Firewall [SOLVED]: Windows Firewall Inbound Rules not matching netstat listening ports

Firewall [SOLVED]: Windows Firewall Inbound Rules not matching netstat listening ports

Home Forums Firewall Firewall [SOLVED]: Windows Firewall Inbound Rules not matching netstat listening ports

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #35161

    Anonymous

    QuestionQuestion

    I’m not a firewall expert, so need some help with understanding the difference between my windows firewall rules and what netstat is displaying. Some computers at my company only allow inbound traffic on several ports due to regulations, all other ports are blocked by default.

    For example, one computer might allow TCP 20,21,23,80,443,445, and 3389.

    When I do a netstat command however, I see many “listening” ports that should not be allowed:

    Proto Local Foreign State

    TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:9001 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:9002 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:16992 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:49166 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:49178 0.0.0.0:0 LISTENING

    I need some help with understanding why the two do not agree…are these ports trying to listen on a particular port, but the firewall won’t allow any traffic to pass through to them?

    Thank you.

    #35162

    Anonymous

    Accepted AnswerAnswer

    The inbound firewall rules prevent hosts from successfully connecting to ports on the local system. These can be written to prevent external hosts from connecting (typical) and can even be written to prevent localhost from connecting (unusual). The firewall does not prevent a local program from running or binding to a listening port.

    Netstat has nothing to do with this. Netstat reports which ports are Listening, Established, SYN_Received, etc. The firewall does nothing to prevent local programs from listening on ports on any interface.

    Source: https://stackoverflow.com/questions/47574429/windows-firewall-inbound-rules-not-matching-netstat-listening-ports
    Author: David Hoelzer
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.