Disabling Firewall logging

Similar Messages

• Firewall log - what's this mean?

  I had a hardware router/firewall and IP address server, just down stream from my cable modem until that device died this week. I've reconfigured what I had to use my Airport Graphite to distribute IP addresses and share a single IP address for all the devices on the home network "using NAT and DHCP" and connected 2 computers and a network printer with a simple Ethernet switch/hub. (BTW, this provides noticeably faster speed to the internet!) I already had the OS 10.4 firewall turned on in the 2 MacBooks, but I also now enabled Stealth Mode and for the first time "Firewall logging."
  So I later looked in the log file and I find:
  "Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
  Jan 8 20:49:31 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
  Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80
  Jan 8 20:49:33 Michaels-MacBook ipfw: Stealth Mode connection attempt to TCP 10.0.1.8:52066 from 74.125.19.104:80"
  10.0.1.8 is the IP for this MacBook. I think this says I'm being scanned by someone attempting to use port 52066 (???), from some other computer named 74.125.19.104 port 80 - is that correct? Should I be worried? Is there something else I should enable or disable? Naturally, I turned on the minimum number of services in the Firewall. BTW, how could I find out who/where 74.125.19.104 is? This went on for about 3 minutes last night but seems to have stopped now.
  I think this also makes me believe I should go back to a hardware firewall upstream, right at the 'port of entry,' but I don't see much for sale these days (at home prices) that is a true firewall. I know a new Airport Extreme Basestation says it has a "built-in firewall" but I can't find any information about that feature, ie is it more than just NAT translation? Does anyone have a recommendation for a reasonably priced, easy to set up and manage firewall?
  thanks!

  I have Snort NIDS running on my computer and get port scans similar to this reported to me all the time from numerous websites - for example, from these very discussions.apple.com forums. Port 443 is a server https port, your port 49235 is in all likelihood the randomly created outbound port that you initially established a web browsing connection with, hence, assuming this to be an established connection, it would have been forwarded through your router to your computer (to your 192.168.x.x address). This IPA belongs to akamai.com, I think they handle a lot of online purchasing and online billing stuff and stuff that requires logging in in some manner or another -- were you paying bills or buying something online or in an authenticated website at the time this occurred?
  I don't understand why these port scans from established connections to reputable web servers happen, but I don't believe them to be abnormal. Perhaps someone who is a subject matter expert in enterprise-class web servers could weigh in here and explain what may be going on here.

• TS2709 I have AppleTV and Ipad2 running VJay app to my TV over a private cisco router disabled firewall but I keep loosing the video on my TV after a few minutes what can I do?

  I have AppleTV and Ipad2 running VJay app to my TV over a private cisco router disabled firewall but I keep loosing the video on my TV after a few minutes what can I do?

  I also get this problem on my iPad, so probably not related to the AppleTV. On the iPad I restarted Airport Extreme this time, and then the iPad saw my Home Sharing.
  So to recap, restarting the router or Airport Express allowed the iPad and AppleTV to see Home Sharing. Restarting AppleTV also allows AppleTV to see Home Sharing.
  So does anyone have any idea?
  Thanks

• Why Are There Multiple Instances Of Firefox Preparing To Access Internet According To Firewall Log When I'm Not Launching Them And Nothing Appeared On My Screen

  I had closed Firefox after briefly running it and then tried to reopen it anew but got a message that said "Firefox is already running but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
  I logged off my computer, and later restarted. However, when I checked my Firewall log it showed that during the minute I had my computer on earlier there were about a dozen instances of "Firefox is preparing to access the internet" which were recorded just seconds apart.
  I don't have the problem now -- restarting apparently took care of the issue -- but I don't understand why there were so many instances of Firefox preparing to access the internet when I was not clicking on it all those times, the one time I did I got a message that it already was running, and there were no tabs on my screen to reflect all those supposed instances.
  Thanks for any insight that folks can offer.

  Were that Firefox processes or plugin-container processes?
  *http://kb.mozillazine.org/Plugin-container_and_out-of-process_plugins
  *https://support.mozilla.org/kb/What+is+plugin-container
  In case you are using "Clear history when Firefox closes", try to exclude the cookies in case you currently have selected this.
  *Tools > Options > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
  *https://support.mozilla.org/kb/Clear+Recent+History
  Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, and passwords.
  Firefox will try to remove cookies created by plugins in case you clear the cookies and that can result in plugin-container processes getting created.

• When I try to download iTunes 10.5.3.3 it says "A program required for this install to complete could not be run...." I have uninstalled itunes, restarted my pc, disabled firewall and antivirus. HELP

  I used to have iTunes 4.3.1, something like that, it kept asking me to upgrade but i had an older ipod so i couldnt. I recently broke my ipod so now i have one for itunes 10.5.3.3 because my ipod came shipped with ios5.0 installed. So i tried to update itunes, didnt work.  I uninstalled it, didnt work. I disabled firewall and antiviurs, didnt work. Ive called tech support, as soon as the person hung up thinking that it was working, it stopped working. I REALLY LOVE MUSIC and want songs on my new ipod. Please someone help....

  First try removing and reinstalling all the Apple software using the following or the link within it that applies to XP.
  Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7
  Then try the other items in:
  iPhone, iPad, or iPod touch: Device not recognized in iTunes for Windows

• VPN connection - Firewall Log

  Hi there!
  I got VPN setup and running.
  But when connected, I get a huge list of denied acces in my server firewall log.
  This is just a small part of the list, its displaying a huge amount of ports:
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:63189 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:52190 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:51801 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:63187 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:62158 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:60736 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:49626 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:50363 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:64415 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:65084 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:49345 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:57670 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:63019 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:59496 192.168.0.116:53
  Client: 192.168.0.102
  Server: 192.168.0.116
  Anyone know whats causing this?
  Thanks!

  Hi there!
  I got VPN setup and running.
  But when connected, I get a huge list of denied acces in my server firewall log.
  This is just a small part of the list, its displaying a huge amount of ports:
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:63189 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:52190 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:51801 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:63187 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:62158 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:60736 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:49626 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:50363 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:64415 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:65084 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:49345 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:57670 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:63019 192.168.0.116:53
  ipfw[3352]: 65534 Deny UDP 192.168.0.102:59496 192.168.0.116:53
  Client: 192.168.0.102
  Server: 192.168.0.116
  Anyone know whats causing this?
  Thanks!

• Disable iphone logging function

  My IPhone currently having wifi grayed out problem, and along side with it, the logging function is driving me crazy. Because IPhone attemp to active wifi chip every second. It mean that every second, log will be written because of fail on ative wifi chip and it consume battery as well as storage. For a week it grow over 3GB. So is there anyway that I can disable this logging function on IPhone and/or stop IPhone from attemp to active wifi chip?

  You can try turning WI-FI off all together by going to Settings>Wifi>swipe off. If the problem persists call Apple call 800-275-2273. Good Luck!!!

• Re: How to interpret firewall log?

  I am presently employing advanced firewall settings on my iMac G5 running Tiger 10.4.7, i.e., block udp traffic, enable firewall logging, and enable stealth mode. When I opened the firewall log for the first time today, I realized I didn't know what I was looking at. Can someone help me interpret what's going on? I guess I'm wondering if stealth mode is working properly?
  Here's a sampling of what was happening several days ago:
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52668 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52671 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52678 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52679 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52681 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52688 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52690 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52691 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52693 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52692 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52694 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52695 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52699 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52700 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52698 from 66.230.172.18:80
  Sep 7 14:10:44 iMac-G5 ipfw: Stealth Mode connection attempt to TCP 10.0.1.3:52696 from 66.230.172.18:80

  Yes it is working properly.
  These are often "tail-end charlies" from a connection you've left with your browser. If you move from one website to another, before the first one has fully loaded, then the firewall will log the un-used packets from the first site as "Stealth Mode connection attempt" because your browser is no longer listening to that site. Note that all the "attempts" are on port 80 (http).
  I find, quite often, that ads and images from sites, other than the one you're actually visiting, can take quite a while to arrive, so if you've moved on at least a few packets are wandering around the 'net looking for a home.

• Why ill the flash player not intialize even after disabling firewall and antivisurs software

  Why will the flash player not intialize even after disabling firewall and anitvirus software?

  Windows XP and internet exployer?  I can get the flash player to begin the
  download but stops at about 50% initalization
  Greenleaf Compaction, Inc.
  142 W. Main
  P.O. Box 265
  Hopkins, MI  49328
  Phone:  1-877-552-9369
  Fax:  (269) 793-7298
  New email address: [removed]

• Norton Firewall logging connections from usr/sbin/nmbd every 6 seconds...  What is this, and how can I stop it?

  This whole situation first started with a complaint from my ISP that it appeared I had a trojan virus...  around 1100-1200 messages per hour were being run through their servers via my account.  I have also Anti-Virus enabled, so I was left scratching my head...
  No viruses found on a full scan - so I started watching processes and connections.  This nmbd process is suspicious...  I don't run windows file sharing, nor have I ever.  This just popped up recently.  I also had two mac tech support calls, and one to Symantec - and it ran fine for a couple of days - but it's back again. 
  What is this, and how can I find the culprit, and remove it permanently...?
  Thanks in advance for any advice!
  --Jeff

  Thanks Thomas, appreciate the insight!  Thanks for taking the time to help me think through this...
  I have reset the password  twice now...
  It's only impacting one account, and the ISP says it's local to me - somewhere on my local network.
  I do have a few devices on my home network.  The only one with windows is my macbook air running parallels.  I just use this to browse some web projects I work on (view in IE to make sure everything is looking like it should). 
  The passwords I have used both times - they were ones set by my isp - the type you can't remember, they seem rather strong (upper/lower case letters, numbers, symbols).  That's what leads me to believe it's also local - something on my machine.  And it only seems to be impacting one email account (I have 5 running in Mac Mail).
  WiFi network is protected by WPA2 - just checked to be sure.  All good there.
  Now, in Norton Firewall log - I can see incoming and outgoing connections via Windows File Sharing/nmbd. 
  The reason I feel/felt that this is related to the spam sends is that once I saw the number of connects, and roughly equals the number of sends per hour of spam - I stopped the process with the firewall and suddenly my isp says the spam sends stop. That led me to believe they are related. Perhaps this virus or malware has spoofed it's name and is identifying itself as nmbd?  I have no idea.  Just scared to turn it all off just yet.
  I did notice that Moutain Lion does not run this...  (nmbd).
  I did wonder about the Air sending something off of windows - but this all happened while it was off, laying on the desk next to me.  It rarely gets used unless I'm testing or traveling.
  I can understand nmbd being useful part of the system, I cannot understand how it would be very useful if I didn't turn it on, it connects at that frequency, and I don't have file sharing enabled.  That's why I am hesitant to turn Norton off, and hope that everything just goes away.  I want to try and get this problem figured out as simply turning Norton off doesn't seem like I'm taking steps to eliminate the problem.  Perhaps Norton is causing other issues - and I'll be removing the software asap - but want to make sure the spam sends cease.
  Let me know if that sparks any ideas...  Thanks again! 
  --Jeff

• Home sharing doesn't work without disabling firewall entirely

  Will not work with just an exception to allow incoming connections for iTunes. Must disable firewall entirely. Worked under 10.5.2. Broke with 10.5.3.
  I am on OSX Leopard. Any ideas?

  Thanks! I didn't realise there was a specific forum for Home Sharing... found it now and will repost there.

• .vbs to disable firewall based on OS

  I need to determine OS and disable firewall accordingly.  Windows xp works, however HNetCFg.FwMgr  does not work on Vista or 7 - oh and GPO is not an option - any help much appreciated.  (ignore msgbox as i was simply testing)
  Set objWshShell = WScript.CreateObject("WScript.Shell")
  strOSVersion = objWshShell.RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\CurrentVersion")
  If strOSVersion = "5.1" Then
      Debug.WriteLine("Windows XP")
      Set objFirewall = CreateObject("HNetCfg.FwMgr")
   Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
   objPolicy.FirewallEnabled = FALSE
  ElseIf strOSVersion = "6.0" Then
      Debug.WriteLine("Windows Vista")
      Msgbox ("Hi Iam Tiger Woods")
  ElseIf strOSVersion = "6.1" Then
      Debug.WriteLine("Windows 7")
      Msgbox ("Hi I am Tiger Woods")
  End If

  Hi,
  You can try shelling out using netsh. I haven't tested this but i'd imagine something like this should do the trick:
  Option Explicit
  Dim wshShell, policy, firewall, version, command
  On Error Resume Next
  Set wshShell = WScript.CreateObject("WScript.Shell")
  version = wshShell.RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\CurrentVersion")
  commmand = "Netsh advfirewall set domainprofile state off"
  Select Case version
  Case "5.1"
  Set firewall = CreateObject("HNetCfg.FwMgr")
  Set policy = firewall.LocalPolicy.CurrentProfile
  policy.FirewallEnabled = False
  Case "6.0"
  MsgBox "Upgrade Your Operating System to Windows 7", vbCritical
  Case "6.1"
  wshShell.Run command, 0, False
  Case Else
  WScript.Quit
  End Select
  On Error Goto 0
  Assuming you'll be running the script from an elevated command prompt?
  Cheers Matt :)

• ASA 5520 - ASDM logging: disable rules logging

  Hello all,
  I'm encountering what I think is an issue on logging system on FW ASA 5520 - Asa Version 8.4(2), ASDM version 6.4(5). When I disabled the logging inside a rule from ASDM, or from console with the "log disable" option inside ACL, If I check in ASDM logging real time window I continue to see all the entry related to disabled rules. This is a correct behaviour about ASA logging ? How I can "hide" the entry related to disabled rules (this is what I need for troubleshooting purposes) ?
  Thanks in advance for every reply.
  Regards.

  Hi Paolo,
  Well, if it is just for an specific rule, the log keyword at the end of the ACL should not be there, but if you dont want to see the log at all you can use the command no logging message command.
  Mike

• 2010 Disable circular logging with no storage groups

  I have SBS 2008 and the backup wizard will not complete because of the error Disable circular logging in Exchange. I had previously removed most of exchange because of disk space including the databases.
  So there are no storage groups to remove them using the console . Any suggestions would be fantastic Cheers Todd  

  Hi 15topster,
  There are no storage groups in Exchange 2010 onwards, databases are directly under Organization\Servers and logs are generated for individual DBs seperately.
  You should be able to get the option under Database properties or use below shell command to do it.
  http://www.symantec.com/business/support/index?page=content&id=TECH11310
  To use the Exchange Management Console to disable circular
  logging:
  1.     
  In the console tree,
  navigate to Organization Configuration |
  Mailbox.
  2.     
  In the result pane, on
  the Database Management tab, select the database you want to
  configure.
  3.     
  In the action pane,
  under the database name, click Properties.
  4.     
  Click on the
  Maintenance tab
  5.     
  Clear
  the Enable circular logging check box.
  6.     
  Click
  OK.
  7.   To make your changes
  to the circular logging settings effective, Restart the
  Microsoft Exchange Information Store service, or dismount and then mount all of the databases in the storage group.
  To disable circular logging using Exchange Management Shell, run the
  following command:
  Set-MailboxDatabase -Identity "Database Name" -CircularLoggingEnabled $false
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Stealth mode and firewall logging problems to be resolved please.

  I am running OS X v10.6.8 and am having difficulty setting stealth mode. System Preferences shows stealth mode to be switched on, but System Profiler shows it to be off, no matter how many times I set it and shut down/restart. System profiler also shows firewall logging to be switched off, but there is no facility within the Security/Firewall section of System Preferences to switch it on.

  I think the answer to this is if you have "Block all incoming connections" checked, then "Enable stealth mode" in Sys Prefs is checked but greyed out. Mine is set up that way and I'm seeing, like you, that Stealth Mode is off in System Profiler>Network>Firewall. If you have "Block all incoming" checked, then activating Stealth Mode becomes moot.
  I can only get it undimmed if I uncheck Block all incoming.