Here’s the most recent section of the my logs, I think I’ve edited out anything personally Identifiable. I use Mozilla firefox to connect to the web (not a big fan of I.E.).
In reading other threads I created two rules which are as follows:
Rule 5 - ALLOW IP IN or OUT From IP Any To IP Any where PROTO is IGMP
and
Rule 6 - ALLOW UDP IN or OUT From IP Any to IP Any where source port is Any and destination port is (the number it was asking for in the error logs at the time- which now reads “ANY”).
All the other rules are the default one - Old rule #5 (block IP IN/Out) is new Rule #7
I also played with the UDP Flood numbers.
I’m not sure what you mean by Proxy Server (I never understood the term even when I was doing basic tech support) but the set up I have is that my computer runs an ethernet cable between it and the DSL modem provided by the ISP (with the phone cable between modem and wall jack) and I am assuming that my IP assignment method is Dynamic - I turn my modem off and on I get a new number.
Yes I’m probably in over my head, but everyone starts somewhere.
Thanks-
Logs begin here***
Date/Time :2007-03-26 21:41:08
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192...
Destination 192...
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7
Date/Time :2007-03-26 21:38:28
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192...
Destination: 192...
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7
Date/Time :2007-03-26 21:37:25
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: TCP Out
Destination: 66...2**::http(80)
Details: C:\Program Files\Mozilla Firefox\firefox.exe is an invisible application
Date/Time :2007-03-26 21:37:23
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192...
Destination: 192...
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7
Date/Time :2007-03-26 21:36:56
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 127...*::1029
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2007-03-26 21:34:49
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (firefox.exe:192... : :dns(53))
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: UDP Out
Destination: 192... ::dns(53)
Date/Time :2007-03-26 21:34:49
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (firefox.exe:192... : :dns(53))
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: UDP Out
Destination: 192... ::dns(53)
Date/Time :2007-03-26 21:33:54
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (firefox.exe:192... :dns(53))
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: UDP Out
Destination: 192... ::dns(53)