1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Kerio

Discussion in 'Tech Tips and Reviews' started by Deke40, Jan 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Deke40

    Deke40 Thread Starter

    Joined:
    Jun 27, 2002
    Messages:
    6,079
    I guess it is a good thing I got Kiero after I went to Roadrunner.

    <img src="http://forums.techguy.org/attachment.php?s=&postid=682458">
     

    Attached Files:

  2. Dark Star

    Dark Star

    Joined:
    Jun 8, 2001
    Messages:
    3,054
    Deke...

    Yes it's a good thing that you have a good working firewall ... of course not all firewalls necessarily give all of the details but they still do the job.
    Here's a summary of what my firewall stopped from getting in here just in the past 48hrs.


    BlackICE PC Protection Events Log

    Time........................................ Event................... Intruder, Count

    01/14/2003 06:43:39 PM, HTTP port probe, TCLA01, 2
    01/14/2003 06:33:57 PM, HTTP port probe, FTP, 1
    01/14/2003 06:29:12 PM, TCP port probe, ACB5D872.ipt.aol.com, 3
    01/14/2003 06:22:30 PM, HTTP port probe, PAUL-BILL, 2
    01/14/2003 06:16:51 PM, HTTP port probe, XPSTATION, 2
    01/14/2003 05:31:48 PM, HTTP port probe, GATEWAY, 4
    01/14/2003 05:15:56 PM, HTTP port probe, XPSTATION, 2
    01/14/2003 04:06:54 PM, HTTP port probe, GATEWAY, 4
    01/14/2003 02:51:16 PM, TCP port probe, AC9E901C.ipt.aol.com, 3
    01/14/2003 02:31:28 PM, TCP port probe, 61-218-111-126.HINET-IP.hinet.net, 2
    01/14/2003 02:12:42 PM, HTTP port probe, pd84.koszalin.sdi.tpnet.pl, 1
    01/14/2003 02:02:33 PM, HTTP port probe, HOME-53977YL2FF, 2
    01/14/2003 01:46:32 PM, BlackICE detection started, 0.0.0.0, 1
    01/14/2003 11:32:37 AM, BlackICE detection stopped, 0.0.0.0, 1
    01/14/2003 11:24:20 AM, HTTP port probe, HOME-53977YL2FF, 5
    01/13/2003 10:21:29 PM, HTTP port probe, XPSTATION, 2
    01/13/2003 09:45:54 PM, TCP port probe, DHCP-328-240, 2
    01/13/2003 09:29:48 PM, HTTP port probe, www.anep.com.dz, 3
    01/13/2003 09:19:06 PM, HTTP port probe, GATEWAY, 2
    01/13/2003 08:57:23 PM, HTTP port probe, GATEWAY, 2
    01/13/2003 06:46:10 PM, HTTP port probe, AYAIC, 2
    01/13/2003 05:59:22 PM, TCP port probe, www.nli-networks.com, 1
    01/13/2003 03:10:09 PM, HTTP port probe, MASTER-L96E3ORQ, 2
    01/13/2003 02:22:42 PM, HTTP port probe, SERVER, 3
    01/13/2003 02:12:22 PM, HTTP port probe, DAVEWU, 2
    01/13/2003 01:52:56 PM, HTTP port probe, DANIEL-39K6IHC7, 2
    01/13/2003 01:47:05 PM, HTTP port probe, CHALK1-SAPPER, 2
    01/13/2003 01:37:39 PM, HTTP port probe, DANIEL-39K6IHC7, 2
    01/13/2003 01:04:03 PM, HTTP port probe, d233-169-225.nap.wideopenwest.com, 3
    01/13/2003 01:03:36 PM, SQL port probe, 210.117.86.158, 3
    01/13/2003 12:51:56 PM, TCP port probe, ACAEB3EF.ipt.aol.com, 3
    01/13/2003 12:14:35 PM, FTP port probe, 220.77.129.65, 2
    01/13/2003 11:56:59 AM, HTTP port probe, DAVEWU, 2
    01/13/2003 11:07:27 AM, TCP port probe, 66.192.107.26, 1
    01/13/2003 11:04:47 AM, HTTP port probe, XPSTATION, 2
    01/13/2003 10:59:22 AM, TCP port probe, 196.40.36.50, 2
    01/13/2003 10:27:45 AM, HTTP port probe, CHALK1-SAPPER, 1
    01/13/2003 10:08:04 AM, HTTP port probe, DAVEWU, 2
    01/13/2003 09:58:37 AM, HTTP port probe, XPSTATION, 4
    01/13/2003 09:58:29 AM, HTTP port probe, AFontenayssB-110-1-2-98.abo.wanadoo.fr, 3
    01/13/2003 09:56:36 AM, NetBIOS port probe, DOUSYL, 3
    01/13/2003 08:49:12 AM, HTTP port probe, MASTER-L96E3ORQ, 2
    01/13/2003 06:47:23 AM, TCP port probe, radar.dhz.hr, 2
    01/13/2003 06:24:34 AM, HTTP port probe, DAVEWU, 2
    01/13/2003 06:05:30 AM, TCP port probe, pcp01711826pcs.nrockv01.md.comcast.net, 3
    01/13/2003 06:03:43 AM, HTTP port probe, CHALK1-SAPPER, 2
    01/13/2003 05:21:49 AM, HTTP port probe, DANIEL-39K6IHC7, 2
    01/13/2003 05:04:08 AM, TCP port probe, OEMCOMPUTER, 3
    01/13/2003 03:51:25 AM, TCP port probe, HPPAV, 3
    01/13/2003 03:23:23 AM, FTP port probe, BALTO, 2
    01/13/2003 03:22:21 AM, TCP port probe, BALTO, 3
    01/13/2003 03:21:32 AM, HTTP port probe, BALTO, 2
    01/13/2003 02:47:00 AM, TCP port probe, HPPAV, 3
    01/13/2003 01:56:58 AM, HTTP port probe, CHALK1-SAPPER, 2
    01/13/2003 01:15:30 AM, HTTP port probe, DANIEL-39K6IHC7, 2
    01/13/2003 12:46:29 AM, HTTP port probe, DAVEWU, 2
    01/13/2003 12:32:14 AM, HTTP port probe, PAUL-BILL, 1
    01/13/2003 12:26:41 AM, HTTP port probe, DAVEWU, 2
    01/13/2003 12:13:34 AM, HTTP port probe, CHALK1-SAPPER, 2
    01/13/2003 12:09:25 AM, HTTP port probe, DAVEWU, 2
    01/13/2003 12:06:46 AM, NetBIOS port probe, KINGPIN, 4

    Intruder Details Blocked State

    0, www.nli-networks.com
    0, www.anep.com.dz
    0, radar.dhz.hr
    0, pool-151-201-153-51.phil.east.verizon.net
    0, pcp01711826pcs.nrockv01.md.comcast.net
    0, pcp01470332pcs.lncstr01.pa.comcast.net
    0, pD9E754AE.dip.t-dialin.net
    0, p0546.nas7-asd3.dial.wanadoo.nl
    0, ool-182c524b.dyn.optonline.net
    0, lsanca1-ar5-4-60-193-030.lsanca1.dsl-verizon.net
    0, lsanca1-ar5-4-60-051-107.lsanca1.dsl-verizon.net
    0, lsanca1-ar2-4-60-015-054.lsanca1.dsl-verizon.net
    0, d53-225-214.clv.wideopenwest.com
    0, d233-169-225.nap.wideopenwest.com
    0, XPSTATION
    0, WORKGROU-0CAPIS
    0, USER-C4PS1ZELYR
    0, SERVER
    0, SERVER
    0, PAUL-BILL
    0, OEMCOMPUTER
    0, OEMCOMPUTER
    0, OEMCOMPUTER
    0, MASTER-L96E3ORQ
    0, KINGPIN
    0, HPPAV
    0, HPPAV
    0, HPPAV
    0, HOME-53977YL2FF
    0, GREGG32
    0, GATEWAY
    0, GATEWAY
    0, GATEWAY
    0, EMK_LAPTOP
    0, DOUSYL
    0, DOUSYL
    0, DJ870421
    0, DHCP-328-240
    0, DAVEWU
    0, DAVE
    0, DANIEL-39K6IHC7
    0, CPROETTXP1600
    0, COMP
    0, CHALK1-SAPPER
    0, BALTO
    0, AYAIC
    0, AYAIC
    0, ACAEB3EF.ipt.aol.com
    0, AC91DD62.ipt.aol.com
    0, 66.192.107.26
    0, 61.100.12.113
    0, 61-218-111-126.HINET-IP.hinet.net
    0, 220.77.129.65
    0, 218-162-37-16.HINET-IP.hinet.net
    0, 213.77.183.84
    0, 213-98-68-214.uc.nombres.ttd.es
    0, 210.90.225.126
    0, 210.117.86.158
    0, 196.40.36.50
    0, 172.181.216.114
    0, 172.158.144.28
    0, 12-252-199-174.client.attbi.com
     
  3. Deke40

    Deke40 Thread Starter

    Joined:
    Jun 27, 2002
    Messages:
    6,079
    DS- You got me to thinking. I haven't looked into Kerio since downloading it last week. After reading your post I found out how to have Kerio create a log file. Thanks for the push.
     
  4. Dark Star

    Dark Star

    Joined:
    Jun 8, 2001
    Messages:
    3,054
    A log file is a good thing to look at because it does give you an idea of who and what and most important to what extent you're getting hit.

    It took me a while to get used to the log file because every-time I looked it was... well as you can see quite lengthy. After a quick review I clear it every two or three days. There's no real need to try and dissect each entry line for line, after a while I learned what to look for... this one has a 3 color system to highlight the threat level urgency, yellow is common, orange gets my attention, and red entries are seldom I've seen one or two in six months.
    It all gets blocked regardless of the type of attempted intrusion and the severity of it, but it's nice to see who, what and to what extent.

    Anyone on DSL or Cable that thinks it's safe to be without a good firewall should take just one good look at any good firewall log file for just a 48hr period and I'm sure they'd be convinced otherwise.

    DS
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/113289

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice