A
alice
For the last week or so, my event log is full of a bunch of Failure
Audits, about every 5 minutes or so. They all look like this
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 5/10/2007
Time: 6:02:36 PM
User: NT AUTHORITY\SYSTEM
Computer: AURAFICE2
Description:
The Windows Firewall has detected an application listening for
incoming traffic.
Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 424
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 4329
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
What does this mean? This same PC is sometimes disconnecting from the
internet and also has some of these in the log now and then-
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 5/9/2007
Time: 11:50:02 AM
User: N/A
Computer: AURAFICE2
Description:
TCP/IP has reached the security limit imposed on the number of
concurrent TCP connect attempts.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
Audits, about every 5 minutes or so. They all look like this
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 5/10/2007
Time: 6:02:36 PM
User: NT AUTHORITY\SYSTEM
Computer: AURAFICE2
Description:
The Windows Firewall has detected an application listening for
incoming traffic.
Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 424
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 4329
Allowed: No
User notified: No
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
What does this mean? This same PC is sometimes disconnecting from the
internet and also has some of these in the log now and then-
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 5/9/2007
Time: 11:50:02 AM
User: N/A
Computer: AURAFICE2
Description:
TCP/IP has reached the security limit imposed on the number of
concurrent TCP connect attempts.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........