PDA

View Full Version : Entries in Firewall log file - what do they mean?



Morgenmuffel
07-08-2007, 01:22 PM
Basically this hundreds of times a day from various source IP addresses and source ports all so using TCP protocal for about 40% of them


Type: Firewall
Time: 08:59:58
Protocol: UDP
Source IP Address: 90.227.15.210
Source Port: 9446
Destination IP Address: 192.168.1.6
Destination Port: 6881
Application Path: ---
Application Description: ---
Description: Security Rule Matched

Speedy Gonzales
07-08-2007, 01:51 PM
Well the source obviously is where its from the destination IP is you.

Most of them are just pings or ppl checking you out.

And unless the port the person is using belongs to a known trojan / worm, I wouldnt worry about it.

And where its got security rule matched, a rule is already in the firewall, which is why it blocked it.

Bozo
07-08-2007, 04:46 PM
As mentioned above, the entries are merely logging the information that you have asked your firewall to record. If you don't want so much displayed, adjust your firewall settings. Out of interest what firewall are you using? a stand alone or a software firewall? i notice that you have 6881 open - lol, the default port for Azureus.
Don't just assume that everything is ok, attacking and taking control over a machine with ports open is a simple task, and to then overtake that pc, and use it to launch attacks onto other pc's is easy - even without you even knowing. I just finished a lecture from Jesper Johannson - a Microsoft speaker from Tech Ed 2005 teaching all about this sort of stuff.

I advise you to run some port scanners on your machine:
http://probe.hackerwatch.org/probe/probe.asp
http://www.famatech.com/products/utilities/portscanner.php
and make sure you only have the ports open that you need.