Dropped Packets In Firewall And Suspicious Ip's
hi there,
i'm looking deeper into my network traffic and the firewall log (with increased log verbosity) and there are many packet drops due to rules 8,9,26,36 which contain ip's of telecom companies around the globe, many from India, Saudi Arabia, Malesia etc.
first of all, i would like to know what these rules mean, and maybe a few words about packet dropping in bd firewall.
second, i will copy in this topic a few line for example and i would like to know if these requests are normal or fishy.
third: i would like to know which process exactly in my pc is running thhese requests and block it manually (if it is indeed not a normal windows requests).
some examples:
[bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 192.168.1.16:61625, Remote Address: 93.184.220.20:80, Protocol: 6, Local Packet: 0, PID: -1, Process: , Cmd. Line: .
Blocked packet because of rule 8. Direction: Inbound, Local Address: 192.168.1.16:0, Remote Address: 110.172.169.131:0, Protocol: 1, Local Packet: 0, PID: 4, Process: system, Cmd. Line: .
Blocked packet because of rule 36. Direction: Outbound, Local Address: 192.168.1.16:137, Remote Address: 190.124.137.133:137, Protocol: 17, Local Packet: 0, PID: 4, Process: system, Cmd. Line: .
another question - when i look at the network activity i see that the process "system" shows a question mark like an unknown process. what does this question mark means?
thanks a lot!!
