Do I block access from svchost to DHCP?

Discussion in 'Computer Security' started by Mister C, Jun 14, 2005.

  1. Mister C

    Mister C Guest

    From time to time I get this message from my Sygate firewall.
    Should I let this program through?

    "Generic Host Process for Win32 Services (svchost.exe)
    is trying to connect to [62.255.64.20] using remote
    port 67 (BOOTPS - Dynamic Host Configuration Protocol
    [DHCP] Server). Do you want to allow this program to
    access the network?"

    This is my setup:

    1. I use WinXP + SP1 at home.
    2. My broadband ISP is NTL Cable
    3. I connect direct to my ISP am am not part of a network.
    4. I have disabled XP's firewall and use only Sygate firewall.

    To my untutored eye it seems like a good thing to allow this and let
    svchost on PC communicate with what I think is my ISP's DHCP server.

    However this web page says I should completely block svchost.exe in
    Sygate. http://www.howtodothings.com/ViewArticle.aspx?Article=51

    Who is right?
    Mister C, Jun 14, 2005
    #1
    1. Advertising

  2. Mister C wrote:

    > From time to time I get this message from my Sygate firewall.
    > Should I let this program through?
    >
    > "Generic Host Process for Win32 Services (svchost.exe)
    > is trying to connect to [62.255.64.20] using remote
    > port 67 (BOOTPS - Dynamic Host Configuration Protocol
    > [DHCP] Server). Do you want to allow this program to
    > access the network?"
    >
    > This is my setup:
    >
    > 1. I use WinXP + SP1 at home.
    > 2. My broadband ISP is NTL Cable
    > 3. I connect direct to my ISP am am not part of a network.
    > 4. I have disabled XP's firewall and use only Sygate firewall.
    >
    > To my untutored eye it seems like a good thing to allow this and let
    > svchost on PC communicate with what I think is my ISP's DHCP server.
    >
    > However this web page says I should completely block svchost.exe in
    > Sygate. http://www.howtodothings.com/ViewArticle.aspx?Article=51
    >
    > Who is right?


    It sounds like this is you dhcp client. I would not advise blocking that!

    Michael
    Michael J. Pelletier, Jun 14, 2005
    #2
    1. Advertising

  3. Mister C

    Bit Twister Guest

    On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
    > From time to time I get this message from my Sygate firewall.
    > Should I let this program through?
    >
    > "Generic Host Process for Win32 Services (svchost.exe)
    > is trying to connect to [62.255.64.20] using remote
    > port 67 (BOOTPS - Dynamic Host Configuration Protocol
    > [DHCP] Server). Do you want to allow this program to
    > access the network?"
    >
    > This is my setup:
    >
    > 1. I use WinXP + SP1 at home.


    Hmmm, missing lots of updates there. Poor security practice.

    > 2. My broadband ISP is NTL Cable


    Well that explains it.
    nslookup 62.255.64.20
    shows name = dhcp1-popl.server.ntli.net.

    > 3. I connect direct to my ISP am am not part of a network.


    You are part of NTL cable network and your node gets it's ip address
    from NTLI's DHCP server. Your DHCP client and their DHCP server chat with each
    other through ports 67,68 to get/renew your DHCP assigned ip address.
    Bit Twister, Jun 14, 2005
    #3
  4. In article <>,
    Bit Twister <> wrote:
    :On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
    :> This is my setup:

    :> 1. I use WinXP + SP1 at home.

    :Hmmm, missing lots of updates there. Poor security practice.

    As best I (not a Windows expert!) can tell, Microsoft is making
    security patches available for both SP1 and SP2 at present.
    Is there a significant security difference between fully-patched SP1
    and fully-patched SP2?

    I was running SP2 but there was something that wasn't working that
    did work under SP1 that I installed on a different partition. If
    one cannot effectively run one's system with SP2 but can with SP1,
    then is it truly "good security practice" to upgrade to the version
    that is functionally unusable under the local circumstances?

    If so, then would it not be even better security practice to upgrade
    to Windows HP -- a version of Windows that consists of nothing other
    than repeated processor HALT instructions, to keep the system from
    running anything at all ?
    --
    Oh, to be a Blobel!
    Walter Roberson, Jun 14, 2005
    #4
  5. From: "Walter Roberson" <-cnrc.gc.ca>

    | In article <>,
    | Bit Twister <> wrote:
    | :On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
    | :> This is my setup:
    |
    | :> 1. I use WinXP + SP1 at home.
    |
    | :Hmmm, missing lots of updates there. Poor security practice.
    |
    | As best I (not a Windows expert!) can tell, Microsoft is making
    | security patches available for both SP1 and SP2 at present.
    | Is there a significant security difference between fully-patched SP1
    | and fully-patched SP2?
    |
    | I was running SP2 but there was something that wasn't working that
    | did work under SP1 that I installed on a different partition. If
    | one cannot effectively run one's system with SP2 but can with SP1,
    | then is it truly "good security practice" to upgrade to the version
    | that is functionally unusable under the local circumstances?
    |
    | If so, then would it not be even better security practice to upgrade
    | to Windows HP -- a version of Windows that consists of nothing other
    | than repeated processor HALT instructions, to keep the system from
    | running anything at all ?
    | --
    | Oh, to be a Blobel!

    There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
    available for Win9x/ME and Win2K.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jun 14, 2005
    #5
  6. Mister C

    Bit Twister Guest

    On 14 Jun 2005 20:03:56 GMT, Walter Roberson wrote:
    > In article <>,
    > Bit Twister <> wrote:
    >:On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
    >:> This is my setup:
    >
    >:> 1. I use WinXP + SP1 at home.
    >
    >:Hmmm, missing lots of updates there. Poor security practice.
    >
    > As best I (not a Windows expert!) can tell, Microsoft is making
    > security patches available for both SP1 and SP2 at present.


    (not a Windows expert either) but I would bet they are not.

    > Is there a significant security difference between fully-patched SP1
    > and fully-patched SP2?


    Then why make a SP2.

    > I was running SP2 but there was something that wasn't working that
    > did work under SP1 that I installed on a different partition.


    See there is a difference between SP1 and SP2. I would guess sp2 closed
    a security flaw on a system call used by the defunct application.
    Could have been an update to make a system call argument mandatory
    which is not provided in the failing application causing it to fail.

    > If one cannot effectively run one's system with SP2 but can with
    > SP1, then is it truly "good security practice" to upgrade to the
    > version that is functionally unusable under the local circumstances?


    You might want to read the above sentence out loud.

    Having an unpatched system is negligent.

    Let's say someone uses your unpatched system to steal credit cards and
    sells them using your system. Do you think, "but, but, judge, I
    installed a patch and I could not run one of my applications so I
    backed out the patch." is going to keep you out of jail.

    > If so, then would it not be even better security practice to upgrade
    > to Windows HP -- a version of Windows that consists of nothing other
    > than repeated processor HALT instructions, to keep the system from
    > running anything at all ?


    Now you are just being stupid. :(
    http://www.eeye.com/html/research/upcoming/

    My solution was to install Mandrive/Mandrake linux. :)
    Bit Twister, Jun 14, 2005
    #6
  7. In article <>,
    Bit Twister <> wrote:
    :Having an unpatched system is negligent.

    :Let's say someone uses your unpatched system to steal credit cards and
    :sells them using your system. Do you think, "but, but, judge, I
    :installed a patch and I could not run one of my applications so I
    :backed out the patch." is going to keep you out of jail.

    In your strawman argument, are you speaking in terms of being
    convicted of "negligence" or of being convicted as if you were yourself
    the perpetrator of the credit card trafficing?

    My Windows XP SP1 system is behind a firewall that is configured to
    disallow incoming connections, and is patched with the latest SP1
    patches (well, before the ones released earlier today.) A finding
    of "negligence" is unlikely in such a matter.


    Microsoft has a list of "Top 10 Reasons to Install Windows XP
    Service Pack 2",
    http://www.microsoft.com/windowsxp/sp2/topten.mspx

    Reasons #1 thru 4, and 8 thru 10 have to do with products such
    as Internet Explorer and Outlook that I do not run.

    Reason 5 has to do with the Windows Firewall -- unnecessary for
    someone who has a real firewall.

    Reason 6 is the convenience of the Windows Security Centre. Being
    able to "manage key security settings in one convenient place" is
    not exactly at the top of my list of must-have security features.

    Reason 7 is enhancements to Windows Automatic Updates. I have my
    system set to notify me of updates, which I then examine first
    -before- blindly installing.


    If you examine the list of "Key Security Technologies" for SP2,
    http://www.microsoft.com/windowsxp/sp2/technologiesoverview.mspx
    you will not find much of interest to someone who runs their own
    firewall and doesn't use IE or OE.
    --
    "Never install telephone wiring during a lightning storm." -- Linksys
    Walter Roberson, Jun 14, 2005
    #7
  8. In article <N7Hre.8307$2K4.4103@trnddc08>,
    David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
    :From: "Walter Roberson" <-cnrc.gc.ca>

    :| Is there a significant security difference between fully-patched SP1
    :| and fully-patched SP2?

    :There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
    :available for Win9x/ME and Win2K.

    David, I've re-read your sentance several times, but I am having
    difficulty in parsing it. Are you saying that IE6/OE6 SP2 is available
    for XP SP2 but not for XP SP1? I am thrown a bit by the
    9x/ME and 2K reference ?

    If one does not use IE6 nor OE, are the differences relevant?

    --
    Feep if you love VT-52's.
    Walter Roberson, Jun 14, 2005
    #8
  9. Mister C

    Bit Twister Guest

    On 14 Jun 2005 21:02:37 GMT, Walter Roberson wrote:
    >
    > In your strawman argument, are you speaking in terms of being
    > convicted of "negligence"


    The site cracked could go the negligence route asking for damages.

    > or of being convicted as if you were yourself
    > the perpetrator of the credit card trafficing?


    That is what is going to cost you the big lawyer bucks to get out of
    going to prison.

    > My Windows XP SP1 system is behind a firewall that is configured to
    > disallow incoming connections,


    Depending on what kind of firewall, that is a good first step.
    SP1 patched systems were getting cracked in about 4 minutes after
    connected to the net.

    > and is patched with the latest SP1
    > patches (well, before the ones released earlier today.) A finding
    > of "negligence" is unlikely in such a matter.


    Would guess the cracked site's lawyer would be pushing the fact that
    you do not have all updates (SP2) installed so it is negligence.

    > Microsoft has a list of "Top 10 Reasons to Install Windows XP
    > Service Pack 2",


    I seriously doubt MS would publish that SP2 fixes unpatched problems in SP1.
    I wonder why MS thought about forcing SP2 or disallow any updates at
    one point in time.

    > If you examine the list of "Key Security Technologies" for SP2,
    > http://www.microsoft.com/windowsxp/sp2/technologiesoverview.mspx
    > you will not find much of interest to someone who runs their own
    > firewall and doesn't use IE or OE.


    Well there is my point. Based on that, there should be no reason for
    your application to not run on SP2.
    After all, sp2 just fixed a few applications.
    Bit Twister, Jun 14, 2005
    #9
  10. On 14 Jun 2005 20:03:56 GMT, -cnrc.gc.ca (Walter
    Roberson) wrote:

    >I was running SP2 but there was something that wasn't working that
    >did work under SP1 that I installed on a different partition. If
    >one cannot effectively run one's system with SP2 but can with SP1,
    >then is it truly "good security practice" to upgrade to the version
    >that is functionally unusable under the local circumstances?


    I believe that its generally accepted as better practice to diagnose
    and resolve the problem, than avoid it by removing security.

    "Since I fitted locks to my house, I often can't get in when I'm
    drunk."
    "Why not just take the locks back off then?"
    "Problem solved"

    >If so, then would it not be even better security practice to upgrade
    >to Windows HP -- a version of Windows that consists of nothing other
    >than repeated processor HALT instructions, to keep the system from
    >running anything at all ?


    ROFL.
    Mark McIntyre, Jun 14, 2005
    #10
  11. From: "Walter Roberson" <-cnrc.gc.ca>

    | In article <N7Hre.8307$2K4.4103@trnddc08>,
    | David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
    | :From: "Walter Roberson" <-cnrc.gc.ca>
    |
    | :| Is there a significant security difference between fully-patched SP1
    | :| and fully-patched SP2?
    |
    | :There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
    | :available for Win9x/ME and Win2K.
    |
    | David, I've re-read your sentance several times, but I am having
    | difficulty in parsing it. Are you saying that IE6/OE6 SP2 is available
    | for XP SP2 but not for XP SP1? I am thrown a bit by the
    | 9x/ME and 2K reference ?
    |
    | If one does not use IE6 nor OE, are the differences relevant?
    |
    | --
    | Feep if you love VT-52's.

    WinXP SP2 containe IE/OE SP2. There is no IE/OE SP2 for earlier MS Operting Systems.

    Since the HTML capabilities of the OS are tied to IE then the fact that you do not directly
    use IE or OE still means that that the HTML vulnerabilities remain.

    There are other pertinent changes in SP2 as well. This includes the XP FireWall and
    recoding of some WinXP components.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jun 14, 2005
    #11
  12. On 14 Jun 2005 21:02:37 GMT, -cnrc.gc.ca (Walter
    Roberson) wrote:

    >Microsoft has a list of "Top 10 Reasons to Install Windows XP
    >Service Pack 2",
    >http://www.microsoft.com/windowsxp/sp2/topten.mspx
    >
    >Reasons #1 thru 4, and 8 thru 10 have to do with products such
    >as Internet Explorer and Outlook that I do not run.


    You may not run them, but they're installed and the IE rendering
    engine is used by a swathe of apps. If you leave this inadequately
    patched, you're asking for trouble.

    I agree the other three reasons are irrelevant for anyone who has
    their own f/w and performs updates religiously.

    >If you examine the list of "Key Security Technologies" for SP2,
    >http://www.microsoft.com/windowsxp/sp2/technologiesoverview.mspx
    >you will not find much of interest to someone who runs their own
    >firewall and doesn't use IE or OE.


    There's no such thing as "not running" IE or OE....
    Mark McIntyre, Jun 14, 2005
    #12
  13. Mark McIntyre wrote:

    > On 14 Jun 2005 20:03:56 GMT, -cnrc.gc.ca (Walter
    > Roberson) wrote:
    >
    >>I was running SP2 but there was something that wasn't working that
    >>did work under SP1 that I installed on a different partition. If
    >>one cannot effectively run one's system with SP2 but can with SP1,
    >>then is it truly "good security practice" to upgrade to the version
    >>that is functionally unusable under the local circumstances?

    >
    > I believe that its generally accepted as better practice to diagnose
    > and resolve the problem, than avoid it by removing security.


    ...if that were the case you would not be using Windows at all!!!
    Michael J. Pelletier, Jun 14, 2005
    #13
  14. Bit Twister wrote:

    > On 14 Jun 2005 21:02:37 GMT, Walter Roberson wrote:
    >>
    >> In your strawman argument, are you speaking in terms of being
    >> convicted of "negligence"

    >
    > The site cracked could go the negligence route asking for damages.
    >
    >> or of being convicted as if you were yourself
    >> the perpetrator of the credit card trafficing?.

    >
    > That is what is going to cost you the big lawyer bucks to get out of
    > going to prison.
    >
    >> My Windows XP SP1 system is behind a firewall that is configured to
    >> disallow incoming connections,

    >
    > Depending on what kind of firewall, that is a good first step.
    > SP1 patched systems were getting cracked in about 4 minutes after
    > connected to the net.
    >
    >> and is patched with the latest SP1
    >> patches (well, before the ones released earlier today.) A finding
    >> of "negligence" is unlikely in such a matter.

    >
    > Would guess the cracked site's lawyer would be pushing the fact that
    > you do not have all updates (SP2) installed so it is negligence.
    >



    Ah come on. If all of that were true Bill Gates would have a endless supply
    of "soap on a rope"...for he is more guilty than anyone else.
    Michael J. Pelletier, Jun 14, 2005
    #14
  15. Mister C

    Bit Twister Guest

    On Tue, 14 Jun 2005 15:08:51 -0700, Michael J. Pelletier wrote:

    > Ah come on. If all of that were true Bill Gates would have a endless supply
    > of "soap on a rope"...for he is more guilty than anyone else.


    I see you are running Knode. If you were able to read the End User
    Licence (EUL) you will see you agree to _not_ hold MS responsible for
    anything.

    Shoot, I can not even cut/paste it for inclusion in a text file.
    Bit Twister, Jun 14, 2005
    #15
  16. In article <>,
    Mark McIntyre <> wrote:
    :On 14 Jun 2005 20:03:56 GMT, -cnrc.gc.ca (Walter
    :Roberson) wrote:

    :>I was running SP2 but there was something that wasn't working that
    :>did work under SP1 that I installed on a different partition. If
    :>one cannot effectively run one's system with SP2 but can with SP1,
    :>then is it truly "good security practice" to upgrade to the version
    :>that is functionally unusable under the local circumstances?

    :I believe that its generally accepted as better practice to diagnose
    :and resolve the problem, than avoid it by removing security.

    Windows is closed-source, and rather obtuse to debug. I spend
    *far* more time trying to track down problems on my single XP system
    at home than I spend on my routers, switches, firewalls, or
    unix systems. I don't have *time* to debug any substantial XP problem.

    It is *not* "generally accepted" as "better practice" to spend your
    time hitting your head against a wall.
    --
    "Never install telephone wiring during a lightning storm." -- Linksys
    Walter Roberson, Jun 14, 2005
    #16
  17. Walter Roberson wrote:
    > In article <>,
    > Bit Twister <> wrote:
    > :On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
    > :> This is my setup:
    >
    > :> 1. I use WinXP + SP1 at home.
    >
    > :Hmmm, missing lots of updates there. Poor security practice.
    >
    > As best I (not a Windows expert!) can tell, Microsoft is making
    > security patches available for both SP1 and SP2 at present.
    > Is there a significant security difference between fully-patched SP1
    > and fully-patched SP2?

    [snip]

    Did I just hear the ever familiar sound of a can of worms being opened...?
    Dale Richards, Jun 15, 2005
    #17
  18. Mister C

    Bit Twister Guest

    On Wed, 15 Jun 2005 00:38:19 GMT, Dale Richards wrote:
    >
    > Did I just hear the ever familiar sound of a can of worms being opened...?


    New SP2 with firewall was supposed to stop those pesky worms. :)
    Bit Twister, Jun 15, 2005
    #18
  19. Mister C

    John Hyde Guest

    On 6/14/2005 2:35 PM, Mark McIntyre wrote:
    > On 14 Jun 2005 20:03:56 GMT, -cnrc.gc.ca (Walter
    > Roberson) wrote:
    >
    >
    >>I was running SP2 but there was something that wasn't working that
    >>did work under SP1 that I installed on a different partition. If
    >>one cannot effectively run one's system with SP2 but can with SP1,
    >>then is it truly "good security practice" to upgrade to the version
    >>that is functionally unusable under the local circumstances?

    >
    >
    > I believe that its generally accepted as better practice to diagnose
    > and resolve the problem, than avoid it by removing security.
    >
    > "Since I fitted locks to my house, I often can't get in when I'm
    > drunk."
    > "Why not just take the locks back off then?"
    > "Problem solved"
    >
    >


    SOrry officer, I couldn't get out the door, I had to use Windows . . .
    John Hyde, Jun 15, 2005
    #19
  20. Mister C

    Adrian Guest

    David H. Lipman (DLipman~nospam~@Verizon.Net) gurgled happily, sounding
    much like they were saying :

    >| If one does not use IE6 nor OE, are the differences relevant?


    > WinXP SP2 containe IE/OE SP2. There is no IE/OE SP2 for earlier MS
    > Operting Systems.
    >
    > Since the HTML capabilities of the OS are tied to IE then the fact
    > that you do not directly use IE or OE still means that that the HTML
    > vulnerabilities remain.


    Only if you use IE. Other browsers, which completely ignore IE, are
    available.
    Adrian, Jun 15, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeremy Whitley

    Block a DHCP server

    Jeremy Whitley, Oct 31, 2003, in forum: Cisco
    Replies:
    6
    Views:
    8,489
    Jeremy Whitley
    Nov 3, 2003
  2. Aaron Taylor

    Block DHCP on Cisco Interface?

    Aaron Taylor, Apr 26, 2004, in forum: Cisco
    Replies:
    2
    Views:
    2,779
    Aaron Taylor
    Apr 26, 2004
  3. Faustino Dina
    Replies:
    4
    Views:
    9,635
    Faustino Dina
    Sep 29, 2004
  4. hammer to the heart
    Replies:
    3
    Views:
    514
  5. Grice Webster

    Problem if I block svchost.exe?

    Grice Webster, Jun 27, 2003, in forum: Computer Security
    Replies:
    7
    Views:
    16,212
    Duane Arnold
    Jul 4, 2003
Loading...

Share This Page