Entry in the Logs

Look at the picture i attached and at the Protocol Column there is the port 139.

[attachment deleted by admin]

Protocol 139 is actually a valid protocol and there are also open-source implementations like http://www.openhip.org/

does this happen on a regular basis or you got only that entry?

I didn’t knew that there was a 139 protocol. Firewall shouldn’t be reporting “HIP” instead of a decimal number? This is the first time I got this entry.

Could also be a corrupted UDP packet.

If it the first tme maybe it was an error although to confirm it was an incorrectly logged packet, a packet logging utility like wireshark would be needed.

As for protocol number/protocol names the GRE protocol is unnamed too and also other ICMP codes.

IMHO even though the protocol description could prove useful the protocol number would be mandatory