normal operation of CPF???!

batkinson001 · June 30, 2007, 6:24pm

hey guys, just checked the activity logs for the firewall, not sure if its normal operation but it is going crazy imo.

I am not sure if its supposed to do that or not as my experience with the last 2 firewalls i used (other than my Dlink DI-524 wireless router), being Zone Alarm Free and until yesterday Kerio Personal Firewall Free version, didn’t record THAT many things… heck kerio didn’t even record logs of anything to my knowledge…

is the firewall blocking all these attempts?

under reasons its listing things like SYN, UDP, Network Control Rule ID = 5,

I am quite confused by all this.

[attachment deleted by admin]

Little_Mac · July 2, 2007, 9:44pm

Yes, it would appear that the firewall is blocking all those attempts; I’m not aware of situations where CFP says it blocked something but in reality did not.

Network Control Rule ID 5 is the bottom Block & Log All rule; it is the safety net as the rules filter from the top down. By the time network traffic reaches Rule ID 5, this means it has not already been allowed or blocked by other rules; thus it is not an authorized type of traffic, and is blocked (and logged, so you know it happened, since CFP doesn’t give alerts for Network Traffic violations).

The SYN is a part of the message indicating that there is a synchronization problem with the traffic. Probably because it isn’t allowed by the rules; this causes an issue. Not something to be concerned about in that respect; just part of the message.

UDP is a common internet protocol and stands for User Datagram Protocol. It’s sibling is TCP, Transmission Control Protocol. These are both used commonly in establishing internet connections, surfing, email, etc.

Here’s a couple questions for you…

Are you on a LAN (network) with other computers?
Do you recognize any of the IP addresses for any reason?

LM

batkinson001 · July 3, 2007, 4:19am

I do have a network, but the ip’s don’t match anything i recognize.

Little_Mac · July 3, 2007, 2:20pm

The 192.x.x.x is going to be your LAN; those are internal, non-routable IPs.

203.x.x.x is The Internet Group in New Zealand

80.x.x.x is XS4ALL Internet in Netherlands

125.x.x.x is Open Computer Network in Japan

85.x.x.x is Inode GMBH in Austria

220.x.x.x and 210.x.x.x are Optus Internet in Australia

Any of those sound familiar?

LM