×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
KevinKitts
Contributor
Message 1 of 5

Do blocked IPs get blocked over ALL ports?

It may seem like a dumb question, but I'm having a problem when looking at the Log Viewer program. My brother's computer is on 192.168.1.101 (a "non-routable" IP), and I'm getting all sorts of attempted connections from his IP address. Now, I'm not sure if he leaves his computer on all night, but when I look at the log, the attempted connections are during the time when he's asleep. As a precaution, I banned his IP address from accessing my computer through McAfee's firewall (I have Total Protection 2009).

Most of the attempts are NetBIOS datagrams, which the log viewer says are blocked, and everything's fine. However, when I see UDP 67 "Bootstrap Protocol Server" in the logs, it does NOT contain the message that the attempt was successfully blocked. I thought banning an IP meant banning it from ALL connections, but that's not what I'm seeing in the log viewer. Other connection attempts not marked as blocked are:

UDP port 3702
SSDP port 1900

Now the only ports I have open are "Common Operating System Ports" (whatever that means specifically), UDP 27733 and 3074 (for Enemy Territory: Quake Wars update server access), and "Universal Plug and Play (UPNP) Port 5000, 1900, 2869". If these ports are open, can a banned IP connect to them? If so, that should be corrected immediately - banned should mean totally banned. If not, can you verify that the numerous attempted connections are all blocked, and can you please persuade the programmers to make the log reflect that banned IP are indeed banned? Thanks 🙂

This behavior by my brother's computer has been going on for weeks (and copious activity in my logs makes me nervous). If you could possibly suggest a cause for his computer's weird connectivity, I'd appreciate any ideas you can recommend to make it stop.

One last question: where are the text files of the Log Viewer located? If they are in some sort of database within McAfee's software, is there any way to dump the log to a text file? It's not possible to copy text out of the log viewer, and I like being able to attach log files wherever possible. Thanks again happy
4 Replies
exbrit
MVP
MVP
Message 2 of 5

RE: Do blocked IPs get blocked over ALL ports?

All ports should be blocked so I wouldn't worry. Are you actually using a network? If not I would mark it as "not trusted" under "Manage Network" in Security Center.

I get exactly the same from my flat-mate's machine(s), even his Wii, which are all marked as intruders and then the entire network is untrusted.

I even occasionally saw my next door neighbour's Blackberry trying to horn in on the wireless router, unsuccessfully I may add. Of course these aren't always deliberate attempts at infiltration. Network machines will always automatically try to find a connection regardless of type.

You can test your firewall here: http://www.grc.com/x/ne.dll?rh1dkyd2

Try the "All Service Ports" scan. Takes a while but it quite interesting to do.

Don't forget that if you are using a router with its own firewall then that test will be reading it and not your computer.
KevinKitts
Contributor
Message 3 of 5

Okay, but...

when I go to "Manage Network", instead of seeing an IP address, I get a computer name. When I click on the computer name, no IP address is given, so I don't even know what IP I would be blocking. McAfee needs to fix this problem too.

Furthermore, the Manage Network section is confusing in that I have my computer, then I have another computer with IP address 192.168.1.100 - which is my computer's IP address. Why is my computer listed twice? This is somewhat confusing when I know that each IP address must be unique on a network. McAfee needs to fix this to eliminate the confusion.

Also, why in the world do I have to trust a network to get a network map? When I make my network not trusted, I can't have a network map anymore. Why can't I tell the software to trust the network for long enough to make the network map, then not trust it anymore? This makes no sense, and should be fixed. The software should be smart enough to see the network around my computer without making my computer less secure.

And just to clarify, since you are a volunteer moderator and I don't really know how much you represent McAfee legally, you said "all ports should be blocked." Not to be crass, but I need to know if they are blocked or if they are not. Yes or no, please. This decides my next course of action, and I need a definitive answer. If you can't answer that question definitively, then I need to find out McAfee's support email address so I can get a definitive answer.
exbrit
MVP
MVP
Message 4 of 5

RE: Okay, but...

If you want true Technical Support then it's available through the link at top left of this page or the Chat link in my signature.

We are all unpaid volunteers here just helping out where we can.

192.168.1.100 sounds very much like a Linksys router or modem which you most likely use to connect to the internet and will show as a device on your network.

The other computers, you don't need to know their IP numbers to mark them as intruders or friends. If it's something you don't know then mark it as an intruder.

But as I said, you may wish to ask Technical Support who hopefully will offer a more technical answer.

I also gave you ShieldsUp's URL which will tell you if any ports are open.
exbrit
MVP
MVP
Message 5 of 5

RE: Okay, but...

By the way, network map is available in Windows too. I recommend Chat against email as they are very slow answering emails.
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community