none
Firewall log - Win 2008 RRS feed

  • Question

  • My Windows 2008 Firewall log captured a record as follow:-

    # #Fields: date time action protocol src-ip dst-ip src-port dst-port size # tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

    # 2012-07-23 20:29:12 DROP TCP 209.85.175.100 10.0.0.36 443 4981 48 SA # 966076498 3305605894 14300 -

    What does this tell me? Is this an incoming traffic trying to his the server?

    Thanks!

    MS.Siew

    Monday, July 30, 2012 1:53 AM

Answers

  • Hi Siew,

    Thank you for the post.

    Yes, the log means firewall drop incoming TCP protocol packet from 209.85.175.100 (port 443) to 10.0.0.36(port 4981).

    If there are more inquiries on this issue, please feel free to let us know.
     
    Regards


    Rick Tan

    TechNet Community Support

    Tuesday, July 31, 2012 6:11 AM
    Moderator