Descriptions of "reason" in firewall tab
Moderator: Qbik Staff
6 posts
• Page 1 of 1
Descriptions of "reason" in firewall tab
by George in Seattle » Aug 26 07 11:03 pm
Where can I find explanations of all the possible hit "reasons" in the firewall tab? While I can guess at what some mean, for others I have no idea what they mean. It is not where I expect to find it in the otherwise great help text. Thanks.
George in Seattle
- George in Seattle
- Posts: 22
- Joined: Jul 01 07 9:32 pm
by jamesc » Aug 29 07 10:43 pm
Hi George,
I have been meaning to get this answered for you - I will try and get the details from some of the senior staff memebers tomorrow.
James
I have been meaning to get this answered for you - I will try and get the details from some of the senior staff memebers tomorrow.
James
The changes between version 6.x releases can be reviewed here:
http://www.wingate.com/showfaq.php?faqid=2
Skype: wingatejames
http://www.wingate.com/showfaq.php?faqid=2
Skype: wingatejames
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by George in Seattle » Sep 01 07 11:25 am
Thanks for the replies! I'm sure most of it is background "noise" but once in a while certain messages like "checksum error" (and I forget the others) pop up. I'm not that well versed in network lingo to recognize the important ones.
George in Seattle
George in Seattle
George in Seattle
- George in Seattle
- Posts: 22
- Joined: Jul 01 07 9:32 pm
by genie » Sep 03 07 12:09 am
Checksum error is a message which indicates that there was a packet found (and ignored) which has been corrupted (checksum does not match) - if there are too many of such messages it means that either there is some faulty hardware on the way or someone is trying to analyse the protection of your network. The former, most probably, though.
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
Re: Descriptions of "reason" in firewall tab
by Nev » Sep 03 07 1:05 am
Hi all,
Well, at a glance:
It is also possible to look at extended logging by right clicking any Firewall Hit and copying to the clipboard like these.
Wingate firewall hit report:
Time: 02/09/2007 21:53:31
Reason: Port Range
Source MAC address: 06-F6-20-00-03-00
Destination MAC address: 00-00-00-00-00-00
Source IP Address: 24.64.176.151 : 33609
Destination IP Address: 144.165.210.250 : 1026
Protocol: UDP
Time-to-live: 67
Wingate firewall hit report:
Time: 02/09/2007 21:41:52
Reason: Port Range
Source MAC address: 06-F6-20-00-03-00
Destination MAC address: 00-00-00-00-00-00
Source IP Address: 58.47.141.26 : 6000
Destination IP Address: 144.165.210.250 : 2967
Protocol: TCP
TCP flags: S
Time-to-live: 100
Actually, it explained in the Firewall entry for ENS with the highlight on the logging result, so S is SYN Flood etc.
The rest can be Googled!
Well, at a glance:
- R = Reset expired connections mostly seem to be from remote web servers
S = Port Scan most important to be recognised most seem to NetBios or MS-DS
ICMP = Remote computer sending ping packets to your IP
It is also possible to look at extended logging by right clicking any Firewall Hit and copying to the clipboard like these.
Wingate firewall hit report:
Time: 02/09/2007 21:53:31
Reason: Port Range
Source MAC address: 06-F6-20-00-03-00
Destination MAC address: 00-00-00-00-00-00
Source IP Address: 24.64.176.151 : 33609
Destination IP Address: 144.165.210.250 : 1026
Protocol: UDP
Time-to-live: 67
Wingate firewall hit report:
Time: 02/09/2007 21:41:52
Reason: Port Range
Source MAC address: 06-F6-20-00-03-00
Destination MAC address: 00-00-00-00-00-00
Source IP Address: 58.47.141.26 : 6000
Destination IP Address: 144.165.210.250 : 2967
Protocol: TCP
TCP flags: S
Time-to-live: 100
Actually, it explained in the Firewall entry for ENS with the highlight on the logging result, so S is SYN Flood etc.
The rest can be Googled!
--
Nev.
Nev.
- Nev
- WinGate Guru
- Posts: 861
- Joined: Sep 22 03 11:35 pm
- Location: Mudgee ~ NSW ~ Australia
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests