Security for Dummies - pfirewall.log interpretation

[Ummagumma]

Some data:

OS: XP Home Edition with latest critical updates, but not
complete SP2

Firewalls: Linksys BEFS41 router (hardware), XP's native
firewall, and Trend Micro's Internet Security 2004's
firewall

Antivirus: Trend Micro's Internet Security 2004 AV

Questions:
How does one interpret entries in pfirewall.log? Is an
attempt to do so even necessary? Is there an easier
approach?

Here's a few lines from pfirewall.log:

#Verson: 1.0
#Software: Microsoft Internet Connection Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port
dst-port size tcpflags tcpsyn tcpack tcpwin icmptype
icmpcode info

2004-08-12 21:52:37 OPEN UDP 192.168.1.100 151.202.0.85
3017 53 - - - - - - - -
2004-08-12 21:52:38 OPEN UDP 192.168.1.100 151.203.0.85
3017 53 - - - - - - - -
2004-08-12 21:53:20 OPEN TCP 192.168.1.100
212.227.118.106 3889 80 - - - - - - - -
2004-08-12 21:53:33 CLOSE TCP 192.168.1.100
212.227.118.106 3889 80 - - - - - - - -

Is there a way to figure out who, say, 151.202.0.85 is,
or is it even necessary?

I've attempted to use some web-based security checks such
as GRC and Sygate to assess potential vulnerabilities,
which report that all but ports 80 & 113 are stealthed,
but I'm not sure how to interpret their results since I'm
behind a router.

Any comments or suggestions would be appreciated.

 

[Kent W. England [MVP]]

Ummagumma wrote on 17-Aug-2004 7:21 PM:

Questions:
How does one interpret entries in pfirewall.log? Is an
attempt to do so even necessary? Is there an easier
approach?

http://support.microsoft.com/default.aspx?kbid=875357#12 will give you a
definition of each log line entry.