Jump to content

Ver. 9 - Questionable Inbound Traffic At Boot time


Recommended Posts

I just started getting an inbound network alert on this at boot time:

 

Time;Event;Source;Target;Protocol;Rule/worm name;Application;User 10/26/2015 2:03:12 PM;

Decision on allowing communication delegated to user;

Source 137.135.12.16:443; Destination 192.168.1.XX:49158; TCP;

Allow communication for svchost.exe/Dhcp;C:\Windows\System32\svchost.exe;NT AUTHORITY\LOCAL SERVICE

 

First, I know of any known instance why DHCP would use port 443. Is this possibly a bug by Eset? IP 137.135.12.16 resolves to either Microsoft or Eset.

 

Also, this appears not to be a stateful connection since I assume I would not have received an inbound alert to a previously sent outbound request. Presently I am blocking this communication.
 

Edited by itman
Link to comment
Share on other sites

  • Administrators

It's edf.eset.com that resolves to 137.135.12.16 and this communication is necessary for product activation. V9 should utilize https for communication so connection to port 443 is expected.

Link to comment
Share on other sites

It's edf.eset.com that resolves to 137.135.12.16 and this communication is necessary for product activation. V9 should utilize https for communication so connection to port 443 is expected.

Ok, thanks. However, the firewall alert should not be showing DHCP, i.e. ports 67 and 68 for IPv4, for the service used. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...