Question

  • Creator
    Topic
  • #3937735

    Why so many blocked connections in McAfee security history?

    by ronwebb3 ·

    This morning I found myself looking through McAfee’s “security history”, and noticed a large number of “Suspicious incoming connection blocked” messages (e.g., several dozen in the past hour!). McAfee says not to worry about them, they just show how well McAfee is doing its job.

    What I don’t understand is, why are these connections even getting as far as my PC? They seem to be just random ports from random hackers poking around. I thought my Bell Home Modem 3000 had a firewall.

    I looked in the Port Forwarding section of the modem config, and I can open specific ports for incoming or outgoing traffic. Right now the list is empty, and I can’t find anything to say which ports are blocked or allowed by default. Until now I just assumed that somebody smarter than me had set this up and I didn’t need to worry about it.

    What am I misunderstanding here? Don’t ISPs normally have proper firewalls built into their modems? How can I see what they are blocking?

    Another worrisome observation was that several of the blocked connections originated from known devices, including my own. One was an ancient iPod that no longer gets software updates, so I guess I better stop using that. But I saw other IPs: my wife’s computer (should be properly patched but I’ll check), the Fibe receiver for my TV, even the default gateway and Bell’s DNS. What’s up with all that?

    P.S.: Sorry, newbie here. Moderators, if this post would be better in the Security section, please move it there.

You are posting a reply to: Why so many blocked connections in McAfee security history?

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • #3940194
      Avatar photo

      Most incoming requests are BEYOND YOUR CONTROL.

      by rproffitt ·

      In reply to Why so many blocked connections in McAfee security history?

      There are folk out there running scans on computers by the millions. As such, I think nothing of the incoming requests today. And there is nothing you can do about it.

      -> What else can we discuss?

      • #3940192

        I know, but that wasn’t my question.

        by ronwebb3 ·

        In reply to Most incoming requests are BEYOND YOUR CONTROL.

        Yes, I know there are lots of these requests coming in from the WAN. What I’m asking is, why are they not blocked by my gateway (Bell Home Hub 3000,)? As I said, there is a Port Forwarding facility built in to that device, which allows me to selectively open specific ports for specific computers. All other ports, unless they are common ones like 80 or 443, should be blocked by default, shouldn’t they?.

        For instance, when I use VNC to remote control a computer within my LAN (e.g., 192.168.2.99), I designate a specific port (e.g., 42000) for that app and create a rule in my gateway (192.168.2.1) to forward that port to 192.168.2.99. If I don’t do that, then any packets coming in from the WAN for port 42000 would have no delivery address within my LAN, and would simply be dropped.

        Why aren’t these other random requests on random ports (49293, 65364, 65397, 55194 just to name a few) being similarly dropped by the gateway?

        • #3940191
          Avatar photo

          Not all firewalls work to stop such things.

          by rproffitt ·

          In reply to I know, but that wasn’t my question.

          Maybe that’s what you needed to know.

          Also, any other device on your network might probe to see if there’s a shared file system or other resources.

          Let’s take some random TV for example. Many are smart and will look around the network for a server. This is not an exploit or security failure. But the makers are no longer documenting what their products do. To find out what Microsoft does, well, you can imagine how easy it is to find that out. I’m being harsh here, they don’t make it easy even for seasoned network pros.

        • #3940189
          Avatar photo

          PS. I left out a big thing.

          by rproffitt ·

          In reply to I know, but that wasn’t my question.

          In consumer grade routers, there is almost NEVER a firewall from one device to another on the LAN.

          That is, the devices are left to either block or ignore requests.

          -> In conclusion I found folk demanding firewalls to block requests unnecessarily. Why do I consider that unnecessary? If a device has no service on a port, any request going there dies and doesn’t need a firewall for that port.

Viewing 0 reply threads