John W. Colby
jwcolby at colbyconsulting.com
Thu Sep 30 23:50:49 CDT 2004
I am playing with the built in hardware firewalls that comes with the MSI K8 Neo motherboard. This firewall is built in to the NVIDIA chipset used in my A64 motherboard. It supposedly has stateful packet inspection (not that I really understand what that means, just that it is supposed to be good) and other good stuff. So I turned it on. The firewall software is pretty nice, allowing you to set up 5 or 6 "levels" of protection, from off to anti-hacking, or set up custom levels. If you choose custom, then it has "wizards" that can turn on / off things like messenger and other chat programs, Telnet, email (various types) etc. I turned it on and then used the wizards to turn on things like chat clients, email, windows file sharing etc. When I view my log files, the firewall is getting traffic on blocked port, from 192.168.122.1 (my "head" router and DHCP Server that is my NETWORK "firewall" just behind the cable modem. It is sending to 239.255.255.250 UDP port 1900. I googled 239.255.255.250 and get nothing. I googled port 1900 and discovered that it is Windows XP universal PNP NETWORK traffic and supposedly I can turn it off. So I did (in all my XP machines) by stopping the service. I am still seeing these logs though. It just occurred to me that it might be directed at my networked All-in-one brother fax/scanner/printer which I will turn off briefly to see what happens. I turned off the network printer and the traffic (attempts?) didn't stop. I opened my router (Dlink 624 wireless / 4 port) software (browser) and looked for port forwarding on that port but don't see any. Is it the router trying to talk to something on the network? So, does anyone know what is happening here? John W. Colby www.ColbyConsulting.com