a router/firewall as well?

#3 apples

apples
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Location:Virginia but my Heart belongs 2 Jersey
  • Local time:09:13 PM

Posted 17 April 2005 - 11:33 PM

Thank you for the quick reply.

Yes, my router came with a built in firewall.

The firewall I am using gives specific details,
but alas, I am not a computer whiz :thumbsup: and can't make heads nor tails of most of the information that is provided.

I am using this firewall because of the help I received for my xp - all is running wonderfully now. But, I am still learning.

I'm greatful for the information you are giving and the resources available through this site.
Be a Hero ~ Share Knowledge

#4 apples

apples
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Location:Virginia but my Heart belongs 2 Jersey
  • Local time:09:13 PM

Posted 23 April 2005 - 11:59 AM

I am trying to figure out if this is a needed application for my system and allow it through my fire wall ...
Comment:
NT Kernel System (ntoskml.exe) is trying to sent an ICMP Type 17 (Address Mask request) packet - NDIS user mode I/O

I have been doing a temp block while I research what it can be, however I have not had any luck in locating.

Thanks again - Apples
Be a Hero ~ Share Knowledge

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:13 PM

Posted 23 April 2005 - 01:38 PM

You can block that




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users