sjalife Posted January 25, 2010 Report Share Posted January 25, 2010 Hi Guys,I have an Astaro Firewall and it is reporting 2 errors PERMANENTLY whenever I open uTorrent from any computer.This is filling up my logs and creating mayhem on my firewall. This errors appear about 3 times / secICMP Flood Error Log Example:2010:01:25-14:18:32 nsm ulogd[3499]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth0" outitf="unknown" dstmac="00:0c:29:58:d3:7a" srcmac="00:00:00:00:00:00" srcip="192.168.0.160" dstip="76.171.98.83" proto="1" length="150" tos="0x00" prec="0x00" ttl="127" type="3" code="3"Portscan Error Log Example:2010:01:25-14:12:03 nsm ulogd[3499]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" seq="0" initf="eth0" outitf="eth2" dstmac="00:0c:29:58:d3:7a" srcmac="00:0c:29:58:d3:8e" srcip="192.168.0.56" dstip="91.199.108.149" proto="6" length="48" tos="0x00" prec="0x00" ttl="62" srcport="59457" dstport="3310" tcpflags="SYN"Does anyone have any idea what this could be?Cheers Link to comment Share on other sites More sharing options...
Firon Posted January 25, 2010 Report Share Posted January 25, 2010 Your firewall's just being overparanoid. Turn off the 'security' features that it's complaining about. Link to comment Share on other sites More sharing options...
sjalife Posted January 26, 2010 Author Report Share Posted January 26, 2010 Thanx Firon,the thing is that it's a corporate firewall, and even though I am the sysadmin, I cannot just turn of the portscan protection and the ICMP and ping attack protection, since the logs and stats show therehave been legit atempts to do so before. (You know that some people have nothing better to do)What is causing this?I understand that uTorrent must scan for open ports in order to create the mutiple connections needed to Get high download speeds, but why is it being detected as an attack?BTW, we are running an Astaro Security Gateway V7I really hope you can help. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.