Ads

Jan 052002
 

This is what ZoneAlarm complains about while connected to the internet. “SVCHOST.EXE” is “Generic Service Host.” What that means is it is a “host” for other processes or services. If your internet connection seems to “no longer work,” it is due to you disallowing various “required” functions to no longer access the internet. A big one is “DNS Lookups” and HTTP. With DNS lookups disabled, you will no longer be able to type in “www.blackviper.com” but you will always be able to type in the IP address of the systems. The internet connection is still working, but you are blocking a “vital” part of the process for surfing web pages. With HTTP TCP Port 80 blocked, you will not be able to access any web site.

As to whether or not “you” need the particular process to access the internet or act as a server is completely dependent upon your computer configuration, your software installation, and what you are doing at any given time.

Only you can make the decision about if “you need this to access the internet” or not.

A security vulnerability exists with Windows that could cause your system to exhibit all kinds of poor behavior. This particular issue attacks the Remote Procedure Call service which Zone Alarm may issue a warning with regards to SVCHOST.EXE and Generic Host Process for Win32 Services. However, this inbound traffic should NOT be allowed. READ MORE…

Generally speaking, the following ports and services should NOT be blocked:

  • DHCP: UDP Port 67 and 68 (block both outbound and inbound only if you have a static IP address)
  • DNS: UDP Port 53 (allow only outbound; disable inbound unless you have local DNS server)
  • HTTP: TCP Port 80 (allow only outbound; disable inbound unless you have local web server)
  • HTTPS: TCP Port 443 (allow only outbound; disable inbound unless you have local web server)

Generally speaking, the following ports and services SHOULD be blocked, “outbound and inbound”:

  • NetBIOS: UDP 137
  • RPC: TCP 135
  • UPnP: UDP 1900
  • UPnP: TCP and UDP 5000

If you block a port and something breaks, reenable the blocked port and see if it is fixed. Easy as that. :)