Re: Event id 529

---

• From: "Jose" <who@xxxxxxxx>
• Date: Thu, 12 Jul 2007 08:52:45 +0300

---

Just to be sure, did you enable logging of both dropped packets and successfull connects in Windows Firewall? If you did and still pfirewall.log is empty, then I guess you could use packet sniffer (I mentioned a few in my last post, but I'm sure you already have used them before). You will need to look for these ports - they are used for user network logon:
- Microsoft-DS traffic (445/tcp, 445/udp)
- Kerberos authentication protocol (88/tcp, 88/udp)
- Lightweight Directory Access Protocol (LDAP) ping (389/udp)

Of course, in the begining it would be good for you to see what is the networked user logon pattern, ie start the sniffer (or log packets with a firewall or any other means) on machine A and try to logon to it from machine B.

By the way, I guess Network Observer is some software installed on your firewall that is protecting you from the internet? However, this way you won't see any activity that is going on in your internal network, unless bad guys from internal network try to connect outside too and you log all TCP SYN packets arriving from internal net. This way, network sniffer on your internal network would be the ultimate solution for catching bad guys ;)

If you succeed identifying the problem, please let us all know - I'm very thrilled ;)



"THI_IB" <myself@xxxxxxxxxx> wrote in message news:568E710E-6819-4DA4-A783-7491FDA63FFA@xxxxxxxxxxxxxxxx

Hi Jose :)
Are your machines accessible through the internet? Don't ask me - you should
know better.

No I won't ask you !!!

The machines are not accessible from the Internet. There is this little
thing called ACL that only allows connections that are "established" from the
inside source. Everthing else gets "dropped". Yea, I took a look at the
Pfirewall.log before posting and nothing. I don't have access to my Network
Observer software at the moment, but that will be my next step.

Thanks for asking though.
--
Harv-man
Network Support

.

---

• References:
  • Event id 529
    • From: THI_IB
  • Re: Event id 529
    • From: Jose
  • Re: Event id 529
    • From: THI_IB

• Prev by Date: Re: i cant get on my comp
• Next by Date: Re: Windows Security Center
• Previous by thread: Re: Event id 529
• Next by thread: Too many processes in Windows Task Manager when start up.
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: can ping but not browse ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ... (Fedora) Re: Linux als Router ... # Enter all trusted network interfaces here. ... # which should be available to the internet and set FW_ROUTE to yes. ... space separated list of ports, ... # Packets to silently reject without log message. ... (de.comp.os.unix.linux.misc) Re: Ethernet issue: works one way but not another ... packets transmitted, 5 packets received, 0% packet loss ... (This is when connected directly to internet through ... FBSD, I have been working with BSDI at the isp I work for for the last ... As for my network topology, I have an internal network that goes ... (freebsd-questions) Re: Using a Linksys router, should I also use Zonealarm? ... public internet to access corporate network. ... In the "old days" when people used to use Dial-In instead of VPN you ware ... protected by corporate Firewall -- since there was no public Internet ... (microsoft.public.security) Re: iptables and dhcp ... > the same physical network segment as the firewall and the remote DHCP ... You used INPUT and not FORWARD chain ... # This target allows packets to be marked in the mangle table ... (comp.os.linux.networking)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)