x7007 0 Posted July 17, 2017 Share Posted July 17, 2017 (edited) Hi, Eset Internet Security ask me to allow or deny Inbound Network Traffic from Windows IP Helper Service, it's not IP I know, and utorrent that I'm using is suppose to use port TCP 54xxx and not UDP port that shown there. my Utorrent doesn't use UDP . I don't have any program that support this port. Also my MikroTik Router Firewall doesn't have any rule for this port, means it is no exist to the wild and not open from Router Firewall perspective . Why is this happening ? How can I detect what software or service did that ? my first action is to block anyway, but should I figure why it is happening ? I don't want to create a rule and block cause I don't know how it will effect after. What is the best practice to be done when those kind of alerts are showing ? EDIT : Also I got IP from Microsoft https://db-ip.com/13.95.155.190 Edited July 17, 2017 by x7007 Link to comment Share on other sites More sharing options...
itman 1,542 Posted July 17, 2017 Share Posted July 17, 2017 Is Rodger's Communications your ISP provider? Link to comment Share on other sites More sharing options...
x7007 0 Posted July 17, 2017 Author Share Posted July 17, 2017 (edited) 22 minutes ago, itman said: Is Rodger's Communications your ISP provider? No , I'm using Hotnet from Israel . This is a communication from outside in Romania I think. I also added another picture showing that even Microsoft server want to communicate . I don't know why. Edited July 17, 2017 by x7007 Link to comment Share on other sites More sharing options...
x7007 0 Posted July 17, 2017 Author Share Posted July 17, 2017 (edited) Ha, I've found out it's teredo .... but I didn't actually play any Xbox games yet or something, I just got the notification .. The question is should I allow it or not ?? Type : client (Group Policy) Server Name : win10.ipv6.microsoft.com. Client Refresh Interval : 30 seconds Client Port : unspecified State : qualified Client Type : teredo client Network : unmanaged NAT : symmetric (port) NAT Special Behaviour : UPNP: No, PortPreserving: Yes Local Mapping : 192.168.1.200:51856 Edited July 17, 2017 by x7007 Link to comment Share on other sites More sharing options...
itman 1,542 Posted July 17, 2017 Share Posted July 17, 2017 Appears others are observing the same new behavior: https://superuser.com/questions/1223051/service-iphlpsvc-netsvcs-creates-many-short-living-port-forwardings If you recently updated to Creators Edition, might be related to that. Probably MS installed some new telemetry to spy on you. Link to comment Share on other sites More sharing options...
Recommended Posts