WinGate Forums

WinGate Proxy Server and other Qbik products

Skip to content

Question about unusual blackholed hit entry

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Post a reply

Question about unusual blackholed hit entry

Postby George in Seattle » Aug 11 07 9:56 am

Can someone explain what I am seeing in the following firewall hit entry:

==================
Wingate firewall hit report:

Time: 8/10/2007 11:53:11 AM
Reason: Blackholed
Source MAC address: 00-01-5C-22-2A-C2
Destination MAC address: 00-14-BF-54-25-BF
Source IP Address: 6.10.69.118 : N/A
Destination IP Address: 101.238.1.0 : N/A
Protocol: 0
Time-to-live: 0
=================

Notes:

* I am getting several of these per hour and they are all strange (very low first byte, 1,2,3,4, etc) IPs. The protocol is always "0".

* Neither IP is in my black hole list, in fact for the purpose of this question, I currently have only one black hole entry which is: 58.218.177.22 - 255.255.255.255. If I remove this entry the firewall hits stop, but other IPs cause this as well.

* The destination address is not mine but the Destination MAC address is that of my cable modem which resides on my Wingate machine. In "normal" firewall hit entries the destination IP is always my assigned internet IP.

Do these entries actually mean something or are they a bug of some sort that I should ignore?

Thanks in advance!
George in Seattle
George in Seattle
 
Posts: 22
Joined: Jul 01 07 9:32 pm
Top

Postby genie » Aug 12 07 1:36 pm

Hi,
What version of Wingate are you using?
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am
Top

Postby George in Seattle » Aug 12 07 8:44 pm

I am using 6.2.2 build 1137. Thanks.
George in Seattle
George in Seattle
 
Posts: 22
Joined: Jul 01 07 9:32 pm
Top

Postby genie » Aug 12 07 10:43 pm

Was it an update or fresh install?
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am
Top

Postby George in Seattle » Aug 13 07 5:29 am

It was an update. I demoed it starting in June thru 7/29, then bought and applied a license, and then installed 6.2.2 (over existing) after I noticed it was available.

Should I uninstall and then reinstall? If so, will applying the saved registry taint the fresh install? Thanks.
George in Seattle
George in Seattle
 
Posts: 22
Joined: Jul 01 07 9:32 pm
Top

Postby genie » Aug 13 07 11:42 am

Yes, that's what I wanted to suggest - uninstall it and make sure that there is no dirver c:\windows\system32\drivers\qbikhkxp.sys left. Then install it again.
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am
Top

Postby George in Seattle » Aug 16 07 2:42 am

The fresh install appears to have corrected that problem. Thanks! However see my next message under the topic "Windows Update".
George in Seattle
George in Seattle
 
Posts: 22
Joined: Jul 01 07 9:32 pm
Top

Postby George in Seattle » Aug 16 07 2:55 am

Whoops, never mind that last comment about Windows Update. It was timing out on clients behind the firewall last night but a double check this morning shows that it is now working fine. Don't know what happened to fix it, but I'll take it :)
George in Seattle
George in Seattle
 
Posts: 22
Joined: Jul 01 07 9:32 pm
Top
Post a reply

Return to WinGate

Who is online

Users browsing this forum: Google [Bot], Majestic-12 [Bot] and 5 guests

Switch to mobile style
Powered by phpBB® Forum Software © phpBB Group
cron