Kerio

Deke40 · Jan 14, 2003

I guess it is a good thing I got Kiero after I went to Roadrunner.

<img src="http://forums.techguy.org/attachment.php?s=&postid=682458">

Dark Star · Jan 14, 2003

Deke...

Yes it's a good thing that you have a good working firewall ... of course not all firewalls necessarily give all of the details but they still do the job.
Here's a summary of what my firewall stopped from getting in here just in the past 48hrs.

BlackICE PC Protection Events Log

Time........................................ Event................... Intruder, Count

01/14/2003 06:43:39 PM, HTTP port probe, TCLA01, 2
01/14/2003 06:33:57 PM, HTTP port probe, FTP, 1
01/14/2003 06:29:12 PM, TCP port probe, ACB5D872.ipt.aol.com, 3
01/14/2003 06:22:30 PM, HTTP port probe, PAUL-BILL, 2
01/14/2003 06:16:51 PM, HTTP port probe, XPSTATION, 2
01/14/2003 05:31:48 PM, HTTP port probe, GATEWAY, 4
01/14/2003 05:15:56 PM, HTTP port probe, XPSTATION, 2
01/14/2003 04:06:54 PM, HTTP port probe, GATEWAY, 4
01/14/2003 02:51:16 PM, TCP port probe, AC9E901C.ipt.aol.com, 3
01/14/2003 02:31:28 PM, TCP port probe, 61-218-111-126.HINET-IP.hinet.net, 2
01/14/2003 02:12:42 PM, HTTP port probe, pd84.koszalin.sdi.tpnet.pl, 1
01/14/2003 02:02:33 PM, HTTP port probe, HOME-53977YL2FF, 2
01/14/2003 01:46:32 PM, BlackICE detection started, 0.0.0.0, 1
01/14/2003 11:32:37 AM, BlackICE detection stopped, 0.0.0.0, 1
01/14/2003 11:24:20 AM, HTTP port probe, HOME-53977YL2FF, 5
01/13/2003 10:21:29 PM, HTTP port probe, XPSTATION, 2
01/13/2003 09:45:54 PM, TCP port probe, DHCP-328-240, 2
01/13/2003 09:29:48 PM, HTTP port probe, www.anep.com.dz, 3
01/13/2003 09:19:06 PM, HTTP port probe, GATEWAY, 2
01/13/2003 08:57:23 PM, HTTP port probe, GATEWAY, 2
01/13/2003 06:46:10 PM, HTTP port probe, AYAIC, 2
01/13/2003 05:59:22 PM, TCP port probe, www.nli-networks.com, 1
01/13/2003 03:10:09 PM, HTTP port probe, MASTER-L96E3ORQ, 2
01/13/2003 02:22:42 PM, HTTP port probe, SERVER, 3
01/13/2003 02:12:22 PM, HTTP port probe, DAVEWU, 2
01/13/2003 01:52:56 PM, HTTP port probe, DANIEL-39K6IHC7, 2
01/13/2003 01:47:05 PM, HTTP port probe, CHALK1-SAPPER, 2
01/13/2003 01:37:39 PM, HTTP port probe, DANIEL-39K6IHC7, 2
01/13/2003 01:04:03 PM, HTTP port probe, d233-169-225.nap.wideopenwest.com, 3
01/13/2003 01:03:36 PM, SQL port probe, 210.117.86.158, 3
01/13/2003 12:51:56 PM, TCP port probe, ACAEB3EF.ipt.aol.com, 3
01/13/2003 12:14:35 PM, FTP port probe, 220.77.129.65, 2
01/13/2003 11:56:59 AM, HTTP port probe, DAVEWU, 2
01/13/2003 11:07:27 AM, TCP port probe, 66.192.107.26, 1
01/13/2003 11:04:47 AM, HTTP port probe, XPSTATION, 2
01/13/2003 10:59:22 AM, TCP port probe, 196.40.36.50, 2
01/13/2003 10:27:45 AM, HTTP port probe, CHALK1-SAPPER, 1
01/13/2003 10:08:04 AM, HTTP port probe, DAVEWU, 2
01/13/2003 09:58:37 AM, HTTP port probe, XPSTATION, 4
01/13/2003 09:58:29 AM, HTTP port probe, AFontenayssB-110-1-2-98.abo.wanadoo.fr, 3
01/13/2003 09:56:36 AM, NetBIOS port probe, DOUSYL, 3
01/13/2003 08:49:12 AM, HTTP port probe, MASTER-L96E3ORQ, 2
01/13/2003 06:47:23 AM, TCP port probe, radar.dhz.hr, 2
01/13/2003 06:24:34 AM, HTTP port probe, DAVEWU, 2
01/13/2003 06:05:30 AM, TCP port probe, pcp01711826pcs.nrockv01.md.comcast.net, 3
01/13/2003 06:03:43 AM, HTTP port probe, CHALK1-SAPPER, 2
01/13/2003 05:21:49 AM, HTTP port probe, DANIEL-39K6IHC7, 2
01/13/2003 05:04:08 AM, TCP port probe, OEMCOMPUTER, 3
01/13/2003 03:51:25 AM, TCP port probe, HPPAV, 3
01/13/2003 03:23:23 AM, FTP port probe, BALTO, 2
01/13/2003 03:22:21 AM, TCP port probe, BALTO, 3
01/13/2003 03:21:32 AM, HTTP port probe, BALTO, 2
01/13/2003 02:47:00 AM, TCP port probe, HPPAV, 3
01/13/2003 01:56:58 AM, HTTP port probe, CHALK1-SAPPER, 2
01/13/2003 01:15:30 AM, HTTP port probe, DANIEL-39K6IHC7, 2
01/13/2003 12:46:29 AM, HTTP port probe, DAVEWU, 2
01/13/2003 12:32:14 AM, HTTP port probe, PAUL-BILL, 1
01/13/2003 12:26:41 AM, HTTP port probe, DAVEWU, 2
01/13/2003 12:13:34 AM, HTTP port probe, CHALK1-SAPPER, 2
01/13/2003 12:09:25 AM, HTTP port probe, DAVEWU, 2
01/13/2003 12:06:46 AM, NetBIOS port probe, KINGPIN, 4

Intruder Details Blocked State

0, www.nli-networks.com
0, www.anep.com.dz
0, radar.dhz.hr
0, pool-151-201-153-51.phil.east.verizon.net
0, pcp01711826pcs.nrockv01.md.comcast.net
0, pcp01470332pcs.lncstr01.pa.comcast.net
0, pD9E754AE.dip.t-dialin.net
0, p0546.nas7-asd3.dial.wanadoo.nl
0, ool-182c524b.dyn.optonline.net
0, lsanca1-ar5-4-60-193-030.lsanca1.dsl-verizon.net
0, lsanca1-ar5-4-60-051-107.lsanca1.dsl-verizon.net
0, lsanca1-ar2-4-60-015-054.lsanca1.dsl-verizon.net
0, d53-225-214.clv.wideopenwest.com
0, d233-169-225.nap.wideopenwest.com
0, XPSTATION
0, WORKGROU-0CAPIS
0, USER-C4PS1ZELYR
0, SERVER
0, SERVER
0, PAUL-BILL
0, OEMCOMPUTER
0, OEMCOMPUTER
0, OEMCOMPUTER
0, MASTER-L96E3ORQ
0, KINGPIN
0, HPPAV
0, HPPAV
0, HPPAV
0, HOME-53977YL2FF
0, GREGG32
0, GATEWAY
0, GATEWAY
0, GATEWAY
0, EMK_LAPTOP
0, DOUSYL
0, DOUSYL
0, DJ870421
0, DHCP-328-240
0, DAVEWU
0, DAVE
0, DANIEL-39K6IHC7
0, CPROETTXP1600
0, COMP
0, CHALK1-SAPPER
0, BALTO
0, AYAIC
0, AYAIC
0, ACAEB3EF.ipt.aol.com
0, AC91DD62.ipt.aol.com
0, 66.192.107.26
0, 61.100.12.113
0, 61-218-111-126.HINET-IP.hinet.net
0, 220.77.129.65
0, 218-162-37-16.HINET-IP.hinet.net
0, 213.77.183.84
0, 213-98-68-214.uc.nombres.ttd.es
0, 210.90.225.126
0, 210.117.86.158
0, 196.40.36.50
0, 172.181.216.114
0, 172.158.144.28
0, 12-252-199-174.client.attbi.com

Deke40 · Jan 14, 2003

DS- You got me to thinking. I haven't looked into Kerio since downloading it last week. After reading your post I found out how to have Kerio create a log file. Thanks for the push.

Dark Star · Jan 15, 2003

A log file is a good thing to look at because it does give you an idea of who and what and most important to what extent you're getting hit.

It took me a while to get used to the log file because every-time I looked it was... well as you can see quite lengthy. After a quick review I clear it every two or three days. There's no real need to try and dissect each entry line for line, after a while I learned what to look for... this one has a 3 color system to highlight the threat level urgency, yellow is common, orange gets my attention, and red entries are seldom I've seen one or two in six months.
It all gets blocked regardless of the type of attempted intrusion and the severity of it, but it's nice to see who, what and to what extent.

Anyone on DSL or Cable that thinks it's safe to be without a good firewall should take just one good look at any good firewall log file for just a 48hr period and I'm sure they'd be convinced otherwise.

DS

Log in or Sign up

Kerio

Deke40 Thread Starter

Attached Files:

gone.jpg

Dark Star

Deke40 Thread Starter

Dark Star

Welcome to Tech Support Guy!

Log in or Sign up

Kerio

Deke40 Thread Starter

Attached Files:

gone.jpg

Dark Star

Deke40 Thread Starter

Dark Star

Welcome to Tech Support Guy!

Useful Searches