Kerio

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
Deke40

Deke40

Thread Starter
Joined
Jun 27, 2002
Messages
6,160
I guess it is a good thing I got Kiero after I went to Roadrunner.

<img src="http://forums.techguy.org/attachment.php?s=&postid=682458">
 

Attachments

Dark Star

Dark Star

Joined
Jun 8, 2001
Messages
3,054
Deke...

Yes it's a good thing that you have a good working firewall ... of course not all firewalls necessarily give all of the details but they still do the job.
Here's a summary of what my firewall stopped from getting in here just in the past 48hrs.


BlackICE PC Protection Events Log

Time........................................ Event................... Intruder, Count

01/14/2003 06:43:39 PM, HTTP port probe, TCLA01, 2
01/14/2003 06:33:57 PM, HTTP port probe, FTP, 1
01/14/2003 06:29:12 PM, TCP port probe, ACB5D872.ipt.aol.com, 3
01/14/2003 06:22:30 PM, HTTP port probe, PAUL-BILL, 2
01/14/2003 06:16:51 PM, HTTP port probe, XPSTATION, 2
01/14/2003 05:31:48 PM, HTTP port probe, GATEWAY, 4
01/14/2003 05:15:56 PM, HTTP port probe, XPSTATION, 2
01/14/2003 04:06:54 PM, HTTP port probe, GATEWAY, 4
01/14/2003 02:51:16 PM, TCP port probe, AC9E901C.ipt.aol.com, 3
01/14/2003 02:31:28 PM, TCP port probe, 61-218-111-126.HINET-IP.hinet.net, 2
01/14/2003 02:12:42 PM, HTTP port probe, pd84.koszalin.sdi.tpnet.pl, 1
01/14/2003 02:02:33 PM, HTTP port probe, HOME-53977YL2FF, 2
01/14/2003 01:46:32 PM, BlackICE detection started, 0.0.0.0, 1
01/14/2003 11:32:37 AM, BlackICE detection stopped, 0.0.0.0, 1
01/14/2003 11:24:20 AM, HTTP port probe, HOME-53977YL2FF, 5
01/13/2003 10:21:29 PM, HTTP port probe, XPSTATION, 2
01/13/2003 09:45:54 PM, TCP port probe, DHCP-328-240, 2
01/13/2003 09:29:48 PM, HTTP port probe, www.anep.com.dz, 3
01/13/2003 09:19:06 PM, HTTP port probe, GATEWAY, 2
01/13/2003 08:57:23 PM, HTTP port probe, GATEWAY, 2
01/13/2003 06:46:10 PM, HTTP port probe, AYAIC, 2
01/13/2003 05:59:22 PM, TCP port probe, www.nli-networks.com, 1
01/13/2003 03:10:09 PM, HTTP port probe, MASTER-L96E3ORQ, 2
01/13/2003 02:22:42 PM, HTTP port probe, SERVER, 3
01/13/2003 02:12:22 PM, HTTP port probe, DAVEWU, 2
01/13/2003 01:52:56 PM, HTTP port probe, DANIEL-39K6IHC7, 2
01/13/2003 01:47:05 PM, HTTP port probe, CHALK1-SAPPER, 2
01/13/2003 01:37:39 PM, HTTP port probe, DANIEL-39K6IHC7, 2
01/13/2003 01:04:03 PM, HTTP port probe, d233-169-225.nap.wideopenwest.com, 3
01/13/2003 01:03:36 PM, SQL port probe, 210.117.86.158, 3
01/13/2003 12:51:56 PM, TCP port probe, ACAEB3EF.ipt.aol.com, 3
01/13/2003 12:14:35 PM, FTP port probe, 220.77.129.65, 2
01/13/2003 11:56:59 AM, HTTP port probe, DAVEWU, 2
01/13/2003 11:07:27 AM, TCP port probe, 66.192.107.26, 1
01/13/2003 11:04:47 AM, HTTP port probe, XPSTATION, 2
01/13/2003 10:59:22 AM, TCP port probe, 196.40.36.50, 2
01/13/2003 10:27:45 AM, HTTP port probe, CHALK1-SAPPER, 1
01/13/2003 10:08:04 AM, HTTP port probe, DAVEWU, 2
01/13/2003 09:58:37 AM, HTTP port probe, XPSTATION, 4
01/13/2003 09:58:29 AM, HTTP port probe, AFontenayssB-110-1-2-98.abo.wanadoo.fr, 3
01/13/2003 09:56:36 AM, NetBIOS port probe, DOUSYL, 3
01/13/2003 08:49:12 AM, HTTP port probe, MASTER-L96E3ORQ, 2
01/13/2003 06:47:23 AM, TCP port probe, radar.dhz.hr, 2
01/13/2003 06:24:34 AM, HTTP port probe, DAVEWU, 2
01/13/2003 06:05:30 AM, TCP port probe, pcp01711826pcs.nrockv01.md.comcast.net, 3
01/13/2003 06:03:43 AM, HTTP port probe, CHALK1-SAPPER, 2
01/13/2003 05:21:49 AM, HTTP port probe, DANIEL-39K6IHC7, 2
01/13/2003 05:04:08 AM, TCP port probe, OEMCOMPUTER, 3
01/13/2003 03:51:25 AM, TCP port probe, HPPAV, 3
01/13/2003 03:23:23 AM, FTP port probe, BALTO, 2
01/13/2003 03:22:21 AM, TCP port probe, BALTO, 3
01/13/2003 03:21:32 AM, HTTP port probe, BALTO, 2
01/13/2003 02:47:00 AM, TCP port probe, HPPAV, 3
01/13/2003 01:56:58 AM, HTTP port probe, CHALK1-SAPPER, 2
01/13/2003 01:15:30 AM, HTTP port probe, DANIEL-39K6IHC7, 2
01/13/2003 12:46:29 AM, HTTP port probe, DAVEWU, 2
01/13/2003 12:32:14 AM, HTTP port probe, PAUL-BILL, 1
01/13/2003 12:26:41 AM, HTTP port probe, DAVEWU, 2
01/13/2003 12:13:34 AM, HTTP port probe, CHALK1-SAPPER, 2
01/13/2003 12:09:25 AM, HTTP port probe, DAVEWU, 2
01/13/2003 12:06:46 AM, NetBIOS port probe, KINGPIN, 4

Intruder Details Blocked State

0, www.nli-networks.com
0, www.anep.com.dz
0, radar.dhz.hr
0, pool-151-201-153-51.phil.east.verizon.net
0, pcp01711826pcs.nrockv01.md.comcast.net
0, pcp01470332pcs.lncstr01.pa.comcast.net
0, pD9E754AE.dip.t-dialin.net
0, p0546.nas7-asd3.dial.wanadoo.nl
0, ool-182c524b.dyn.optonline.net
0, lsanca1-ar5-4-60-193-030.lsanca1.dsl-verizon.net
0, lsanca1-ar5-4-60-051-107.lsanca1.dsl-verizon.net
0, lsanca1-ar2-4-60-015-054.lsanca1.dsl-verizon.net
0, d53-225-214.clv.wideopenwest.com
0, d233-169-225.nap.wideopenwest.com
0, XPSTATION
0, WORKGROU-0CAPIS
0, USER-C4PS1ZELYR
0, SERVER
0, SERVER
0, PAUL-BILL
0, OEMCOMPUTER
0, OEMCOMPUTER
0, OEMCOMPUTER
0, MASTER-L96E3ORQ
0, KINGPIN
0, HPPAV
0, HPPAV
0, HPPAV
0, HOME-53977YL2FF
0, GREGG32
0, GATEWAY
0, GATEWAY
0, GATEWAY
0, EMK_LAPTOP
0, DOUSYL
0, DOUSYL
0, DJ870421
0, DHCP-328-240
0, DAVEWU
0, DAVE
0, DANIEL-39K6IHC7
0, CPROETTXP1600
0, COMP
0, CHALK1-SAPPER
0, BALTO
0, AYAIC
0, AYAIC
0, ACAEB3EF.ipt.aol.com
0, AC91DD62.ipt.aol.com
0, 66.192.107.26
0, 61.100.12.113
0, 61-218-111-126.HINET-IP.hinet.net
0, 220.77.129.65
0, 218-162-37-16.HINET-IP.hinet.net
0, 213.77.183.84
0, 213-98-68-214.uc.nombres.ttd.es
0, 210.90.225.126
0, 210.117.86.158
0, 196.40.36.50
0, 172.181.216.114
0, 172.158.144.28
0, 12-252-199-174.client.attbi.com
 
Deke40

Deke40

Thread Starter
Joined
Jun 27, 2002
Messages
6,160
DS- You got me to thinking. I haven't looked into Kerio since downloading it last week. After reading your post I found out how to have Kerio create a log file. Thanks for the push.
 
Dark Star

Dark Star

Joined
Jun 8, 2001
Messages
3,054
A log file is a good thing to look at because it does give you an idea of who and what and most important to what extent you're getting hit.

It took me a while to get used to the log file because every-time I looked it was... well as you can see quite lengthy. After a quick review I clear it every two or three days. There's no real need to try and dissect each entry line for line, after a while I learned what to look for... this one has a 3 color system to highlight the threat level urgency, yellow is common, orange gets my attention, and red entries are seldom I've seen one or two in six months.
It all gets blocked regardless of the type of attempted intrusion and the severity of it, but it's nice to see who, what and to what extent.

Anyone on DSL or Cable that thinks it's safe to be without a good firewall should take just one good look at any good firewall log file for just a 48hr period and I'm sure they'd be convinced otherwise.

DS
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 311 (members: 4, guests: 307)
Top