A mm [ Symantec ] Uses ports 80 and A [ Symantec ] The worm attempts to download and execute a remote file via FTP. Opens TCP port Sygate Personal Firewall comes with a default rule set that blocks all udp requests, however if udp requests originates from source port or they are allowed, thus a malicious person could get access to all open udp ports on a target merely by sending all requests from source port or Please use the "Add Comment" button below to provide additional information or comments about port Cool Links SpeedGuide Teams.
Registry Tweaks Broadband Tools. SG Ports Database Security. Default Passwords User Stories. Broadband Routers Wireless. It's Twitter. The CN in the certificate identifies it as p.
Finally, the computer at The CN in the certificate identifies it as www. Brave has an online forum and I will open a question there, but the last time I did so, my question was ignored. A helpful Twitter user sent me a relevant link. Back in , someone running Windows XP asked why browsing websites caused his PC to send UDP packets on port to some not all of the websites he was browsing.
One response was that Windows XP broadcasts to every computer it finds on the network, be it another computer on the local network, or a web server on the Internet. This person said their corporate firewall was flooded with denied outbound SMB traffic.
But, that does not explain why it only happens to some websites. And, in my case, the rule blocking UDP port was had been in place for quite a while and I just started noticing the router actually blocking things. I tested this and found it mostly false. I'm not sure which firewall rule triggered this as the router also blocks outbound traffic to any IP address starting with Before I narrowed down the issue to the Brave browser, the router had also blocked outbound UDP port to the IP addresses described below.
All the port traffic was from a second Windows 10 computer, not the one described above. At the time the machine was running multiple web browsers and looking at multiple websites. Shown below are those that it tried to contact. IP address The CN is ssl The CN is sni. The IP address The CN is incapsula. It is hosted at Microsoft Azure and is the only open port. But, there is no certificate at port I opened a Brave Community post about this on July 16, Next, I realized that the computer had the Malwarebytes formerly Binisoft Windows Firewall installed and hoped its logging feature might turn up an interesting pattern.
It did. The most striking thing the log showed was the the requests did not come directly from the Brave browser or from the Brave updater program, they were made by Windows system process number 4, which is identified only as "System" The screen shot below shows four network events that happened in the same second. The oldest event is on the bottom.
This IP address has a dozens of alternate names , two of which are updates. Is Windows doing this on its own, or is it just responding to a request from the Brave Software Updater? Could it be that the port traffic is due to the updater program rather than the browser itself? No, as we see in the log excertp below. Here, we have clearly caught the browser in the act of generating traffic to UDP port First, it makes a TCP request on port to The network log is sortable, so I sorted it by destination port number to see all the requests to port And, they all come from Process number 4, none came directly from Brave though the system could simply be doing what Brave requested as we saw above with the DNS requests.
Many of the requests were meant for the LAN. For example, IP address Another LAN side request is worrying, but off-topic. The computer is a laptop that was using Wi-Fi at the time. Really, it's normal. I just block it. Botany Dave. Missing Link. Posted: Wed May 22, pm. Registered: Mar 15, Posts: Welcome to our community! I've Googled, I've checked configurations, I've scanned for viruses, and now I've lost my sense of humour with this situation.
Now I know that the router is dropping all of the offending packets but I'd really like to attack the source of this NETbios assault on my network. Join our community to see this answer! Unlock 1 Answer and 3 Comments.
Andrew Hancock - VMware vExpert.
0コメント