My log is showing “outbound policy violation (access denied, icmp = port unreachable)” at least a few times per minute and going to various ip addresses. Any ideas about what and why this is happening? Thnx!!!
Are the IP addresses that your PC are pinging possibly your DNS server addresses ?
Do you use a p2P/torrent program?
You can make a rule in network monitor to allow or deny ICMP.
They are not DNS servers, and I do use UTorrent. However, these logs are created whether or not p2p is running or has run since computer start-up. This is the reason I am suspicious of them. Also, they all seem to be different ip destinations.
Do you use a router?
Yes, but I have already created a rule for in/out traffic for the router and the modem… so I don’t think that has anything to do with it. Also, the fact that all the destination IPs are different. Here’s a few of them:
…and the list goes on…
If nothing seems to be affected, or a program doesn’t work as it should, just make a block rule for ICMP in/out any/any/any that you place just above the default block IP rule. Don’t tick log, and you wont see them again.
Personally, I have allowed port unreachable in and out of my zone.
I’m behind a router as well.
That’s most likely what I will do–create a block rule. Blocking will solve my logging problem but is there any way to find out why and what program is trying to send out data?
When it comes to network monitor, it can be hard to tell…
The only way, is to only have one program open, and watch the log.
If you have really “tight” rules in application monitor, with specified ports for each application, you can make a guess from there. It’s not to common that you have so tight rules there, so it’s the first suggestion that is most probable to come in use.
They are working on the logging, so I hope that in a near future it will be better.