Question about Logs Activity

Hi,

I’m trying the latest beta version of CPF (2.3.3.33) and there are some messages I don’t understand.
Well in fact I think that I understand the message but I don’t understand the rules:

This is my rules:
http://i8.tinypic.com/25j8u3o.jpg

I followed the steps as describe in here http://www.embsolutions.com.au/cpf_rule/

Now the log:

1 - Date/Time :2006-08-25 16:29:29
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = myip, Port = 1258)
Protocol: UDP Incoming
Source: x.x.x.x:4646
Remote: myip:1258
Reason: Network Control Rule ID = 3

2 - Date/Time :2006-08-25 16:08:59
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = myip, Port = 38293)
Protocol: UDP Incoming
Source: x.x.x.x:1055
Remote: myip:38293
Reason: Network Control Rule ID = 3

3 - Date/Time :2006-08-25 16:06:04
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = myip, Port = 1258)
Protocol: UDP Incoming
Source: x.x.x.x:55434
Remote: myip:1258
Reason: Network Control Rule ID = 3

4 - Date/Time :2006-08-25 16:03:39
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: x.x.x.x
Remote: myip
Protocol : UDP
Reason: Fragmented IP packets are not allowed

5 - Date/Time :2006-08-25 16:03:39
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fake or Malformed UDP Packet)
Direction: UDP Incoming
Source: x.x.x.x:6502
Remote: myip:6502
Reason: UDP packet length and the size on the wire(1564 bytes) do not match

With the alerts 1, 2 and 3, the Source IP is the one of the Outlook server which try to contact me (I’m at my office).
And the alerts 4 and 5 were recorded when I’ve used NetOp to connect to a machine and the Source IP is the one of the connected machine.

Application rules:
http://i8.tinypic.com/25j9xcj.jpg

Excepted that everything seems to work perfectly, is that normal?

Thanks

I think those are the logs before the Network Rules were applied. This is normal.

Eric

no no I’m sure that the logs were recorded after the rules have been set.