Security Basics mailing list archives
Unknown Attempts on LAN Detected by Kerio Firewall
From: "Mark Sargent" <powderkeg () snow email ne jp>
Date: Fri, 5 Sep 2003 18:38:38 +0900
Hi All I have been trying to get my client to access the net via a host machine using ICS on the host. When attempting a connection via InternetExplorer I get nothing. I can successfully ping sites etc. The full TCP/UDP block at the bottom of my rule set is showing an attempt by localhost, port 1057, to the server of the site I tried to reach. Weird thing, though; upon unselecting the full block rule, the attempt doesn't register. I would have thought it would pop up an alert asking me permission for the localhost's attempt, but, nothing. Upon reselecting the fullblock, it's back again. What is this..? I'm also getting a lot of UDP attempts to this IP, 61.111.231.60 at port 137 by localhost on the host machine via port 137(which are blocked by my full block). Another regular alert is a UDP from localhost on port 137 to System at, 192.168.0.255 on port 137, again on the Host machine. Please assist me in solving these things..cheers. P.S. If anything doesn't make sense, then please, just ask me to clarify more..cheers, again. I'm also getting a lot of Other ICMP blocked; Out ICMP(3) Destination Unreachable;LocalHost->192.168.0.1;Owner:Tcpip Kernel Driver attempts from the Client to the Host. What are these..? Are they Trojans or legitimate apps/processes etc..? 14 attempts in less that 5mins upon connecting the LAN. LAN = 2 Win2kPro machines (1 English OS and 1 Japanese) LAN Type = Built in Ethernet on Laptop(Client) and LAN Adapted USB on Desktop(Host) IP = Manually set; Host = 192.168.0.1; Client = 192.168.0.2; Mask = 255.255.255.0 Firewall = 2.1.4 Filesharing is no problem Pinging sites is no problem Internet access from the Host is no problem Mark Sargent. --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Unknown Attempts on LAN Detected by Kerio Firewall Mark Sargent (Sep 05)