Windows XP/Server 2003 may be listening on UDP Port 53

Symptoms

Windows XP and/or Windows Server 2003 may be unexpectedly listening on UDP Port 53 and/or even responding to DNS queries.

netstat -aon | find ":53 "

shows

UDP 192.168.0.1:53 *:* 1234

Where 1234 is the process ID being used for svchost session for SharedAccess service.

Cause

Internet Connection Sharing (ICS) is enabled on the machine and it would be acting as a DNS Proxy on the internal (non public) interface.


Resolution

If the network card that ICS was enabled on still exist in Control Panel/Network Connections then you can simply right click on the network interface and select Properties then click on the Advanced Tab. Uncheck Allow other network users to connect through this computer's Internet connection.

If the network adapter is no longer present in the system then you could do the following

1) Take a system state backup of the machine

2) From a cmd prompt run: "Netsh firewall show config verbose=enable > fw.txt & fw.txt" (without the quotes) in order to get a listing of the current firewall configuration and rules.

3) From the cmd prompt run: "netsh firewall reset" (without the quotes) this will reset the machines firewall settings (including ICS) back to default. By default, ICS is not enabled.

4) If needed, then using the fw.txt above you could then re-add any customized firewall settings.


More Information

http://www.microsoft.com/en-us/download/details.aspx?id=23800
netsh firewall show config verbose=enable
and

http://www.microsoft.com/en-us/download/details.aspx?id=7405
in Appendix E shows an example of doing firewall rules in an unnattend.txt file
Propiedades

Id. de artículo: 2755279 - Última revisión: 21 sept. 2012 - Revisión: 1

Comentarios