Main Area and Open Discussion > Living Room

I want to ping back blocked incoming pings - could I use BlackIce Defender?

<< < (3/3)

4wd:
You've got IPs from Amazon Web Services, Google, Akamai (CDN), Joe's Datacenter LLC (this would have to be the NSA :) ), etc being blocked.

I think you need to check what programs you've got installed that require contact with these services.

eg. Background updaters, sync programs, iTunes, etc, etc.

Stoic Joker:
You can get a list of what programs have which ports open with
netstat -anob

But anything internally initiated shouldn't be getting blocked by the router. Conversely, anything blocked by the router will have been externally initiated.

The pink and orange screenshot makes me wonder if you have a PPPoE connection with its mention of VPI/VCI. Does you ADSL require a user/pass to/when it connects?

IainB:
2014-01-11 1442hrs: Following on from the above, and thanks for the helpful comments.

Its a Saturday, and I managed to make some time to look into this some more.
I checked in the online W7FC Frequently Asked Questions, and found this:
Multiple app(1), app(2) etc entries in Programs list.
   The firewall distinguishes the applications by full path name, so C:\FolderA\ABC.EXE and C:\FolderB\ABC.EXE will be listed by the firewall separately. That is correct as the applications (executables) are different formally. However, if there are two (or more) instances of absolutely the same executable, the firewall adds (2),(3) etc suffixes listing instances of the executable separately. You can rename the applications in the list if it is required. There are some specific applications (usually installers or update checkers) those generate network active helpers for every single network access attempt. The helpers (executables) are generated randomly and named unpredictably usually, however the helpers are binary equal. As the initial access attempt is blocked by the firewall the helper is blocked accordingly (but listed), the parent application generates new helper under a different name then, the helper is blocked again and the process loops endlessly. If the activity is expected safe, the solution is creating a (temporary) applicationless rule to enable the destination for the updating/installation of any application via Blocked Events pane (check the manual for the details). The next helper generated will be permitted to reach the desired destination before the initial detection block as the result. TrayIcon/RightClick/Mode:EnableAll setting switches the firewall off finally. The update/installation can be made manually as well.
____________________________

--- End quote ---

At the Blocked Events link, it said:
   Right clicking listed event (or using the toolbar) allows composing/adding a corresponding permitting rule to the application. The rules are created and applied (if required) to the blocked application to avoid blocking of the same reason in the future. Corresponding rules can be created/applied to all the applications at once by updating "Zone for All the Applications" (check Settings tab for the details). The blocked event destination address ownership can be verified via a free online WHOIS database.
    There is a set of options to set the permitting rule for the blocked IP only, IP sub-network, with or without destination port limitations at your option.
    The permitting rule is created automatically, shown in the final zone draft, can be edited and applied to the application (or all the applications) after confirmation. The rules are applied to applications listed in the Programs pane directly.
____________________________

--- End quote ---

I then did a WHOIS  (using W7FC) to check a few (not all) of the incoming IP blocks in W7FC:


Most of those were blocks for HPWS (Host Process for Windows Services). One was for a program name (not HPWS) that I had not adequately enabled access for in the W7FC Programs authorisation list, so I fixed that one by assigning it the correct access rights via that list.
All the HPWS incoming IP blocks I checked were from valid IP addresses to reputable companies that I would expect my PC applications might want to be using via HPWS, so I enabled each as in the diagram below, building up the list that you see there of enabled incoming IP addresses:


There was a block/range of blocked IP addresses that was owned by Google: 173.194.0.0 - 173.194.255.255
Given what we now seem to know of the cynical nature of NSA and Google's apparently excessively invasive methods, post SnowdenGate, I decided not to enable all these IP addresses and am mulling it over.

This step should now start to clear up the confusion of the table of W7FC's blocked incoming items, though I am unsure of whether it will affect the pings being blocked by the router.

Navigation

[0] Message Index

[*] Previous page