firewall log

[Frank]

Any ideas what all these outgoing packets are from? All my apps seem to work fine. Open during this is: Winamp, mIRC, IE, Azureus, MSN Messenger.

I think you've just answered your own question

[Frank]

eh?

Quote:

Originally Posted by Keyser

eh?

Quote:

Open during this is: Winamp, mIRC, IE, Azureus

[Frank]

Nah I have rules to allow all these applications. Like I said, they all work fine (so aren't being blocked). I'm wondering what all the other traffic is. None of the ports in the log I recognise being from any of the applications I'm using.

What firewall are you using. If its zonealarm it should tell you exactly whats using the internet at this time

[Paul K]

Has this acivity only just started? If so have you done a system scan for virus/ spyware etc?

[Jon M]

just because they work doesn't mean they're not responsible for that traffic.. for example.. p2p software will be receiving packets for download (incoming rules).. but what you see above could be generated by the program to build your available file listing (outgoing rule)

just an example

Quote:

Originally Posted by s1lv3r

just because they work doesn't mean they're not responsible for that traffic.. for example.. p2p software will be receiving packets for download (incoming rules).. but what you see above could be generated by the program to build your available file listing (outgoing rule)

just an example

Correct, I have logs like that when I've had flashfxp,mirc,kazaa and other things all running at once

[Nemesis]

lookup 62.62.236.85 ... 85.236.62.62.9nanterr1-0-ro-bas-1.9tel.net
lookup 81.134.64.62 ... host81-134-64-62.in-addr.btopenworld.com
lookup 82.65.123.214 ... lns-p19-18-82-65-123-214.adsl.proxad.net
lookup 12.249.3.205 ... 12-249-3-205.client.attbi.com
lookup 12.215.41.59 ... 12-215-41-59.client.mchsi.com
lookup 24.165.230.36 ... 36.230.165.24.cfl.rr.com

[Paul K]

Yep p2p can upset your logs, is the only thing that shows in mine since I sit behind a router LOL. Its normally the software trying to re-connect to sources previously used and also trying to find new ones. Not everyone uses the standard ports since they get blocked by ISP's so strange ports can show up.

[Jon M]

it's worth doing a sweep of your system with an anti-trojan/spyware tool anyway.. just to be sure.. in fact i'd do that regularly regardless of any unusual activity

[Frank]

Thanks for all the replies guys. I'm using Deerfield Visnetic firewall and have had logs like this for a while now. I've just decided that I wanna know why the log is so large and try and cut down the pure size of the log!

I'm thinking it's something like s1lv3r suggested, but I've opened all the ports I believe I'm supposed to for p2p (see attached tcp ruleset).

I've done a spyware scan and its clean.

[Jon M]

setup looks fine to me.. the bittorrent one is the only one that looks like it may be responsible.. i notice you've restricted it's outbound ports to the 6881-6999 range.. (which is the right thing to do).. on that basis i'd be unsurprised to see that sort of log.. especially if you can't specify specific ports within the program

edit: just noticed overnet.. same applies there /edit

[Frank]

Fair enuf. Cheers for the answers. I'd rather live with a big log than an unsecure system