Firewall close TCP port without explanation (during browsing web) under Windows

Firewall close TCP port without explanation (during browsing web) under Windows
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Firewall close TCP port without explanation (during browsing web) under Windows cedM12 02-05-2008
Posted by cedM12 on February 5, 2008, 9:16 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,

I have a problem with the Windows XP firewall (SP2), when I browse our
web server with Internet Explorer or Firefox.

* With the Windows Firewall disabled, Wireshark can see Internet
Explorer or Firefox is sending a number of SYN packets in quick
succession to our web server, which we acknoledge with SYN-ACK packets.
I can see too that the Windows client sends sometimes a RST packet. But
the browsing of our web server is always OK.

* If I then enable the Windows XP firewall and do the same, the browsing
of WEB server initiates sometimes the unaccess of our web server (during
35 seconds minimum).
I can see this pattern with Wireshark:
PC : --> SYN
WEB server : --> SYN, ACK
WEB server : --> SYN, ACK after 5 seconds
WEB server : --> SYN, ACK after 10 seconds
WEB server : --> SYN, ACK after 20 seconds

I can see (with Wireshark) then that the Windows firewall dropped some
SYN-ACK packets. Moreover, the Windows client closed the TCP port of
this connection in progress before receiving SYN-ACK packet.

In the Windows XP firewall (pfirewall.log), I can see that the firewall
dropped the connection of ou web server (10.12.1.2) with number 1064 TCP
port (because the Windows client closed this port before receiving SYN-
ACK packet) :

16:12:55 OPEN TCP 192.168.1.71 10.12.1.2 1329 80 - - - - - - - - -
16:12:55 CLOSE TCP 192.168.1.71 10.12.1.2 1329 80 - - - - - - - - -
16:12:55 DROP TCP 10.12.1.2 192.168.1.71 80 1329 44 SA 550383384         
                        1616135431 4096 - - - RECEIVE
16:13:00 DROP TCP 10.12.1.2 192.168.1.71 80 1329 44 SA                 
                        550383384 1616135431 4096 - - - RECEIVE
16:13:10 DROP TCP 10.12.1.2 192.168.1.71 80 1329 44 SA                 
                        550383384 1616135431 4096 - - - RECEIVE


Why the firewall closed the TCP port in this example? Which are the
conditions of closing a TCP port? Do you have an idea that explains this
default, please?

I searched in newsgroup and googled around, but no hint to explain it.

I had the same default with Kerio firewall.
I tried to understand how firewall works under Windows. But it's not
easy. I understand that there are 2 zones of control "Hook" : one
between NDIS and IP layer and an another between TDI (Transport Driver
Interface) and Winsock. Then I don't see rules applied which concerns my
problem.
Is there a Web link where I should see?


Thanks

Cedric

Similar ThreadsPosted
OT Is there a safe way to close pop-up windows (which may be malicious)? May 1, 2006, 9:42 pm
Close Port 113 - Observation July 27, 2004, 7:53 pm
How do I close Port 80 on a Belkin F5D6230-3??? May 3, 2005, 3:59 pm
[iptables] ip_conntrack_* and ip_nat_* modules: explanation requested January 8, 2007, 6:40 pm
Re: problems using different different FTP port with windows firewall January 3, 2008, 2:40 pm
Re: problems using different different FTP port with windows firewall January 4, 2008, 3:13 am
Consulting some redirect port with windows to a iptables firewall November 5, 2004, 10:26 pm
Azureus port problem for Torrent with windows firewall March 12, 2006, 3:06 pm
internet speed browsing slow February 9, 2005, 4:33 am
User continually gets logon prompt when browsing the web January 31, 2005, 2:39 pm

The site map in XML format XML site map

Contact Us | Privacy Policy