Netgate SG-1000 microFirewall

Author Topic: Audit Firewall By Port Number & OS Logging  (Read 119 times)

0 Members and 1 Guest are viewing this topic.

Offline senseii

  • Newbie
  • *
  • Posts: 11
  • Karma: +2/-0
    • View Profile
Audit Firewall By Port Number & OS Logging
« on: February 01, 2018, 10:33:24 pm »
Does anyone have a service, application, or script they use that can correlate an blocked attempt at your filewall with processes running on your computer at the same time?

context: I auditing Windows with forensics tools. I see one blocked attempt from Latin America on my LAN. I am wondering what it was trying to go to on my computer. I am hoping by using a logging tool on the operating system to can find the matching port at that time.

Offline KOM

  • Hero Member
  • *****
  • Posts: 5609
  • Karma: +688/-23
    • View Profile
Re: Audit Firewall By Port Number & OS Logging
« Reply #1 on: February 02, 2018, 09:57:38 am »
Perhaps pfBlocker with OpenID running on LAN?  Post a screen of that block so we can see what's going on.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15187
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Audit Firewall By Port Number & OS Logging
« Reply #2 on: February 02, 2018, 02:13:28 pm »
"I see one blocked attempt from Latin America on my LAN"
"I am wondering what it was trying to go to on my computer."

You mean what on your computer was trying to go there?  What port was it - could of just been an add in a website pointing to some server hosted there..

You could use a simple tool like tcpview from MS to see where your applications are going for tcp.. But going to have to really catch it in real time... Not like you can go back days later and see what tried to make a network connection days ago, etc.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)