12
Oct

Windows XP(Pro) Firewall logfile?

Author: admin

I activated the pfirewall.log file in windows firewall settings for both dropped packets and successful connections.

Currently the firewall is turned on and I find the log file being updated. Why is this?

What exactly can I get out by reading this log file? How can I find out if some malicious user is trying to access my personal?

Answer:
What the logfile will normally show is packets that haven’t been granted through the firewall. (depending on your firewall, there are a lot of options)

The sad fact is that there are a lot of people out there running software that constantly scans the web (or selected parts of it) for vulnerable machines. The purpose of the firewall is to block these attempts. Theses blocks are recorded on the log file.

So depending on how much your ISP blocks, and if you have a router or not, and many other factors, your Windows firewall log may show a lot or a little.

My router blocks some 100 to 300 port scans every hour on a slow day. There have been times it has been 100 to 300 a minute.

So don't get too excited unless nothing is being blocked. Then you can be pretty sure your firewall has been turned off.

Answer:
The log file is being updated because that is what it is there for and most of what it is recording are dropped packets. When you’re on the Internet all sorts of packets are flying around whether you are actually doing anything or not e.g. packets not addressed to your machine or packets addressed to all machines not initiated by something you started are all automatically dropped and your log is recording them - totally harmless.

To read the log and comprehend that someone is probing the computer ports to look for an entrance in look for the same source IP with different port destinations on your machine. There could be a few in swift succession with typical ports 21, 80, 8080.

You would probably be better off getting yourself a free firewall like Sygate. The logs there are self explanatory.

Book Mark it-> del.icio.us | Reddit | Slashdot | Digg | Facebook | Technorati | Google | StumbleUpon | Window Live | Tailrank | Furl | Netscape | Yahoo | BlinkList

This entry was posted on Sunday, October 12th, 2008 at 3:55 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or TrackBack URI from your own site.

Leave a reply

Name (*)
Mail (*)
URI
Comment