ntl 600k,xp home edt/outpost(running in rules mode)/avg/and the whole caboodle installed and up to date.
i have a problem with svchost.outpost firewall is saying its wanting to go online.this has happened twice,yesterday and today.
both times it was requesting a connection with a different ip address.i didnt write it down sorry,must try harder :-)
this was yesterday evening around 18.30hrs did a quick whois and traceroute and was none the wiser so blocked it.
turned computer off as i had to nip out and on switching back on could not connect to the internet,no google/email etc.
remembered i had blocked svchost so of i trotted to outposts application rules.removed it from the blocked list but did not allow it access.result? internet access again.
did a quick scan with avg,adaware,spybot,swatit,checked my running processes and all came up clean apart from the usual and a few cookies.didnt worry to much about it.
it happened again this evening around the same time,blocked it again and continued what i was doing(browsing here)no problems.
turned of my computer about an hour or so later as had to nip out again and once again on starting it up,no internet access.
so what to do? removed it from the blocked list again and i had internet access once more.popped over to gibson research and ran a scan of common ports click here and found out i can create this effect when this scan runs,svchost requests a connection.
normally(for those of you who are unfamiliar with it)outpost firewall in rules mode will ask for an action to be taken ie/
allow all for this app
block all for this app
create rules for...
the create rules for is normally what i decide to choose as it,most of the time picks something like "browser" and gets on with its job.
these two occaisions however it has "create rules using other"then i have to chose"if the protocall is? if the direction is?allow? block? reject?with various tick boxes.
if i allow it,shields up says port 1025 is open.and my firewall fails the test.if i block it,i pass with stealth and can continue browsing untill i restart the computer,then my internet connection is lost.
if i reject it i also pass but as above,once i restart,same thing.
nothing in event viewer re internet connection etc.i thought there may be some pointers here but alas no.
im thinking this is just ntl renewing my lease or similar but dont want to allow someting that is leaving port 1025 wide open.
sorry for the waffle,any ideas on what it could be and how i should set up this rule properly.
and why has it only started happening? i have not installed anything or changed services configuration etc.
just remembered i copied the address to a text file.
head like a sieve sorry.the last connection request was to:
Deny it and leave it.
If there are any problems then you'll know about it.
thats what i have been doing.but when i restart the computer(as said above)i have no internet connection and have to remove it from the blocked list again.
if i allow it then port 1025 is wide open.
"Zonnet internet is one of the largest ISP in the Netherlands (Rotterdam)"
ok symantec online scan has just gave me the all clear as have spybot/avg/adaware and swatit
netherlands ok,i can understand the whole "handshakes" thing goin on,with all sorts trying to connect whilst online but why if i deny svchost access to this isp do i get cut of when i restart?
had a look see in
HKEY_LOCAL_MACHINE_SYSTEM\currentcontrolset\services and nothing out of the ordaniary here either.(not as if i would really know if there was lol!)
svchost requested a connection againg last night around 01.00hrs with "ppp40-148-59-62.dialup.zonnet.nl"
blocked it again,continued browsing for an hour or so then went to bed.turned on the computer this morning and...surprise,surprise,no internet connection again so had to remove it once again from the list of blocked apps as above.
This thread is now locked and can not be replied to.