Help interpreting firewall log

fagun

MadCowMan wrote:

I presume both machines see the same symptoms ?

If you mean no BB, then yes.

MadCowMan wrote:

Do you have zonealarm set to ask before it allows a given application external access ?

Yes, except soem applications are given a default yes, including some MS required one - which I assuem are legitimate, but might not be.

MadCowMan wrote:

In terms of scanners , its depends on what you are going to look for, but you'd be better off getting someone else to run a port scan for you.

How do I go about doing that? I like Shields up because it automates the process.

fagun

albertross wrote:

If your router is configured properly, ZA should log any failed attempts from the outside world, the fact that you are not getting anything in ZA, means you are safe.

The is an alternative scanner at http://www.dslreports.com/tools (currently down)
but grc is fine imo.

Assuming that you are using NAT, then it will be testing your router rather than your PC.

VPN may need you to drop your mtu to 1400 or so, because of the extra packet length.

Do you get the same slowness if you plug it in and use a wired ethernet connection?

Yes - Shields Up was scanning the router solely, and said everything all ports are in stealth mode.

Not allowed to plug in the laptop to Ethernet - work security:rolleyes: . MTU setting is currently 1436 (or thereabouts) because that's what Opal told me to drop it to. I'm going to drop it to 1400 this evening.

albertross_2

A wired connection is more secure than wireless, so that is a strange rule!

I think they may be more worried about you plugging it into a cable modem, as opposed to a router.

Is this a vpn only problem? If you are talking about websurfing through a work proxy and vpn connection, then the issue may be at the work end, or possibly due to talk talk throttling vpn

fagun

albertross wrote:

A wired connection is more secure than wireless, so that is a strange rule!

I think they may be more worried about you plugging it into a cable modem, as opposed to a router.

Is this a vpn only problem? If you are talking about websurfing through a work proxy and vpn connection, then the issue may be at the work end, or possibly due to talk talk throttling vpn

There's point-to-point VPN, so thye're not worried about anyone else abusing the wireless connection. They've said a blanket no to wired connections, and disabled the ability to create a local network.

Re. BB problems, it's both work and home PCs, and it's only started post-LLU. I thought it might be a TT specfic problem, but I found that a Pipex customer is having a similar problem as well.

To digress from the original opening post (but actually covering the issue I'm trying to fix):
- upto the weekend, no problems in the morning (at least on the day I was working form home), but really bad BB connectivity - the router showed pretty high connection speeds, but Internet / Outlook did not seem to work. The workaround was to reboot the router, which meant it worked again for a few minutes before stopping again.
- last night, it didn't work at all, except for one 5 minute gap. And the router was logging a different DNS server to the one I'd set on both router and PC (given to me by an Opal engineer).

Firewall log was:
14 November 2006 20:49:41 Restarted by 192.168.123.165
14 November 2006 20:49:49 Modem Initialization OK!
14 November 2006 20:49:54 ACTIVATING
14 November 2006 20:50:01 ACTIVATING
14 November 2006 20:50:03 ADSL Connection Opened
14 November 2006 20:50:03 ADSL OperationMode Available
14 November 2006 20:50:03 The ADSL FIRMWARE VER. is 13.9.45
14 November 2006 20:50:03 Connected with ITU G.DMT mode.
14 November 2006 20:50:03 Data Rate Interleave
14 November 2006 20:50:03 DownStream: 4896 Kbps, UpStream: 448 Kbps
14 November 2006 20:50:03 VendorId near_end:0022
14 November 2006 20:50:03 VendorId far_end:FFFF
14 November 2006 20:50:05 DOD:TCP trigger from 192.168.123.165:1098 to 62.24.128.134:110
14 November 2006 20:50:05 PPPOA start to dial-up
14 November 2006 20:50:46 CHAP3: CHAP authentication success, unit 7719
14 November 2006 20:50:46 IPCP3: IP is 89.241.177.184
14 November 2006 20:50:46 IPCP3: DNS0 is 62.24.252.135
14 November 2006 20:50:46 IPCP3: DNS1 is 62.24.252.134
14 November 2006 20:51:07 LCP terminate recv
14 November 2006 20:51:07 PPP3: closed
14 November 2006 20:51:09 DOD:192.168.123.165 query DNS for uk.yahoo.com
14 November 2006 20:51:09 PPPOA start to dial-up
14 November 2006 20:51:59 CHAP3: CHAP authentication success, unit 5983
14 November 2006 20:51:59 IPCP3: IP is 89.241.178.91
14 November 2006 20:51:59 IPCP3: DNS0 is 62.24.252.135
14 November 2006 20:51:59 IPCP3: DNS1 is 62.24.252.134
14 November 2006 20:52:17 LCP terminate recv
14 November 2006 20:52:17 PPP3: closed
14 November 2006 20:52:18 DOD:192.168.123.165 query DNS for uk.yahoo.com
14 November 2006 20:52:18 PPPOA start to dial-up
14 November 2006 20:52:23 CHAP3: CHAP authentication success, unit 2345
14 November 2006 20:52:24 IPCP3: IP is 89.241.203.100
14 November 2006 20:52:24 IPCP3: DNS0 is 62.24.252.135
14 November 2006 20:52:24 IPCP3: DNS1 is 62.24.252.134
14 November 2006 20:52:51 LCP terminate recv
14 November 2006 20:52:51 PPP3: closed
14 November 2006 20:52:55 DOD:192.168.123.165 query DNS for smtp.gmail.com
14 November 2006 20:52:55 PPPOA start to dial-up
14 November 2006 20:53:14 CHAP3: CHAP authentication success, unit 4338
14 November 2006 20:53:14 IPCP3: IP is 89.241.199.179
14 November 2006 20:53:14 IPCP3: DNS0 is 62.24.252.135
14 November 2006 20:53:14 IPCP3: DNS1 is 62.24.252.134
14 November 2006 20:53:41 LCP terminate recv
14 November 2006 20:53:41 PPP3: closed
14 November 2006 20:53:43 DOD:192.168.123.165 query DNS for smtp.gmail.com
14 November 2006 20:53:43 PPPOA start to dial-up