Sophos Community
User
Site
Search
User
Toggle Mobile menu
Community & Product Forums
Blogs
Partners
Events & Webinars
Getting Started
Support Portal
Community Blogs
Application Control
Community
Product documentation
Security
Feedback
Support Portal
Product documentation
Products
Endpoint security
Sophos Endpoint
Sophos XDR
Sophos Mobile
Network Security
Sophos Firewall
ZTNA
Sophos Switch
UTM Firewall
Sophos Wireless
NDR
Email Security
Sophos Email
Phish Threat
Cloud Security
Sophos Central
Sophos Cloud Optix
Support Tools
Sophos integrations
Free tools
Services
Management platform
Sophos Central
Support Portal
Sophos Community log in
Sophos Partners
Partners blog
Local Partner community
Partner news
Resources
MSP guides
Partner Care
Sophos Central
Webinars & Events
Webinars & Events
Calendar
Become a partner
Join our program
Events & Webinars
Events & Webinars
Calendar
Recordings
Getting started in the Community
How to get started
SophosID registration
How to set up your profile
How to contribute and participate
How to manage private messages
Member recognition
Rewards program
Leaderboard
Products and Services
Products
Endpoint security
Sophos Endpoint
Sophos XDR
Sophos Mobile
Network Security
Sophos Firewall
ZTNA
Sophos Switch
UTM Firewall
Sophos Wireless
NDR
Email Security
Sophos Email
Phish Threat
Cloud Security
Sophos Central
Sophos Cloud Optix
Support Tools
Sophos integrations
Free tools
Services
Management platform
Sophos Central
Support Portal
Sophos Community log in
Blogs
Community Blogs
Application Control
Community
Product documentation
Security
Feedback
Support Portal
Product documentation
Partners
Sophos Partners
Partners blog
Local Partner community
Partner news
Resources
MSP guides
Partner Care
Sophos Central
Webinars & Events
Webinars & Events
Calendar
Become a partner
Join our program
Events & Webinars
Events & Webinars
Events & Webinars
Calendar
Recordings
Getting Started
Getting started in the Community
How to get started
SophosID registration
How to set up your profile
How to contribute and participate
How to manage private messages
Member recognition
Rewards program
Leaderboard
Support Portal
Guest User!
You are not Sophos Staff.
UTM Firewall
More
Astaro.org (Read-Only)
ASG V7.200 BETA (closed)
IM/P2P detect tencent_qq while not in use.
Forums
Files
Mentions
Sub-Groups
Tags
More
Cancel
New
Thread Info
State
Not Answered
Replies
6 replies
Subscribers
0 subscribers
Views
1312 views
Users
0 members are here
Options
RSS
More
Cancel
Suggested
IM/P2P detect tencent_qq while not in use.
bitonw
over 17 years ago
today in my "Daily Executive Report " i found that IM/P2P had discovert tencent_qq while i don't use that on my network.
im-p2p-astaro.jpg
View
Hide
0
_alex\
over 17 years ago
could you post your afc.log so we have a chance to find out if it's a false possitive [:)]
/alex
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
bitonw
over 17 years ago
in reply to
_alex\
ok here the afc.log of 17 april. i have renamed it to .zip to be able to upload.
afc-2008-04-17.log.gz.zip
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
_alex\
over 17 years ago
in reply to
bitonw
hey
i can only find skype blockings in your log...
lines at your log at all:
% zcat afc-2008-04-17.log.gz | wc -l
5645
skype blocking lines at this log (60103 is the code for skype)
% zcat afc-2008-04-17.log.gz | grep 60103 | wc -l
5645
so maybe you've attached the wrong log?
/alex
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
bitonw
over 17 years ago
in reply to
_alex\
ok included both 15 & 16 april. renamed to zip files due board.
afc-2008-04-16.log.gz.zip
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
_alex\
over 17 years ago
in reply to
bitonw
ok, i found the corresponding line in your log..but withput any additional information it's hard to find that application that was blocked.
i can't find anything with google about an application thats uses port 46400 for communication [:(]
zcat afc-2008-04-16.log.gz | grep 60104
2008:04:16-17:54:36 (none) ulogd[2529]: id="2017" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Alert" action="log" fwrule="60104" outitf="eth1" srcip="172.27.7.30" dstip="87.99.47.108" proto="17" length="134" tos="0x00" prec="0x00" ttl="63" srcport="57831" dstport="46400"
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
bitonw
over 17 years ago
in reply to
_alex\
that 172.27.7.30 is an dualphone skype phone.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
