Log flooded with events that denies traffic from port udp 1985 (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting



Message


speedhost -> Log flooded with events that denies traffic from port udp 1985 (26.Jul.2004 10:04:00 PM)

hi all..

I have an isa 2004 located at an ISP

my problem is that my log files are flooded with events that denies traffic from udp port 1985..

they look like this :

ISA2004 2004-07-26 19:45:56 UDP 195.215.5.34:1985 224.0.0.2:1985 195.215.5.34 External Local Host Denied 0xc004000d Default rule Unidentified IP Traffic 0 0 0 0 - - - - 0 0
ISA2004 2004-07-26 19:45:57 UDP 195.215.5.2:1985 224.0.0.2:1985 195.215.5.2 External Local Host Denied 0xc004000d Default rule Unidentified IP Traffic 0 0 0 0 - - - - 0 0
ISA2004 2004-07-26 19:45:57 UDP 195.215.5.12:1985 224.0.0.2:1985 195.215.5.12 External Local Host Denied 0xc004000d Default rule Unidentified IP Traffic 0 0 0 0 - - - - 0 0
ISA2004 2004-07-26 19:45:57 UDP 195.215.5.3:1985 224.0.0.2:1985 195.215.5.3 External Local Host Denied 0xc004000d Default rule Unidentified IP Traffic 0 0 0 0 - - - - 0 0

Is there a way to block or exclude these events ??

i'm logging almost 200mb a day "[Mad]"

Cheers

Brian




speedhost -> RE: Log flooded with events that denies traffic from port udp 1985 (26.Jul.2004 11:45:00 PM)

Got it fixed ! [Roll Eyes]

1.
created a new protocol:

name : Cisco HSRP
portrange : 1985-1985
protocol type : udp
direction : send

2. created a deny rule that contained the following:

name : Cisco HSRP
action : Deny
Protocols : Cisco HSRP
From : External
to : Local Host
condition : All Users

went to properties > action

unchecked "Log requests matching this rule"

Any feedback apriciated

Cheers
Brian




tshinder -> RE: Log flooded with events that denies traffic from port udp 1985 (27.Jul.2004 2:00:00 AM)

Hi Brian,

That'll do it! Thanks for the tip!

Tom




wbplomp -> RE: Log flooded with events that denies traffic from port udp 1985 (14.Feb.2011 8:19:11 AM)

It seems that this work-around doesn't work with TMG. At least not in my scenario.

The error message (loggin) in TMG shows as following:

Log type: Firewall service
Status: An ingoing packet was dropped because its destination address does not exist on the system, and no appropriate forwarding interface exists.
Rule: None - see Result Code
Source: Internal (172.n.n.host:1985)
Destination: External (224.0.0.2:1985)
Protocol: [Enterprise] HSRP
Result Code: 0xc0040050 FWX_E_TCPIP_DROP_IP_NOT_LOCALLY_DESTINED


I also created a user-defined HSRP (UDP/1985) protocol. I created a rule that blocks all traffic with that protocol destionation to 224.0.0.2, later on to External, Local Host and etc. None of it seems to work. As you can see the rule "None - See Result Code" is mentioned. It looks like the error message is logged before it reaches the Access Rules.

Any suggestions?




Page: [1]