Re: Some help interpreting log snipped please?

Just background noise from the Internet.

UDp traffic is usually NETBIOS attacks/scans, Microsoft WIndows Pop Up
spamming, and a few other minor ones. Welcome to why people use
firewalls.

If you run any peer-to-peer sharing client (especially gnutella or
bittorrent clients) you will draw a flood of traffic to your internet
address. It will be a mix of udp or tcp depending upon
client/protocol.

watson <watson@comehere.org> wrote:

>I'm running kerio 2.1x. Have rules defined for small number of internet
>apps only, with fw set to block anything else -all protocols,even dns,
>unless explicitly stated for a particular app (dns rules are specified
>for each app).
>
>This is a new ISP, an I am getting alot of UDP blocked packets in the
>log from it and from all over the globe. When the block all else rule is
>at the end of the ruleset and set to log, I get the snippet shown below.
>
>The fw reports three ports listening p 137-139 for nbname, nbdatagram
>and nbsession, yet no data exchange for these ports presumably due to my
>block all else setting.
>
>If I explicitly write a rule to block udp send and receive at the
>beginning of the set, I cannot get get anything to communicate on the
>net, but when the fw is just set to block all else I can communicate,
>but I still see these blocked, mostly udp to p137 entries in my logs.
>
>Why am I getting udp blocks incoming and outgoing from addresses from
>other networks? Please take a look at the snippet below and advise what
>is going on and if this is normal or not?
Received on Sun Dec 11 14:24:12 2005