Can someone explain what some entries in the firewall log mean?

Discussion in 'ESET Smart Security' started by dannyeluciane, Sep 28, 2009.

Thread Status:
Not open for further replies.
  1. dannyeluciane

    dannyeluciane Registered Member

    Joined:
    May 22, 2008
    Posts:
    70
    Location:
    USA
    I was looking in the firewall log and notice some entries, a lot of the same thing repeating over and over.

    Can someone tell me what they mean and if I need to do something to make sure my computer is safe?

    28/9/2009 17:48:59 Comunicação negada por regra (communication denied by rule) 192.168.15.2:138 192.168.15.255:138 UDP Bloquear solicitações NETBIOS de saída (Blocked NETBIOS Exit Solicitations) System AUTORIDADE NT\SYSTEM (Authority NT\SYSTEM)


    28/9/2009 17:37:59 Pacote bloqueado pela defesa ativa (IDS)
    (Packet Blocked By Active Defense (IDS)) 192.168.15.2:4869 174.133.197.156:80 TCP

    28/9/2009 17:26:11 Pacote bloqueado pela defesa ativa (IDS)(Packet Blocked By Active Defense (IDS)) 192.168.15.2:4057 63.236.18.139:80 TCP

    I use ESET Smart Security v.4.0.467.0 (Brazilian Portuguese). I roughly translated the text to English. The translation is italicized.

    I have the Firewall set on Automatic Mode.

    Base de dados de assinaturas de vírus: 4465 (2009092:cool:
    Módulo de atualização: 1028 (20090302)
    Módulo de rastreamento antivírus e antispyware: 1239 (20090925)
    Módulo de heurística avançada: 1098 (20090924)
    Módulo de suporte de arquivo: 1103 (20090923)
    Módulo de limpeza: 1044 (20090826)
    Suporte ao módulo Anti-Stealth: 1012 (20090526)
    Módulo de firewall pessoal: 1051 (20090812)
    Módulo antispam: 1012 (2009060:cool:
    Módulo SysInspector: 1213 (20090902)
    Suporte ao módulo Auto-Proteção: 1009 (20090917)


    Thanks,
    Danny
     
  2. dallas7

    dallas7 Guest

    174.133.197.156 is www.superantispyware.com. 63.236.18.139 is assigned to Qwest communications. Only you can answer what you have running on your system that would evoke those connections.

    The 192.168.15.255 port 138 UDP broadcast is used by Windows networking and if I remember correctly I believe it's the Computer Browser service (svchost.exe -k netsvcs). You're probably seeing that because you have that service and NetBios over TCP/IP enabled.

    To answer your question: none of that looks malicious. Your firewall is doing its job even if it is wasting it's time. :)
     
  3. dannyeluciane

    dannyeluciane Registered Member

    Joined:
    May 22, 2008
    Posts:
    70
    Location:
    USA
    Dallas7 Thank you for your help.

    I use superantispyware free, but I don't know what would be trying to connect to qwest communications.

    Do I need the service and NetBios over TCP/IP enabled? What does it do? How can I disable it?

    I found another entry, if you or someone could explain to me:

    29/9/2009 09:01:42 Regra não utilizável encontrada Rule not utilizable/applicable found. 192.168.15.2 224.0.0.22 IGMP

    Thanks,
    Danny.
     
Thread Status:
Not open for further replies.