Windows 7 firewall causing remote connection to time out; should refuse connection

windows-7 windows firewall tcp windows-firewall
18,528

This is due to a windows firewall feature called "stealth mode". The idea is that refusing a connection instead of timing it out will tell an attacker that there actually is a computer on that IP-Address. With the connection attempt timing out, the hope is that the attacker will ignore the computer. For more information regarding stealth mode see technet.

You can disable stealth mode by modifying the registry as documented here:

To Software\Policies\Microsoft\WindowsFirewall\DomainProfile, Software\Policies\Microsoft\WindowsFirewall\PrivateProfile, Software\Policies\Microsoft\WindowsFirewall\PublicProfile, Software\Policies\Microsoft\WindowsFirewall\StandardProfile add a REG_DWORD named DisableStealthMode with a value of 0x00000001

After doing so you need to restart the windows firewall service for the changes to take effect.

Share:
18,528

Related videos on Youtube

JT.
Author by

JT.

Updated on September 18, 2022

Comments

  • JT.
    JT. almost 2 years

    The Windows 7 Firewall is running with default options to allow outbound connections and block incoming connections. I have a process trying to connect regularly from within my local network, which is fine. When the program that accepts the connection is running, all goes well. When it's not, Windows 7 Firewall is causing the connection attempt to time out instead of refusing the connection (like it should be doing).

    I've tried creating rules to explicitly allow all connections on that port, but it's timing out none-the-less. I'm wondering if the firewall is blocking the RST packet from being sent back? Disabling the public profile completely causes the connection to be refused (as expected) but a firewall rule does not.

    Here is the rules I've tried so far without success:

    Port type, TCP, Specified port 11211, Allow the connection, apply to Domain, Private, and Public

    Any suggestions?

    Note: When I say "refused" I'm referring to the operating system's response to the connection saying "sorry, nothing is listening." Test this out on your local machine. Open a command prompt and type telnet localhost 60000. You should see something like this: Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused

    This is a connection refused. The operating system is "refusing" the request, because (at least on my system) nothing is listening on port 60000.

    Now try telnet example.com 60000. Wait. You'll eventually see something like this: Trying 192.0.43.10... telnet: connect to address 192.0.43.10: Operation timed out

    See the difference? There is no host at example.com to reply with a "refused" so your local operating system (e.g. not the server) says "nothing is there, timeout."

    Very different. The problem is Windows 7 firewall is not generating the "refused" as it should be. I'd like to find out how to fix this.

    • Ƭᴇcʜιᴇ007
      Ƭᴇcʜιᴇ007 over 12 years
      If you fully disable the firewall do you get the expected/wanted behaviour?
    • Ƭᴇcʜιᴇ007
      Ƭᴇcʜιᴇ007 over 12 years
      I'm also a little confused as to what you think would "Refuse" the connection if there's no firewall in the way (due to rules), and no server listening?
    • Ramhound
      Ramhound over 12 years
      The connection being "timed out" sounds like the connection is being refused. I don't understand the difference.
    • JT.
      JT. over 12 years
      The connection "timing out" is different than the connection being "refused." A refused response is the OS saying "nothing is listening on that port, so you cannot connect," vs. a timeout which has no response at all. The server takes care of refusals, the client takes care of timeouts. Significant difference there.
    • kreemoweet
      kreemoweet over 12 years
      What is your basis for saying the Win Firewall "should" be sending Connection Refused messages? I've always understood firewalls to be mere filters, allowing or dropping packets, but not generating any traffic of their own.
    • JT.
      JT. over 12 years
      kreemoweet: Right; I think the distinction here is that Windows Firewall assumes that the package should be dropped explicitly if nothing is listening on that port. Instead, the rule should apply even if nothing is listening on that port. For example, if I have a rule to accept connections on port 11211 but nothing is actively listening, the firewall should pass it through to the OS to handle the reject appropriately (instead of ignoring the rule and dropping the packet).
  • JT.
    JT. over 12 years
    That's exactly it! I can't vote up because I don't have enough reputation, but the fix did exactly what was needed! Keys: Software\Policies\Microsoft\WindowsFirewall\DomainProfile, Software\Policies\Microsoft\WindowsFirewall\PrivateProfile, Software\Policies\Microsoft\WindowsFirewall\PublicProfile, Software\Policies\Microsoft\WindowsFirewall\StandardProfile Value: "DisableStealthMode" Type: REG_DWORD. Size: Equal to size of the Data field. Data: 0x00000001 means TRUE and 0x00000000 means FALSE.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Does disabling the 'Windows Firewall' service actually work?
How does telnet get through the windows firewall?
Windows 7 Firewall blocks incoming connection even though there is an "allow" rule
Allowing a program through windows firewall
Port forwarding - ports STILL not open with W7 firewall disabled, and router configured correctly
How to connect to Windows 7 via VPN?
Why Windows Firewall does not block outgoing traffic?
Windows firewall - block all incoming connections enable/disable - CREATE SCRIPT
Possible to find out what's using javaw.exe to connect outside the network?
Win 7 firewall blocking Filezilla Server from responding to clients