Hello,
I noticed that my GW.exe changed the remote port to Anet's servers from 80 to 6112 last night.
But it AWLAYS uses 80 remote port to Anet's servers.
It's NEVER happened before.
Who decided to use 80 or 6112?
I found my Comodo blocked one suspicious TCP packet from 222.216.28.168:6000 to my computer's 1080 port. And the most strange is that target application is GW.exe!!
Does this port changing have something to do with the suspicious TCP packet?
Should I worry about this?
Is my computer infected by some maware?
I use Kaspersky Anti Virus 7.0 and Comodo Firewall Pro v3.
Thanks very much in advanced.
My Gw.exe suddenly changed the port from 80 to 6112 of Anet's server yesterday.
Ceylon Tea Cat
Neph D
Dunno.
Contact support ASAP if you are worried about a security issue.
Guru does not protect your comp. It doesn't even give hugs.
Contact support ASAP if you are worried about a security issue.
Guru does not protect your comp. It doesn't even give hugs.
Chthon
Nothing to worry about. GW alternates between those two ports each time it fails to connect. Next time it fails to connect on 6112 it will try 80 again.
Ceylon Tea Cat
Thanks a lot for replying,
And found the target was not Guild Wars. because that time GW was using the port 1080 so my Comodo logs the application as GW.
I thought my computer is protected by Kaspersky Anti-Virus and Comodo, is it? I'm quite novice in internet security.
And found the target was not Guild Wars. because that time GW was using the port 1080 so my Comodo logs the application as GW.
I thought my computer is protected by Kaspersky Anti-Virus and Comodo, is it? I'm quite novice in internet security.
bigalmax
Does this mean Guild Wars uses 6112 (by default) and then fall-backs to port 80 if 6112 fails to connect?
davehall
Quote:
|
Originally Posted by bigalmax
Does this mean Guild Wars uses 6112 (by default) and then fall-backs to port 80 if 6112 fails to connect?
|
bigalmax
I believe I just confirmed that Guild Wars tries to connect via port 6112 (by default) and then port 80 (fallback). See my post here: http://www.guildwarsguru.com/forum/s...&postcount=111
Can anyone else confirm this by blocking port 6112?
Can anyone else confirm this by blocking port 6112?
davehall
Quote:
|
Originally Posted by bigalmax
I believe I just confirmed that Guild Wars tries to connect via port 6112 (by default) and then port 80 (fallback). See my post here: http://www.guildwarsguru.com/forum/s...&postcount=111
Can anyone else confirm this by blocking port 6112? |
Keep in mind that I never done any further testing (GH chat/roaster list, Friends list, etc.)
# Protocol Source Address Source Port Destination Address Destination Port Policy ID
1 tcp 192.168.100.117 49174 64.25.39.22 6112 5Event log shows GW making about 10-15 attempts to several IP addresses on port 6112 before connecting to port 80.
2 tcp 192.168.100.117 49178 64.25.39.50 6112 5
3 tcp 192.168.100.117 49177 64.25.39.86 6112 5
17 tcp 192.168.100.25 49847 64.25.39.82 80 1
18 tcp 192.168.100.25 49848 64.25.39.37 80 1
19 tcp 192.168.100.25 49846 64.25.39.21 80 1
warning 6112/tcp 192.168.100.25 206.127.146.47
warning 6112/tcp 192.168.100.25 206.127.146.47
warning 6112/tcp 192.168.100.25 206.127.146.47
warning 6112/tcp 192.168.100.25 210.254.104.42
warning 6112/tcp 192.168.100.25 64.25.39.24
warning 6112/tcp 192.168.100.25 64.25.39.21
warning 6112/tcp 192.168.100.25 202.131.203.80
warning 6112/tcp 192.168.100.25 206.127.146.41
warning 6112/tcp 192.168.100.25 210.254.104.42
warning 6112/tcp 192.168.100.25 64.25.39.24
warning 6112/tcp 192.168.100.25 210.254.104.42
warning 6112/tcp 192.168.100.25 64.25.39.24
warning 6112/tcp 192.168.100.25 206.127.146.41
warning 6112/tcp 192.168.100.25 64.25.39.21
warning 6112/tcp 192.168.100.25 202.131.203.80
warning 6112/tcp 192.168.100.25 206.127.146.41
warning 6112/tcp 192.168.100.25 64.25.39.21
warning 6112/tcp 192.168.100.25 202.131.203.80
bigalmax
Quote:
|
Originally Posted by davehall
Currently have my main account connected to port 6112 (from another computer). Created a new firewall rule to block this port from another computer. I was able to connect/login to GW after about 8-12 seconds.
Keep in mind that I never done any further testing (GH chat/roaster list, Friends list, etc.) # Protocol Source Address Source Port Destination Address Destination Port Policy ID 1 tcp 192.168.100.117 49174 64.25.39.22 6112 5Event log shows GW making about 10-15 attempts to several IP addresses on port 6112 before connecting to port 80. warning 6112/tcp 192.168.100.25 206.127.146.47 |
Anyways, if this works it maybe a good work around with issues on port 6112 and 0% stuckage.
Chthon
Quote:
|
Originally Posted by bigalmax
Does this mean Guild Wars uses 6112 (by default) and then fall-backs to port 80 if 6112 fails to connect?
|
davehall
Quote:
|
Originally Posted by bigalmax
8-10 seconds holy cow! Are you TCP RST'ing the connection or DROPping the connection to port 6112? Are you using sometype of QoS? And are you exiting and launching GW every time you make a change the firewall? [...]
|
I did the port testing from my other computer -- simply created a firewall rule that blocks port 6112 from that computer's IP Address then launched GW on that computer.
I'm going to assume the router simply drops the packets.
Didn't do any further testing then the one time -- don't think any more is actually needed.