Firewall Blocking ActiveX

Firewall Blocking ActiveX
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Firewall Blocking ActiveX pbrannen 07-30-2006
Posted by pbrannen on July 30, 2006, 9:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Folks,

I have a bunch of alarm reports from my NetScreen firewall that have me
perplexed. They look like:

ActiveX control blocked! From OUTSIDEIP:80 to MYIP:2264
ActiveX control blocked! From OUTSIDEIP:80 to MYIP:2263
ActiveX control blocked! From OUTSIDEIP:80 to MYIP:2262
ActiveX control blocked! From OUTSIDEIP:80 to MYIP:2258
UDP flood! From DIFFERENT_OUTSIDE_IP:53 to MYIP:2256

and then some others originating from inside my network:

UDP flood! From MYIP:137 to OUTSIDEIP:137
UDP flood! From MYIP:137 to DIFFERENT_OUTSIDEIP:137

The port 137 traffic I assume is netbios/reverse ns activity (either
surfing onto windows servers from the my server (MYIP), or web activity
to our server (which is win 2003)). If that's the case, should I allow
port 137 originating from inside my network to help with logging?

Searching the web for the port ranges for the blocked ActiveX control
has turned up no info. Could that be from surfing the web from our
server as well? I should mention that a reverse NS lookup on the
remote IPs doesn't turn up any domains that looks familiar (beyond
regular ISP domains (comcast, etc).

Thanks,
Patrick


Posted by Sebastian Gottschalk on July 30, 2006, 11:37 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
pbrannen wrote:

> If that's the case, should I allow port 137 originating from inside
> my network to help with logging?

You should not allow any NetBIOS traffic to transit the perimeter.
Allowing it won't help with logging either, rather install a sniffer and
check your server's configuration.

> Searching the web for the port ranges for the blocked ActiveX control
> has turned up no info. Could that be from surfing the web from our
> server as well?

Definitely.

> I should mention that a reverse NS lookup on the
> remote IPs doesn't turn up any domains that looks familiar (beyond
> regular ISP domains (comcast, etc).

OK, that's rather strange.

In the meanwhile I'm asking what an ActiveX filter rule should even look
like, as there's no significant difference between invoking an ActiveX
control and invoking any general plugin, including the browser's
internal viewers.

Similar ThreadsPosted
ActiveX Data Objects (ADO) connection to a SQL through a firewall March 2, 2005, 1:25 pm
Firewall Blocking Use. Help! March 2, 2008, 7:19 am
Blocking internet sharing in LAN without blocking file sharing May 10, 2006, 12:55 am
AOL Firewall blocking aolpspd and aolsmon. April 15, 2005, 10:52 am
Outpost Firewall blocking my internet May 17, 2005, 6:11 pm
Norton Firewall blocking port 81 July 8, 2005, 1:59 pm
Symantec Firewall Blocking Practally Everything, Why? December 13, 2005, 12:23 am
firewall blocking of loopback connection December 20, 2007, 5:09 pm
XP Firewall blocking Linksys Print Server April 10, 2005, 9:14 pm
Q: PIX 515 Firewall suddenly blocking TCP HTTP/80 for no reason?? September 5, 2007, 9:50 am

The site map in XML format XML site map

Contact Us | Privacy Policy