Yes. Find the default filter called, "DEFAULT: Block/nolog stale WWW accesses."
Make a copy of this rule, and change Interface to "PROTECTED", Destination Port to 1900, protocol to "UDP". Make sure that this rule is ahead of the "DEFAULT: Block with alarm any other access" rule and Bob's your uncle. Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Randy Bell [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 31, 2002 9:30 PM > Cc: [EMAIL PROTECTED] > Subject: Re: [gb-users] MSN Messenger Filter Blocks > > > Oops just switched PC's from my daughters machine and her > mouse buttons are > > opposite mine and I just emailed a reply that I was just > going to start > composing. > > Sorry Mike. > > I noticed that I am getting a lot of the RAF blocks on port 1900 on my > protected interface also. I do not have any Windows XP machines on my > network. I checked > the PC that the packets came from and it is running MSN. So > since it is > coming > from inside it is not worth worrying about, but to stop filling up my > firewall logs I > would need to make a filter on the remote access to ignore port 1900? > > Mike Burden wrote: > > > For what it's worth, this doesn't change my original > > assessment -- the messages are coming from within > > your network, so they don't represent a security > > threat. > > > > Having said that, best practice is to always keep > > all of your systems (both MS and non-MS) up to date > > with the latest security patches, even if they are > > behind a firewall. This is especially true of > > security patches for the browser, since the firewall > > can't protect you from that. > > > > Mike Burden > > Lynk Systems > > http://www.lynk.com > > (616)532-4985 > > [EMAIL PROTECTED] > > > > > -----Original Message----- > > > From: Steve Leach [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, January 28, 2002 9:25 AM > > > To: Mike Ayers > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: [gb-users] MSN Messenger Filter Blocks > > > > > > > > > This (I believe) is attributable to some sort of PNP > > > broadcast in Windows > > > XP - see these links: > > > > > > http://xforce.iss.net/alerts/advise106.php > > > > > > http://www.eeye.com/html/Research/Advisories/AD20011220.html > > > > > > Best Regards, > > > > > > Steve Leach > > > Network Manager > > > Miami International Limited > > > Eaglescliffe Logistics Centre > > > Durham Lane > > > Egglescliffe > > > URL: http://www.askalix.com > > > TEL: 01642 356205 > > > e-mail: [EMAIL PROTECTED] > > > > > > > > > ----- Original Message ----- > > > From: "Mike Ayers" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Monday, January 28, 2002 2:14 PM > > > Subject: [gb-users] MSN Messenger Filter Blocks > > > > > > > > > We are getting a steady stream of filter blocks on the protected > > > interface as shown below. They are apparently coming from MSN > > > Messenger. Does anyone know if these packets constitute > a security > > > risk? And if not, which filter do I need to modify to > stop logging > > > this? > > > > > > -------------------------------------------------------------- > > > ---------- > > > ----- > > > NOTIFICATION TYPE: GNAT Box FILTER ALARM > > > CONFIGURATION: PROTECTED=192.168.0.1 > > > -------------------------------------------------------------- > > > ---------- > > > ----- > > > ALARM NO: 1 > > > DATE: Monday, Jan 28, 2002 > > > TIME: 07:58:27 > > > INTERFACE: PRO (rl0) > > > ALARM TYPE: Block > > > IP PACKET: UDP > [192.168.0.227/1218]-->[192.168.0.1/1900] l=132 > > > > > > > > > > > > Thanks, > > > > > > _____ > > > > > > Mike Ayers > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > To subscribe to the digest version first unsubscribe, then > > > e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > To subscribe to the digest version first unsubscribe, then > > e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > -- > Randy Bell > mailto:[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
