They are hitting the PRO interface from private addresses. This virtually guarantees that they are coming from your own computers. Odds are that either some of your users are trying to "chat" using MSN Messenger, or else someone has installed some Microsoft software that installed MSN Messenger (Anyone know if the latest release of IE installs MSN Messenger?)
IMHO this would be a safe bet to put on the ignore list. You need to create an outbound filter that denies access from ANY_IP to ANY_IP port 1900 (the destination port from the block message). Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Mike Ayers [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:14 AM > To: [EMAIL PROTECTED] > Subject: [gb-users] MSN Messenger Filter Blocks > > > We are getting a steady stream of filter blocks on the protected > interface as shown below. They are apparently coming from MSN > Messenger. Does anyone know if these packets constitute a security > risk? And if not, which filter do I need to modify to stop logging > this? > > -------------------------------------------------------------- > ---------- > ----- > NOTIFICATION TYPE: GNAT Box FILTER ALARM > CONFIGURATION: PROTECTED=192.168.0.1 > -------------------------------------------------------------- > ---------- > ----- > ALARM NO: 1 > DATE: Monday, Jan 28, 2002 > TIME: 07:58:27 > INTERFACE: PRO (rl0) > ALARM TYPE: Block > IP PACKET: UDP [192.168.0.227/1218]-->[192.168.0.1/1900] l=132 > > > > Thanks, > > _____ > > Mike Ayers > [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
