Hi,
Since I've installed McAfee Internet Security, some constant security notifications have been popping up. Aparently my assigned SHAW DNS server has been trying to connect to port 1900 on my personal Laptop. Also random ports between 50000 and 65000. I have also received a couple notifications about being flooded with UDP Packets, (McAfee reports it as an attempt to scan my system)
Now I'm wondering is this normal for shaw DNS servers to do? I only recently switched out of bridge mode and using my GT AC-2900 Asus gaming router, but am ready to switch it back.
Thanks for any info you could provide.
Solved! Go to Solution.
@Vileness -- you have replaced the built-in Windows Firewall by the firewall within McAfee. Your network has ALWAYS been receiving such packets, but the Windows Firewall (or your ASUS router) was just "silently" blocking them, but McAfee is "noisy" -- alerting you to each packet.
UDP packets are part of Windows "Plug-and-Play" communications. These packets are harmless, if they originate from other computers (and your Shaw cable-modem) WITHIN your home network. Note that a "non-bridged" cable-modem should be blocking all UDP packets that originate from "outside" your local network, i.e., from the Internet.
When Windows wants to connect to a remote server, such as a web-site, it "opens" a "random" port-number -- some number between 1025 and 65535 -- and connects to a specific port (80 for the "http://" protocol, or 443 for the "https://" protocol, or 53 for DNS-traffic), so that packets can flow between your "source-port" and the remote "destination-port". So, "50000" and "65000" are just "random" numbers that Windows selected.
Note that when you close a web-browser window, any "open" connection between "source" and "destination" ports is forcibly "closed". If the remote server (web-server or DNS-server) is still trying to send packets to the now-closed port, not noticing that the connection no longer is "open", then McAfee will alert you to those "left-over" packets, as you have observed.
> Now I'm wondering is this normal for Shaw DNS servers to do?
It is not "normal" for any DNS-server to send packets after your computer has "closed" the connection -- compare to hanging-up your telephone while some person is half-way through a sentence, talking to you. But, it does happen. Nothing to worry about.
> I only recently switched out of bridge mode and using my GT AC-2900 Asus gaming router, but am ready to switch it back.
In the past, the ASUS was receiving those packets, and was doing it "silently". There is no reason for you to switch it back.
@Vileness -- you have replaced the built-in Windows Firewall by the firewall within McAfee. Your network has ALWAYS been receiving such packets, but the Windows Firewall (or your ASUS router) was just "silently" blocking them, but McAfee is "noisy" -- alerting you to each packet.
UDP packets are part of Windows "Plug-and-Play" communications. These packets are harmless, if they originate from other computers (and your Shaw cable-modem) WITHIN your home network. Note that a "non-bridged" cable-modem should be blocking all UDP packets that originate from "outside" your local network, i.e., from the Internet.
When Windows wants to connect to a remote server, such as a web-site, it "opens" a "random" port-number -- some number between 1025 and 65535 -- and connects to a specific port (80 for the "http://" protocol, or 443 for the "https://" protocol, or 53 for DNS-traffic), so that packets can flow between your "source-port" and the remote "destination-port". So, "50000" and "65000" are just "random" numbers that Windows selected.
Note that when you close a web-browser window, any "open" connection between "source" and "destination" ports is forcibly "closed". If the remote server (web-server or DNS-server) is still trying to send packets to the now-closed port, not noticing that the connection no longer is "open", then McAfee will alert you to those "left-over" packets, as you have observed.
> Now I'm wondering is this normal for Shaw DNS servers to do?
It is not "normal" for any DNS-server to send packets after your computer has "closed" the connection -- compare to hanging-up your telephone while some person is half-way through a sentence, talking to you. But, it does happen. Nothing to worry about.
> I only recently switched out of bridge mode and using my GT AC-2900 Asus gaming router, but am ready to switch it back.
In the past, the ASUS was receiving those packets, and was doing it "silently". There is no reason for you to switch it back.
Thank you very much for explaining that to me. I appreciate it. 😄