U
Ummagumma
Some data:
OS: XP Home Edition with latest critical updates, but not
complete SP2
Firewalls: Linksys BEFS41 router (hardware), XP's native
firewall, and Trend Micro's Internet Security 2004's
firewall
Antivirus: Trend Micro's Internet Security 2004 AV
Questions:
How does one interpret entries in pfirewall.log? Is an
attempt to do so even necessary? Is there an easier
approach?
Here's a few lines from pfirewall.log:
#Verson: 1.0
#Software: Microsoft Internet Connection Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port
dst-port size tcpflags tcpsyn tcpack tcpwin icmptype
icmpcode info
2004-08-12 21:52:37 OPEN UDP 192.168.1.100 151.202.0.85
3017 53 - - - - - - - -
2004-08-12 21:52:38 OPEN UDP 192.168.1.100 151.203.0.85
3017 53 - - - - - - - -
2004-08-12 21:53:20 OPEN TCP 192.168.1.100
212.227.118.106 3889 80 - - - - - - - -
2004-08-12 21:53:33 CLOSE TCP 192.168.1.100
212.227.118.106 3889 80 - - - - - - - -
Is there a way to figure out who, say, 151.202.0.85 is,
or is it even necessary?
I've attempted to use some web-based security checks such
as GRC and Sygate to assess potential vulnerabilities,
which report that all but ports 80 & 113 are stealthed,
but I'm not sure how to interpret their results since I'm
behind a router.
Any comments or suggestions would be appreciated.
OS: XP Home Edition with latest critical updates, but not
complete SP2
Firewalls: Linksys BEFS41 router (hardware), XP's native
firewall, and Trend Micro's Internet Security 2004's
firewall
Antivirus: Trend Micro's Internet Security 2004 AV
Questions:
How does one interpret entries in pfirewall.log? Is an
attempt to do so even necessary? Is there an easier
approach?
Here's a few lines from pfirewall.log:
#Verson: 1.0
#Software: Microsoft Internet Connection Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port
dst-port size tcpflags tcpsyn tcpack tcpwin icmptype
icmpcode info
2004-08-12 21:52:37 OPEN UDP 192.168.1.100 151.202.0.85
3017 53 - - - - - - - -
2004-08-12 21:52:38 OPEN UDP 192.168.1.100 151.203.0.85
3017 53 - - - - - - - -
2004-08-12 21:53:20 OPEN TCP 192.168.1.100
212.227.118.106 3889 80 - - - - - - - -
2004-08-12 21:53:33 CLOSE TCP 192.168.1.100
212.227.118.106 3889 80 - - - - - - - -
Is there a way to figure out who, say, 151.202.0.85 is,
or is it even necessary?
I've attempted to use some web-based security checks such
as GRC and Sygate to assess potential vulnerabilities,
which report that all but ports 80 & 113 are stealthed,
but I'm not sure how to interpret their results since I'm
behind a router.
Any comments or suggestions would be appreciated.