Kerio 2.15 Log worries

Discussion in 'other firewalls' started by pacifist, Apr 25, 2004.

Thread Status:
Not open for further replies.
  1. pacifist

    pacifist Registered Member

    Joined:
    Feb 24, 2004
    Posts:
    8
    Every week or so I see the log has blocked a few connections coming from the same address, but today I see the log contains many attempted connections.

    Could someone please elaborate?

    1,[25/Apr/2004 11:24:18] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3221]->localhost:13376, Owner: no owner
    1,[25/Apr/2004 11:24:24] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3221]->localhost:13376, Owner: no owner
    1,[25/Apr/2004 11:25:00] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3359]->localhost:13376, Owner: no owner
    1,[25/Apr/2004 11:25:02] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3359]->localhost:13376, Owner: no owner
    1,[25/Apr/2004 11:25:08] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3359]->localhost:13376, Owner: no owner
    1,[25/Apr/2004 11:25:44] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3490]->localhost:13376, Owner: no owner
    1,[25/Apr/2004 11:25:46] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3490]->localhost:13376, Owner: no owner
    1,[25/Apr/2004 11:25:52] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3490]->localhost:13376, Owner: no owner
    1,[25/Apr/2004 11:26:30] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3628]->localhost:13376, Owner: no owner
    1,[25/Apr/2004 11:26:40] Rule 'Packet to unopened port received': Blocked: In TCP, pD9EF014A.dip.t-dialin.net [217.239.1.74:3628]->localhost:13376, Owner: no owner

    The above is just a small extract.

    Thanks for any help
     
    pacifist, Apr 25, 2004
    #1
  2. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    I am not a Kerio expert by no means, but I would say your firewall is doing it's job being as how the log entries all say blocked.
     
    Slovak, Apr 25, 2004
    #2
  3. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    You have nothing listening on the port anyway, so even if you let the packets through there is no program listening on the other side. Kerio is doing its job, and its likely the leftovers form an old connection somebody else started.
     
    BlitzenZeus, Apr 25, 2004
    #3
Thread Status:
Not open for further replies.