Unidentified inbound packets in Sunbelt Kerio PF

Unidentified inbound packets in Sunbelt Kerio PF

am 13.12.2006 20:08:33 von David Millen

DUmeter is showing bursts of inbound traffic at roughly one minute
intervals which have no corresponding entries in the connections tab
of Sunbelt Kerio Personal Firewall. How can I troubleshoot this?
Sunbelt aren't providing support for the product, although it is paid
for and registered.
--
All the best
David Millen
Xativa, Valencia
www.fincacasablanca.com
please reply in group
if you have to email me, remove the obvious:
davidtheobvious@millen.com

Re: Unidentified inbound packets in Sunbelt Kerio PF

am 13.12.2006 20:50:20 von David Millen

On 13 Dec 2006 19:41:29 GMT, Ansgar -59cobalt- Wiechers
wrote:

>David Millen wrote:
>> DUmeter is showing bursts of inbound traffic at roughly one minute
>> intervals which have no corresponding entries in the connections tab
>> of Sunbelt Kerio Personal Firewall. How can I troubleshoot this?
>
>Run a sniffer (e.g. Wireshark [1]) to inspect the traffic.
Downloading it now.
>
>> Sunbelt aren't providing support for the product, although it is paid
>> for and registered.
>
>Dump their product.
Well, yes, but when you've got used to an app which has seemed to
work, it's frustrating to ditch it for something unfamiliar which has
to be installed on a number of machines.
>
>cu
>59cobalt
Thank you for the sensible advice.
--
All the best
David Millen
Xativa, Valencia
www.fincacasablanca.com
please reply in group
if you have to email me, remove the obvious:
davidtheobvious@millen.com

Re: Unidentified inbound packets in Sunbelt Kerio PF

am 13.12.2006 21:46:44 von Ansgar -59cobalt- Wiechers

David Millen wrote:
> DUmeter is showing bursts of inbound traffic at roughly one minute
> intervals which have no corresponding entries in the connections tab
> of Sunbelt Kerio Personal Firewall. How can I troubleshoot this?

Run a sniffer (e.g. Wireshark [1]) to inspect the traffic.

> Sunbelt aren't providing support for the product, although it is paid
> for and registered.

Dump their product.

[1] http://www.wireshark.org/

Superseded for lack of URL :/

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich