MS Fireall ( Essentials ) on W7x64 not showing blocked incoming connections.

[Noid]

Hello all,
Been awhile since I have been here,,, Hope everyone is well.

My topic is About MS Essentials Firewall.

I'm doing a bit of investigating of who is knocking on my door.

I have a BEFSR41 - Linksys router (NAT enabled) that is being monitored with WallWatcher.
WallWatcher shows packets being passed thru port 80 from China, Germany ... etc.

Googling these IPs show they are active 'attack' attempts from known IP sources.

I have MSE Log parameters 'Dropped Packets' set to 'Yes' on all 3 access tabs in MSE.
However, the log file shows none of these 'Passed' packets being 'dropped' ( blocked )

I've had no 'incidents' using MSE in combination with FireFox, with the AddOn NoScript.
MS Defender has had no 'captures' in several years.

So, I'm thinking that these are not 'logged' to the log file.
Has anyone else done a similar test?

Long ago, ZoneAlarm was great at showing its blocked incoming requests to log file, and WallWatcher log matched these activities.

Do I have MS Essentials configured properly? or is MS Essentials known for not logging these incoming events?

 

[corkyg]

Windows Firewall settings are not on by default in Win 7. Try Control Panel/Windows Firewall, and check all the settings and see if that helps.

 

[Noid]

" I have MSE Log parameters 'Dropped Packets' set to 'Yes' on all 3 access tabs in MSE.
However, the log file shows none of these 'Passed' packets being 'dropped' ( blocked ) "

Screenshots below.

http://pics.bbzzdd.com/users/DigitalDave/snap0000006935.jpg

Link on log setting " Learn more about logging " is screenshot below

http://pics.bbzzdd.com/users/DigitalDave/snap0000006936.jpg

Parameters set according to MS.

-------

I think I'm going to turn on the parameter to log successful connections for awhile to see if these incoming request show in the log.

 

[Noid]

Seems my router is allowing these packets thru to my PC.
My router settings :

NAT enabled.
Block Anonymous Internet Requests: Enabled
Remote Administration: Disabled.

MSE is passing them into my PC.

One such instance is from Ukraine.
An incoming request, and outgoing packets sent.

This is a bit over my head, and I had Wireshark running that captured the events and saved them to file.

Some googling on the IP retrieved an instance of a " ZyXEL Config Download Attempt ".
Apparently there are known hardware issues that allow the download of router configurations.

http://www.securityweek.com/widespread-attack-campaign-highlights-router-security-woes

So even thou they may have received information about my router, the remote admin is not possible.

The other " usual suspects" passing thru port 80 from China are still not understood my me.
I wish I know more about how to read the packets I captured using Wireshark.

So .. my learning/investigation continues.

BTW, I ran MalWarebytes and it found a couple toolbars added to IE.
( which I don't use anyway )
So, all is clean on my PC, and all up to date, all the time.

.

 

[Noid]

I was never able to stop the intrusions until now.

I bought a Motorola SURFboard SB5120 about 10 years ago.
It was having troubles with sync to my provider recently.
( I thought it was my providers service )

So, I looked for something with wireless to replace it.
Groupon had a deal on the Motorola SBG6580 for $122.17 (taxes+delivered).

It arrived yesterday, and it has an amazing amount of features and settings.
Including a firewall.

After some time setting this new device, I turned on WallWatcher to see whats being passed now.

I no longer have China, or anyone else .. reaching my computer now.

 

[Ketchup]

Glad you were able to resolve this. Would you give us more detail on what you did on the Motorola to block these attempts? The Linksys you have would have had a firewall as well (as all routers do) so I am curious as to what the Motorola had to make it easier for you to block these.

 

[Noid]

Still having major issues with my provider.
They told me to call back to get a credit for the last few days when service is back to normal.

Here is a screenshot of the LOW setting that is working for me.

I enabled the 3 checked boxes below also. ( DISABLED by default )
Setting higher 'levels' limit ports, and I suggest some googling to see what the other settings provide

I suggest reviewing the issues about updating the firmware before purchase.
( I did not )

There are many issues with the wireless also.
However, I have none. ( so far )