Jump to solution

MCAFFEE Internet Security reports my SHAW DNS server is doing some weird things

Vileness
Grasshopper
‎2020-07-05 07:11 AM

Hi,

 

Since I've installed McAfee Internet Security, some constant security notifications have been popping up. Aparently my assigned SHAW DNS server has been trying to connect to port 1900 on my personal Laptop. Also random ports between 50000 and 65000. I have also received a couple notifications about being flooded with UDP Packets, (McAfee reports it as an attempt to scan my system)
Now I'm wondering is this normal for shaw DNS servers to do? I only recently switched out of bridge mode and using my GT AC-2900 Asus gaming router, but am ready to switch it back.

 

Thanks for any info you could provide. 

 

 

0 Kudos
Reply
1 Solution

Accepted Solutions
Jump to solution

-- you have replaced the built-in Windows Firewall by the...

mdk
Legendary Grand Master
‎2020-07-05 08:57 AM

@Vileness -- you have replaced the built-in Windows Firewall by the firewall within McAfee.  Your network has ALWAYS been receiving such packets, but the Windows Firewall (or your ASUS router) was just "silently" blocking them, but McAfee is "noisy" -- alerting you to each packet.

UDP packets are part of Windows "Plug-and-Play" communications.  These packets are harmless, if they originate from other computers (and your Shaw cable-modem) WITHIN your home network.  Note that a "non-bridged" cable-modem should be blocking all UDP packets that originate from "outside" your local network, i.e., from the Internet.

When Windows wants to connect to a remote server, such as a web-site, it "opens" a "random" port-number -- some number between 1025 and 65535 -- and connects to a specific port (80 for the "http://" protocol, or 443 for the "https://" protocol, or 53 for DNS-traffic), so that packets can flow between your "source-port" and the remote "destination-port".  So, "50000" and "65000" are just "random" numbers that Windows selected.

Note that when you close a web-browser window, any "open" connection between "source" and "destination" ports is forcibly "closed". If the remote server (web-server or DNS-server)  is still trying to send packets to the now-closed port, not noticing that the connection no longer is "open", then McAfee will alert you to those "left-over" packets, as you have observed.

> Now I'm wondering is this normal for Shaw DNS servers to do?

It is not "normal" for any DNS-server to send packets after your computer has "closed" the connection -- compare to hanging-up your telephone while some person is half-way through a sentence, talking to you.  But, it does happen.  Nothing to worry about.

> I only recently switched out of bridge mode and using my GT AC-2900 Asus gaming router, but am ready to switch it back.

In the past, the ASUS was receiving those packets, and was doing it "silently". There is no reason for you to switch it back.

 

View solution in original post

0 Kudos
Reply
Reply
Loading...
2 Replies
Jump to solution

-- you have replaced the built-in Windows Firewall by the...

mdk
Legendary Grand Master
‎2020-07-05 08:57 AM

@Vileness -- you have replaced the built-in Windows Firewall by the firewall within McAfee.  Your network has ALWAYS been receiving such packets, but the Windows Firewall (or your ASUS router) was just "silently" blocking them, but McAfee is "noisy" -- alerting you to each packet.

UDP packets are part of Windows "Plug-and-Play" communications.  These packets are harmless, if they originate from other computers (and your Shaw cable-modem) WITHIN your home network.  Note that a "non-bridged" cable-modem should be blocking all UDP packets that originate from "outside" your local network, i.e., from the Internet.

When Windows wants to connect to a remote server, such as a web-site, it "opens" a "random" port-number -- some number between 1025 and 65535 -- and connects to a specific port (80 for the "http://" protocol, or 443 for the "https://" protocol, or 53 for DNS-traffic), so that packets can flow between your "source-port" and the remote "destination-port".  So, "50000" and "65000" are just "random" numbers that Windows selected.

Note that when you close a web-browser window, any "open" connection between "source" and "destination" ports is forcibly "closed". If the remote server (web-server or DNS-server)  is still trying to send packets to the now-closed port, not noticing that the connection no longer is "open", then McAfee will alert you to those "left-over" packets, as you have observed.

> Now I'm wondering is this normal for Shaw DNS servers to do?

It is not "normal" for any DNS-server to send packets after your computer has "closed" the connection -- compare to hanging-up your telephone while some person is half-way through a sentence, talking to you.  But, it does happen.  Nothing to worry about.

> I only recently switched out of bridge mode and using my GT AC-2900 Asus gaming router, but am ready to switch it back.

In the past, the ASUS was receiving those packets, and was doing it "silently". There is no reason for you to switch it back.

 

0 Kudos
Reply
Reply
Loading...
Jump to solution

Thank you very much for explaining that to me. I apprecia...

Vileness
Grasshopper
‎2020-07-05 12:23 PM

Thank you very much for explaining that to me. I appreciate it. 😄

0 Kudos
Reply
Reply
Loading...
TALK TO US
We're here to help
Chat on Messenger
Direct Message on Twitter