wireless router firewall configuration issue: security hole?
cjlcan
Newbie

My FIOS wireless router should block all incoming connections. However, my PC's firewall log says that there are still quite some connections reaching the PC and get blocked. What is going on?

The setting for router firewall is 

Typical Security (Medium)
Inbound Policy: Reject.
Remote Administration settings will override the security inbound policy.
Outbound Policy: Accept.

This should block all incoming connections. Why is my PC's firewall log saying there are lots of blocked connection with log entries such like IP 65.52.98.7 trying to connect to TCP port 58023 on the PC?

I have 2 PC, and they all have logs like this. The firewall program is McAfee Total Protection.

There is no DMZ host enabled.

I didn't enable any port forwarding except for the 3 rules which comes with router which seem to be for the FIOS TV:

Networked Computer / DeviceApplications & Ports ForwardedWAN Connection TypeStatusDelete
localhost
127.0.0.1
Verizon FiOS Service
Tcp Any -> 4567
All Broadband DevicesActive 
192.168.1.100:8082Application
TCP Any -> 35000
All Broadband DevicesActive 
192.168.1.100:63145Application
UDP Any -> 63145
All Broadband DevicesActive 

The PC's all have private IP like 192.168.1.*. How can the outside computer reach the PC?

What is going on here?

Thanks.

0 Likes
Re: wireless router firewall configuration issue: security hole?
Telcoguru
Master - Level 1

@cjlcan wrote:

My FIOS wireless router should block all incoming connections. However, my PC's firewall log says that there are still quite some connections reaching the PC and get blocked. What is going on?

The setting for router firewall is 

Typical Security (Medium)
Inbound Policy: Reject.
Remote Administration settings will override the security inbound policy.
Outbound Policy: Accept.

This should block all incoming connections. Why is my PC's firewall log saying there are lots of blocked connection with log entries such like IP 65.52.98.7 trying to connect to TCP port 58023 on the PC?

I have 2 PC, and they all have logs like this. The firewall program is McAfee Total Protection.

There is no DMZ host enabled.

I didn't enable any port forwarding except for the 3 rules which comes with router which seem to be for the FIOS TV:

Networked Computer / DeviceApplications & Ports ForwardedWAN Connection TypeStatusDelete
localhost
127.0.0.1
Verizon FiOS Service
Tcp Any -> 4567
All Broadband DevicesActive 
192.168.1.100:8082Application
TCP Any -> 35000
All Broadband DevicesActive 
192.168.1.100:63145Application
UDP Any -> 63145
All Broadband DevicesActive 

The PC's all have private IP like 192.168.1.*. How can the outside computer reach the PC?

What is going on here?

Thanks.


The 127.0.0.1 is the internal IP address in your computer and the 192.168.1.100 is your Verizon set top box.

0 Likes
Re: wireless router firewall configuration issue: security hole?
cjlcan
Newbie

I know 127.0.0.1 is the loopback IP, but why this IP is appearing in the port forwading rule of the router? 

0 Likes
Re: wireless router firewall configuration issue: security hole?
smith6612
Community Leader
Community Leader

@cjlcan wrote:

I know 127.0.0.1 is the loopback IP, but why this IP is appearing in the port forwading rule of the router? 


Port 4567 is a management port used by Verizon to gain access to the router. It has to redirect that port to itself so that other applications do not try to use it.

0 Likes
Re: wireless router firewall configuration issue: security hole?
Hubrisnxs
Legend

TR-069 - Wikipedia, the free encyclopedia

[PDF]

TECHNICAL REPORT - Broadband Forum

[13] TR-106 Amendment 1, Data Model Template for TR-069-Enabled Devices, Broadband Forum Technical Report

 
 
 
Why is my PC's firewall log saying there are lots of blocked connection with log entries such like IP 65.52.98.7 trying to connect to TCP port 58023 on the PC?
 
 
 
 
65.52.98.7 is a Microsoft IP Address.   your computer probably made an update request, or something similar and your home firewall blocked the request. 
 
*Edit, I looked it up further, and it belongs to the Windows SQM Consolidator 

This scheduled task also runs the Wsqmcons.exe program daily if the user consented to participate in the Windows Customer Experience Improvement Program. This program collects and sends usage data to Microsoft. The Wsqmcons.exe program is located in the System32 folder

 
 
0 Likes