PDA

View Full Version : Firewall Alerts



Gravale
04.03.09, 21:56
I recently installed a Kerio firewall, and because it's new to this computer it pops up requests for various permissions. There are two requests in particular, which come up frequently while file sharing, which I deny permission to even though I'm not sure whether I should or not. Would anyone hazard a guess as to whether I should permit or deny?

'Someone from 80.227.50...... port 500 wants to send UDP datagram to port 500 owned by ILSA Shell (export version) on your computer. (Application: c\windows\system32\Isass.exe)' Allow or Deny?

'Someone from address 59.252.180...... wants to send ICMP packet to your machine (Application: TCPIP Kernal Driver)' Allow or Deny?

Thank you for your assistance. :smile:

anon
04.03.09, 22:02
'Someone from 80.227.50...... port 500 wants to send UDP datagram to port 500 owned by ILSA Shell (export version) on your computer. (Application: cwindowssystem32sass.exe)' Allow or Deny?

Are you sure it's sass.exe, instead of smss.exe or lsass.exe?

Port 500 is for Internet key exchange when creating a VPN tunnel. If you're not using VPN, I'd say you block it, specially since it's an incoming connection. (If it was an outgoing one, it could be explained by a peer having that as his listen port)


'Someone from address 59.252.180...... wants to send ICMP packet to your machine (Application: TCPIP Kernal Driver)' Allow or Deny?

That means someone's sending you an ICMP packet, most likely to ping you. If you block it, you won't be able to be pinged (this is a nice security measure), but uTorrent's DHT may not work correctly. If you don't, you'll be visible as online when pinged. (Actually, this isn't that much of a security issue - hackers have other means of checking whether your computer is online)

Gravale
04.03.09, 22:20
Yes, anon, I meant Isass.exe. I've corrected the post.

Thanks for your assistance. :smile: