Re: Win XP

From: JC (nospam_at_nospam.com)
Date: 04/29/03

• Next message: JC: "Re: Win XP"
• Previous message: CdLSRN: "Re: SPI"
• In reply to: Karl Levinson [x y] mvp: "Re: Win XP"
• Next in thread: JC: "Re: Win XP"
• Reply: JC: "Re: Win XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 29 Apr 2003 10:45:15 -0500

Here is the log. I have replaced my IP address with "<my IP>", and I have
replaced the mail server IP with "<mail server>." I noted that it is
dropping TCP packets, so I had ports 25 and 110 mapped. Next, I will post
what the log looks like with the ports mapped.

#Verson: 1.0
#Software: Microsoft Internet Connection Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size
tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info

2003-04-28 13:23:19 OPEN TCP <my IP> 208.14.240.34 2999
110 - - - - - - - -
2003-04-28 13:23:22 OPEN TCP <my IP> <mail server> 3000
110 - - - - - - - -
2003-04-28 13:23:22 DROP TCP <mail server> <my IP> 46348 113 60 S
652701969 0 5840 - - -
2003-04-28 13:23:24 CLOSE TCP <my IP> 172.16.0.1 3010
80 - - - - - - - -
2003-04-28 13:23:24 CLOSE TCP <my IP> 172.16.0.1 3011
80 - - - - - - - -
2003-04-28 13:23:24 CLOSE TCP <my IP> 208.14.240.34 2999
110 - - - - - - - -
2003-04-28 13:23:25 DROP TCP <mail server> <my IP> 46348 113 60 S
652701969 0 5840 - - -
2003-04-28 13:23:31 DROP TCP <mail server> <my IP> 46348 113 60 S
652701969 0 5840 - - -
2003-04-28 13:23:43 DROP TCP <mail server> <my IP> 46348 113 60 S
652701969 0 5840 - - -
2003-04-28 13:24:01 OPEN TCP <my IP> 172.16.0.1 3012 80 - - - - - - - -
2003-04-28 13:24:01 OPEN TCP <my IP> 172.16.0.1 3013 80 - - - - - - - -
2003-04-28 13:24:04 DROP UDP 172.16.0.1 255.255.255.255 5678 5678
46 - - - - - - -
2003-04-28 13:24:24 CLOSE TCP <my IP> <mail server> 3000
110 - - - - - - - -
2003-04-28 13:24:24 CLOSE TCP <my IP> 172.16.0.1 3012
80 - - - - - - - -
2003-04-28 13:24:24 CLOSE TCP <my IP> 172.16.0.1 3013
80 - - - - - - - -
2003-04-28 13:25:01 OPEN TCP <my IP> 172.16.0.1 3014 80 - - - - - - - -
2003-04-28 13:25:01 OPEN TCP <my IP> 172.16.0.1 3015 80 - - - - - - - -
2003-04-28 13:25:04 DROP UDP 172.16.0.1 255.255.255.255 5678 5678
46 - - - - - - -
2003-04-28 13:25:24 CLOSE TCP <my IP> 172.16.0.1 3014
80 - - - - - - - -
2003-04-28 13:25:24 CLOSE TCP <my IP> 172.16.0.1 3015
80 - - - - - - - -
2003-04-28 13:25:24 OPEN UDP <my IP> <mail server> 1252
53 - - - - - - - -
2003-04-28 13:25:24 OPEN TCP <my IP> 128.121.26.136 1025
80 - - - - - - - -
2003-04-28 13:25:26 OPEN UDP <my IP> <mail server> 3035
53 - - - - - - - -
2003-04-28 13:25:26 OPEN TCP <my IP> 207.46.248.249 3016
80 - - - - - - - -
2003-04-28 13:25:26 OPEN TCP <my IP> 207.46.248.249 3017
80 - - - - - - - -

"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
news:O3HQ2xkDDHA.1960@TK2MSFTNGP12.phx.gbl...
> Well, posting them here is better [you can global search and replace your
> real IP address or other sensitive information if you wish] in case
someone
> other than me has a better answer. Either way, I'll try to take a look.
>
>
> "JC" <nospam@nospam.com> wrote in message
> news:#eBcIZcDDHA.2892@TK2MSFTNGP11.phx.gbl...
> > Would you like to see the logs? I can email them to you.
> >
> > JC
> >
> > "Karl Levinson [x y], mvp" <levinson_k@despammed.com> wrote in message
> > news:OzZ0wxaDDHA.2376@TK2MSFTNGP10.phx.gbl...
> > > Well, IMHO the trick is to find how to check the ICF logs. Whenever a
> > > firewall is causing a problem, the logs are the place I want to look.
> I
> > > was hoping that one of those articles would tell you where to go to
> look.
> > >
> > >
> > > "JC" <nospam@nospam.com> wrote in message
> > > news:#a#$ddaDDHA.1984@TK2MSFTNGP12.phx.gbl...
> > > > It is using Outlook Express. It's not the contact folders thing.
An
> > > > example would be, when you click "send/receive," Outlook Express
goes
> to
> > > > "connecting" then "authorizing" and then receives if there is
anything
> > > > there. The thing that is happening is that when ICF is turned on.
the
> > one
> > > > address stays on "connecting" for about 30 seconds, the other
address
> > > seems
> > > > to connect immediately. This does not happen when ICF is turned
off,
> so
> > > > something in it is causing the problem. The addresses are
connecting
> to
> > a
> > > > POP3 server. I have already looked at all the articles relating to
> ICF
> > in
> > > > the link you sent before I posted the first question. Nothing there
> > > seemed
> > > > to relate to this issue. I'm not sure where to go from here.
> > > >
> > > >
> > > >
> > > > "Karl Levinson [x y], mvp" <levinson_k@despammed.com> wrote in
message
> > > > news:%23CEBYRaDDHA.33376@TK2MSFTNGP10.phx.gbl...
> > > > > I'm not sure what you mean exactly by the address checks quickly.
> Are
> > > you
> > > > > talking about the way that Outlook and Outlook Express turn a
> partial
> > > > > address into a full address or a user name? If so, AFAIK this
comes
> > > from
> > > > > your Outlook address book and/or Contacts folder and shouldn't
have
> > > > anything
> > > > > to do with the firewall. Knowing something about your email
client
> > and
> > > > how
> > > > > you connect to what kind of server might be useful.
> > > > >
> > > > > If ICF was causing a problem, I would check the ICF log first to
see
> > > what
> > > > is
> > > > > being blocked to where.
> > > > >
> > > > > http://securityadmin.info/faq.htm#icf
> > > > >
> > > > >
> > > > > "JC" <nospam@nospam.com> wrote in message
> > > > > news:OnguhmZDDHA.2892@TK2MSFTNGP11.phx.gbl...
> > > > > > I have searched for this and cannot find any info regarding this
> > > problem
> > > > > in
> > > > > > MS's knowledge base. I have 2 email addresses - one outside of
my
> > > ISP,
> > > > > and
> > > > > > one with my ISP. If I disable the firewall, both addresses
check
> > > > quickly;
> > > > > > if I enable ICF, the one outside the ISP checks quickly, but the
> ISP
> > > > > address
> > > > > > takes about 30 seconds to connect. I tried mapping the ports
> > > directly,
> > > > > and
> > > > > > that made no difference. Ideas, suggestions? Thank you for any
> > help
> > > in
> > > >
> > > > > > advance!
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

• Next message: JC: "Re: Win XP"
• Previous message: CdLSRN: "Re: SPI"
• In reply to: Karl Levinson [x y] mvp: "Re: Win XP"
• Next in thread: JC: "Re: Win XP"
• Reply: JC: "Re: Win XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: IPTables F*&%-up part 2 ... > # move forwarding to top and comment out the disable line ... > iptables -X ... > # wants you to place the openings for ports ... # pop3 server--are you running a mail server for everyone? ... (comp.os.linux.security) Unable to connect to SMTP over internet ... to forward request via these ports to my Exchange server. ... POP3 clients are able to connect from the internet and get ... the mail server cannot be contacted on port 25. ... users from within my network are able to send emails using ... (microsoft.public.exchange2000.admin) Amazin Amavis! ... in a "dual Sendmail" setup, ... mail server I broke something about Sendmail ... It worked beautifully in a test environment, ... PS> build from ports, and read up in: ... (freebsd-newbies) Re: pix firewall and mail server ... Do you have a static mapping for that device and does your Access-list ... DNS should not stop you from receiving the mails. ... >and only the mail server take a real ip(the traffic came to real and the ... >so i opened the 25 tcp port and close any comming other ports ... (Security-Basics) Re: Win XP ... Here is the log with ports 110 and 25 mapped to the mail server. ... > #Software: Microsoft Internet Connection Firewall ... > tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint