The Windows 7 Firewall is running with default options to allow outbound connections and block incoming connections. I have a process trying to connect regularly from within my local network, which is fine. When the program that accepts the connection is running, all goes well. When it's not, Windows 7 Firewall is causing the connection attempt to time out instead of refusing the connection (like it should be doing).
I've tried creating rules to explicitly allow all connections on that port, but it's timing out none-the-less. I'm wondering if the firewall is blocking the RST packet from being sent back? Disabling the public profile completely causes the connection to be refused (as expected) but a firewall rule does not.
Here is the rules I've tried so far without success:
Port type, TCP, Specified port 11211, Allow the connection, apply to Domain, Private, and Public
Any suggestions?
Note: When I say "refused" I'm referring to the operating system's response to the connection saying "sorry, nothing is listening." Test this out on your local machine. Open a command prompt and type telnet localhost 60000. You should see something like this:
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
This is a connection refused. The operating system is "refusing" the request, because (at least on my system) nothing is listening on port 60000.
Now try telnet example.com 60000. Wait. You'll eventually see something like this:
Trying 192.0.43.10...
telnet: connect to address 192.0.43.10: Operation timed out
See the difference? There is no host at example.com to reply with a "refused" so your local operating system (e.g. not the server) says "nothing is there, timeout."
Very different. The problem is Windows 7 firewall is not generating the "refused" as it should be. I'd like to find out how to fix this.
Best Answer
This is due to a windows firewall feature called "stealth mode". The idea is that refusing a connection instead of timing it out will tell an attacker that there actually is a computer on that IP-Address. With the connection attempt timing out, the hope is that the attacker will ignore the computer. For more information regarding stealth mode see technet.
You can disable stealth mode by modifying the registry as documented here:
To
Software\Policies\Microsoft\WindowsFirewall\DomainProfile, Software\Policies\Microsoft\WindowsFirewall\PrivateProfile, Software\Policies\Microsoft\WindowsFirewall\PublicProfile, Software\Policies\Microsoft\WindowsFirewall\StandardProfileadd aREG_DWORDnamedDisableStealthModewith a value of0x00000001After doing so you need to restart the windows firewall service for the changes to take effect.