This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Logging

All-

I am seeing in the firewall log since the upgrade to version 9.101-12 an enormous number of dropped entries for firewall rule 6003, tcpflags="ACK PSH FIN". They appear from an number of sources. One of the source sites is this one. I created a firewall rule any>WebGroup>drop and placed it right after websurfing. WebGroup contains http>source 1:65535> destination 80, and the same for https substuing port 80 with port 443. The log traffic box is unchecked. Can the fwrule 6003 be edited to turn off logging? My hair is now in a pile on the floor....Thanks, Jim

2013:06:08-09:52:47 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1632" tcpflags="ACK PSH FIN"
2013:06:08-09:52:48 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.177" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1638" tcpflags="ACK PSH FIN"
2013:06:08-09:52:48 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.177" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1639" tcpflags="ACK PSH FIN"
2013:06:08-09:53:06 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="85.115.22.9" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1671" tcpflags="ACK PSH FIN"
2013:06:08-09:53:59 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="85.115.22.9" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1671" tcpflags="ACK PSH FIN"

This thread was automatically locked due to age.

Parents

0 BAlfson over 12 years ago

That's why I wanted to see any related Firewall log line(s) from the same time. [;)]

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 12 years ago

That's why I wanted to see any related Firewall log line(s) from the same time. [;)]

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 scottj_01 over 12 years ago in reply to BAlfson

Hi Bob,

The times for the enclosed logs match up with some overlap. Here are both the firewall and web filter logs from today:

Thansks,
Jim

Web Filter:

2013:06:09-09:29:33 Oasis httpproxy[8269]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="192.168.1.2" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3095" request="0xafe56a8" url="i.dslr.net/.../aj6m.js
2013:06:09-09:29:33 Oasis httpproxy[8269]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="192.168.1.2" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3099" request="0xb215e50" url="i.dslr.net/.../ct2m.js
2013:06:09-09:29:33 Oasis httpproxy[8269]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="192.168.1.2" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3093" request="0xb07d198" url="i.dslr.net/.../logo.gif" exceptions="" error="" country="United States" reason="category" category="130" reputation="malicious" categoryname="Malicious Sites"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="192.168.1.2" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3095" request="0xb386ca0" url="i.dslr.net/.../aj6m.js
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7936" request="0xb07e090" url="i.dslr.net/.../gif"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3625" request="0xb07e090" url="i.dslr.net/.../gif"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="192.168.1.2" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3099" request="0xc35f1c8" url="i.dslr.net/.../ct2m.js
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2411" request="0xb07e090" url="i.dslr.net/.../gif"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1033" request="0xb07e510" url="i.dslr.net/.../gif"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3606" request="0xaed1048" url="i.dslr.net/.../gif"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3467" request="0xb9e19b8" url="i.dslr.net/.../gif"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="192.168.1.2" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3093" request="0xb07e090" url="i.dslr.net/.../logo.gif" exceptions="" error="" country="United States" reason="category" category="130" reputation="malicious" categoryname="Malicious Sites"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xaed1048" url="i.dslr.net/1ptrans.gif" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="192.168.1.2" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3089" request="0xaed1048" url="i.dslr.net/gradgrey.gif" exceptions="" error="" country="United States" reason="category" category="130" reputation="malicious" categoryname="Malicious Sites"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xb07e510" url="i.dslr.net/.../feed.png" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xb9e19b8" url="i.dslr.net/toolbox_like.png" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="192.168.1.2" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3081" request="0xb07e510" url="i.dslr.net/grad.gif" exceptions="" error="" country="United States" reason="category" category="130" reputation="malicious" categoryname="Malicious Sites"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xb7970c8" url="i.dslr.net/.../FIBER14.gif" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xb9e19b8" url="i.dslr.net/.../CABLE14.gif" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xb7970c8" url="i.dslr.net/.../bigsmile.gif" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xb9e19b8" url="i.dslr.net/.../1315000.gif" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xbcca650" url="i.dslr.net/.../grad0-a6a5a5-30-2.gif" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xbfb5008" url="i.dslr.net/.../bullet_blue.png" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xb9e1538" url="i.dslr.net/.../grad0-a6a5a5-100-2.gif" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"
2013:06:09-09:29:34 Oasis httpproxy[8269]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="209.123.109.176" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xb9e16b8" url="i.dslr.net/.../fade0-c6c5c5-50-2.gif" exceptions="" error="" country="United States" category="177" reputation="unverified" categoryname="Content Server"

Firewall log:

2013:06:09-09:29:33 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4697" tcpflags="ACK PSH FIN"
2013:06:09-09:29:34 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.177" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4630" tcpflags="ACK PSH FIN"
2013:06:09-09:29:34 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4684" tcpflags="ACK PSH FIN"
2013:06:09-09:29:34 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4699" tcpflags="ACK PSH FIN"
2013:06:09-09:29:34 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.177" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4704" tcpflags="ACK PSH FIN"
2013:06:09-09:29:34 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.177" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4703" tcpflags="ACK PSH FIN"
2013:06:09-09:29:34 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.177" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4615" tcpflags="ACK PSH FIN"
2013:06:09-09:29:34 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4686" tcpflags="ACK PSH FIN"
2013:06:09-09:29:35 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4687" tcpflags="ACK PSH FIN"
2013:06:09-09:29:35 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4685" tcpflags="ACK PSH FIN"
2013:06:09-09:29:37 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4697" tcpflags="ACK PSH FIN"
2013:06:09-09:29:37 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4684" tcpflags="ACK PSH FIN"
2013:06:09-09:29:37 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.177" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4622" tcpflags="ACK PSH FIN"
2013:06:09-09:29:38 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="4699" tcpflags="ACK PSH FIN"
Cancel
Vote Up 0 Vote Down

Cancel