Connection attempts from PN community servers

Townman · ‎22-08-2007

Hi,
Whilst reviewing my AV / Firewall logs this morning I noticed blocked attempted connections to my PC from PN community servers. Whilst I can understand responses therefrom, unsolicited requests seem inappropriate. Further what is the consequence of these requests being blocked? Does this "shine any light" onto any of the operational issues being investigated?

Quote
Incoming network connection blocked - community.plus.net [212.159.9.110] to TCP port 61794 and another to port 61793.

I cannot find any recognised uses for these ports.

Kevin
adie:green fixed quote

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

ejs · ‎10-06-2010

Not a particularly detailed log message. Doesn't give the source port or TCP flags such as SYN, ACK, FIN etc. Was it really a new incoming TCP SYN packet to start a new connection?
You probably made an outgoing connection from port 61794 to community.plus.net to port 80 or 443. If community.plus.net doesn't reply in time (longer than maybe 30 seconds or 2 minutes, the exact time depends on the state of the connection and it can be configured), then the firewall will forget about the outgoing connection. If the reply eventually arrives, the firewall won't have the outgoing connection to match it to, and also probably the NAT table won't know which LAN IP to translate it to.
If you could configure your, firewall, operating system, NAT etc. to wait longer, then packets might reach their destination, rather than the webpage timing out. But longer timeouts would be impractical and require more memory, keeping entries around for longer would mean more stay in memory.

Townman · ‎22-08-2007

Hi ejs,
Thank you for the prompt reply. Yes the details in the McAfee UI are sparse and I cannot find the raw firewall logs. At least with ZoneAlarm one used to get really useful detailed information - but that is what happens when products are made simpler for a wider audience!
At the time of the logged incidents, I was no where near my PC, but I had left two browser windows connected to the community - given I have "stay permanently logged in set" I wonder if this is related to a session refresh?
Will keep a watchful eye on this. There are other unsolicited fish to fry too, including one for McAfee itself.
Only looking here as I'm poking around with IPv6 and trying to get a TBB monitor running - can see blocked IPv6 connections from TBB too... I guess this is advert serving.

Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Kelly · ‎04-04-2007

Quite possible the same issue Purleigh (and others) highlighted with the misconfigured load balancer which we've been trying to resolve.

Kelly Dorset
Ex-Broadband Service Manager

ejs · ‎10-06-2010

My previous post is not entirely relevant because I didn't really notice that this was the firewall log on your computer, not router. So your router must have had a NAT entry (or port forwarding rule, or DMZ) matching the packet otherwise the packet wouldn't have reached your computer, instead it would have been dropped by your router. Perhaps your router keeps firewall state and NAT entries for longer than your computer firewall does.
I think these forums are so old fashioned and simple that they don't do anything if you leave a browser window open, and always stay logged in just sets a login cookie to never expire.