Re: HELP : ISA Packet Filter log fills up - What can I do to eliminat e these entries in the PF log ?

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 11 Sep 2002 07:31:24 -0700

It would appear that way at first glance, but SQL uses TCP-1433, not UDP.
The first number is the source port, which can be anything between 1024 and
5000; the second number is the destination port.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the books!

----- Original Message -----
From: <mlefe@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, September 11, 2002 7:22 AM
Subject: [isalist] Re: HELP : ISA Packet Filter log fills up - What can I do
to eliminat e these entries in the PF log ?


http://www.ISAserver.org


Looks like someone is trying to get to a SQL server using udp, Sql uses
port 1433 by default.

Mike Lefebvre
mlefe@xxxxxxxxx


-----Original Message-----
From: jim@xxxxxxxxxxxx [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, September 11, 2002 9:32 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: HELP : ISA Packet Filter log fills up - What can
I do to eliminat e these entries in the PF log ?

http://www.ISAserver.org


This is ISA trying to resolve the name (UDP-137 is NetBIOS name
broadcast).
Since it's a FW client that's making the calls, it's generally ISA that
has
to perform name resolution for the client.
The entries themselves only indicate that you may want to investigate
your
DNS configuration.
They may also indicate that there's no reverse-resolution available for
that
remote IP.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the books!

----- Original Message -----
From: "FRAEYE MIKE" <Mike.Fraeye@xxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, September 11, 2002 12:52 AM
Subject: [isalist] HELP : ISA Packet Filter log fills up - What can I do
to
eliminat e these entries in the PF log ?


http://www.ISAserver.org


Hi all,

The following lines keep filling up my PF log. (20 entries a minute):

11/09/2002 8:58:32 172.XXX.YYY.246           195.XXX.YYY.100
Udp
1433    137     - BLOCKED         172.21.172.246           45 00 00 4e
09 bf
00 00 80 11 00 00 ac 15 ac f6 c3 4a c3 64 05 99 00 89 00 3a 4c 19

11/09/2002 8:58:30 172.XXX.YYY.246           195.XXX.YYY.100
Udp
1433    137     - BLOCKED         172.21.172.246           45 00 00 4e
09 bc
00 00 80 11 00 00 ac 15 ac f6 c3 4a c3 64 05 99 00 89 00 3a 4c 1b
...


More Info:
172.XXX.YYY.246           External NIC ISA
195.XXX.YYY.100           FTP site

On a client there's a script running for FTP download via the Firewall
Client.
The FTP passes without a problem.

Is this behaviour normal or what can I do to eliminate these entries in
my
log files. Any help is well appreciated ;-)

Thanks in advance,
Mikey, Belgium


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mlefe@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2002