Firewall Disabled?

Hi Christian,

thank you for help. I have to admit that my report of events and settings was just from memory of what happened just a few days before and maybe I have mixed up things a little bit. So I'll try to put it a little bit more clear. I'm sitting behind a LAN router with a built-in DSL modem: it's a FritzBox, which is a famous German manufacturer of home user equipment.

The correct order of events and settings was a follows:

1. SEC was reporting my system trying to connect to 192.168.178.255 on UDP port 137 which I identified as a class C broadcast which never has been occured before.

2. Having a kind of paranoid roots in my personality I disallowed this in the alert box (because I am running the firewall in interactive mode as you correctly assumed).

3. Immediately afterwards there was another alert on a connection attempt to a PC of my LAN with IP 192.168.178.123 on UDP port 55400.

4. I blocked this, too (it's always a good idea to be consistent in your paranoia).

5. I wanted to look up the meaning of port 137 which I remembered as being a system related service but forgot about it's specific meaning.

6. Firefox refused to open www.google.de. In the status bar I could see that name resolving didn't work properly as it stuck there and put out a message after several seconds like "ff was unable to connect to www.google.de"... I tried a few other URLs with the same result so I assumed that the internet connection was not working.

7. I used another computer in my LAN and had no trouble in opening the above mentioned URL (maybe someone can imagine the word "SUSPICIOUS" blinking up in my mind at that moment).

8. I was terrified and maybe that's why I didn't try to connect to google by using one of it's IP addresses in order to assess if DNS lookups didn't work or extra-lan connection from this specific computer was blocked by the firewall.

9. I did what everybody does if he gets this feeling of being persecuted: I shut down the machine. Maybe it was just a bad dream and everything is fine after a reboot.

10. After the restart nothing had changed. Back to live, back to reality. So what did I do? Yes, another restart. Probably it's this chewing gum machine trick from childhood: One coin in, no gum out. You always had to hit the machine twice in order to get it work properly. I believe there is some pancosmic conjunction between things.

11. After the next restart I started working with the firewall configuration. There I removed both rules for UDP 137 and UDP 55400 and when the connection alerts came again I allowed both connections.

12. After that internet worked fine - at least firefox was able to look up a google IP address and connect to the server.

13. The yellow exclamation mark is informing me that something with the firewall is not working. Maybe from my previous comments you can guess what this information does with my psyche. The rest is described in my first post.

Well, let me say sth about these port 80 connections. These appeared several weeks before and shortly after the change in the firewall configuration. All these were going to different internet connections which I looked up by a WHOIS service and which don't seem to belong to microsoft or other software companies of programs I was running on my system. That's why I blocked them. I can't imagine of any convincing reason why windows should try to connect to internet servers using WebDAV - except maybe that there is some global conspiracy going on and me being in the middle of it. That's not the idea you want to have in mind before you go to sleep.

Tonight, I changed the UDP 137 and UDP 55400 rules from "allow" to "disallow" and still internet connection is working. So probably there never has been any connection between blocking these and having no internet connection. That's what you were saying. Then I wonder, why the internet didn't work and at the same time there was this new connection alert for port 137. The exclamation mark hasn't disappeared, yet. It's still indicating to be alerted! Does anybody know if 137 has a special meaning in free masonry? Maybe it's a sign, a message from somewhere... I should take my pills.

Nevertheless, many thanks for your help. Maybe I'll do a restore or better a complete reinstall. Or much better I'll buy a new computer. Does anybody know a trustworthy computer store?

Kind regards,

Holger

Hi Christian,

thank you for help. I have to admit that my report of events and settings was just from memory of what happened just a few days before and maybe I have mixed up things a little bit. So I'll try to put it a little bit more clear. I'm sitting behind a LAN router with a built-in DSL modem: it's a FritzBox, which is a famous German manufacturer of home user equipment.

The correct order of events and settings was a follows:

1. SEC was reporting my system trying to connect to 192.168.178.255 on UDP port 137 which I identified as a class C broadcast which never has been occured before.

2. Having a kind of paranoid roots in my personality I disallowed this in the alert box (because I am running the firewall in interactive mode as you correctly assumed).

3. Immediately afterwards there was another alert on a connection attempt to a PC of my LAN with IP 192.168.178.123 on UDP port 55400.

4. I blocked this, too (it's always a good idea to be consistent in your paranoia).

5. I wanted to look up the meaning of port 137 which I remembered as being a system related service but forgot about it's specific meaning.

6. Firefox refused to open www.google.de. In the status bar I could see that name resolving didn't work properly as it stuck there and put out a message after several seconds like "ff was unable to connect to www.google.de"... I tried a few other URLs with the same result so I assumed that the internet connection was not working.

7. I used another computer in my LAN and had no trouble in opening the above mentioned URL (maybe someone can imagine the word "SUSPICIOUS" blinking up in my mind at that moment).

8. I was terrified and maybe that's why I didn't try to connect to google by using one of it's IP addresses in order to assess if DNS lookups didn't work or extra-lan connection from this specific computer was blocked by the firewall.

9. I did what everybody does if he gets this feeling of being persecuted: I shut down the machine. Maybe it was just a bad dream and everything is fine after a reboot.

10. After the restart nothing had changed. Back to live, back to reality. So what did I do? Yes, another restart. Probably it's this chewing gum machine trick from childhood: One coin in, no gum out. You always had to hit the machine twice in order to get it work properly. I believe there is some pancosmic conjunction between things.

11. After the next restart I started working with the firewall configuration. There I removed both rules for UDP 137 and UDP 55400 and when the connection alerts came again I allowed both connections.

12. After that internet worked fine - at least firefox was able to look up a google IP address and connect to the server.

13. The yellow exclamation mark is informing me that something with the firewall is not working. Maybe from my previous comments you can guess what this information does with my psyche. The rest is described in my first post.

Well, let me say sth about these port 80 connections. These appeared several weeks before and shortly after the change in the firewall configuration. All these were going to different internet connections which I looked up by a WHOIS service and which don't seem to belong to microsoft or other software companies of programs I was running on my system. That's why I blocked them. I can't imagine of any convincing reason why windows should try to connect to internet servers using WebDAV - except maybe that there is some global conspiracy going on and me being in the middle of it. That's not the idea you want to have in mind before you go to sleep.

Tonight, I changed the UDP 137 and UDP 55400 rules from "allow" to "disallow" and still internet connection is working. So probably there never has been any connection between blocking these and having no internet connection. That's what you were saying. Then I wonder, why the internet didn't work and at the same time there was this new connection alert for port 137. The exclamation mark hasn't disappeared, yet. It's still indicating to be alerted! Does anybody know if 137 has a special meaning in free masonry? Maybe it's a sign, a message from somewhere... I should take my pills.

Nevertheless, many thanks for your help. Maybe I'll do a restore or better a complete reinstall. Or much better I'll buy a new computer. Does anybody know a trustworthy computer store?

Kind regards,

Holger