Re: Attack detection in Kerio PF
From: Earl F. Parrish (efparri@verizon.net)Date: 05/20/02
- Next message: Michael: "vpn set up"
- Previous message: George Wenzel: "Re: Agnitum Outpost Firewall Pro"
- In reply to:(deleted message) Kiwi Boy.: "Re: Attack detection in Kerio PF"
- Next in thread: Mike: "Re: Attack detection in Kerio PF"
- Next in thread: Mike: "Re: Attack detection in Kerio PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Earl F. Parrish" <efparri@verizon.net> Date: Mon, 20 May 2002 20:27:31 GMT
"Kiwi Boy." <roger.s@paradise.net.nz> wrote in message
news:i2pgeuofebigf5m7rvefh190mv24p6c2c9@4ax.com...
> On Sat, 18 May 2002 23:02:17 GMT, "Earl F. Parrish" <efparri@verizon.net>
wrote:
>
> >
> >"Mike" <mdh23@deadspam.com> wrote in message
> >news:ac441b$2uj$1@pegasus.csx.cam.ac.uk...
> >> Hi all,
> >>
> >> I have been using Kerio for a while now after having been through a
bunch
> >of other
> >> good firewalls (Outpost, Sygate) and am very happy. However, one thing
I
> >can't
> >> seem to figure out is how to view the attack detection log, if such a
> >thing
> >> exists? The closest I get is seeing the arrow in my system tray icon
flash
> >red,
> >> which I assume is a sign something unpleasant is happening. :P However
I
> >would
> >> like to be able to see a log of the supposed nature of the attack, and
the
> >> originating IP - in Sygate and Outpost this was no problem. In Kerio I
> >just can't
> >> seem to find anything similar. Or is the log some text file I need to
open
> >outside
> >> of the actual program?
> >> Thanks in advance for your help.
> >>
> >> Cheers!
> >> Mike
> >
> >I believe that the green arrow indicates incoming packets and the red
arrow
> >indicates outgoing packets. It has nothing to do with attacks. Attacks
>
>
> I think this is Wrong as I was getting Dos attacks (ICMP) and the Red
arrow was almost
> hard on, plus my cable modem did not show any out going data..
>
>
> >would be indicated if one of your rules matched an undesired action and
you
> >had alerts turned on. The log only contains what you tell it to contain
> >based upon your rules. My filter.log grew to 600 MB in about one and one
> >half months and I did not record the routine things. After a while the
log
> >got too large to open with Tiny Logger so I archived it and started
fresh.
> >I have since switched to another firewall.
>
>
> Why did you switch, ? this is a very normal thing with log files..
>
> >
> >Earl F. Parrish
> >
>
Your firewall was blocking the outgoing packets. That's what it is supposed
to do. I stand corrected on the colors. The green arrow means a packet was
allowed to pass the firewall in either direction. The red arrow means that
the packet was blocked in either direction. The colors correspond to the
colors in the filter.log file. You would have to turn logging on for a
particular rule to see what was happening.
I wanted to try all of the free firewalls before I settled on a final
choice. I used Zone Alarm when it first came out but the Zone Alarm Pro 3.0
was too busy for my tastes. Kerio kept asking for permissions after I
thought I had run every possible Internet-aware application on my computer.
I would block certain applications on certain ports or in a certain
direction. Everything would run alright for a while. Then I would get
problems in the future because I had blocked an application. Kerio did not
read all the rules before it would allow a packet to pass. Kerio would read
down the list until it found a matching application and use that rule
exclusively. I had to keep moving rules up and down in the list to fine
tune the firewall.
Earl F. Parrish
Earl F. Parrish
- Next message: Michael: "vpn set up"
- Previous message: George Wenzel: "Re: Agnitum Outpost Firewall Pro"
- In reply to:(deleted message) Kiwi Boy.: "Re: Attack detection in Kerio PF"
- Next in thread: Mike: "Re: Attack detection in Kerio PF"
- Next in thread: Mike: "Re: Attack detection in Kerio PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
