GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » Search logging for a specific NAT connection (I need to find the local computer that tried to reach an specific IP.)
Search logging for a specific NAT connection [message #139323] Wed, 11 April 2018 01:07 Go to next message
benjalamelami is currently offline  benjalamelami
Messages: 72
Registered: October 2010
Location: Cali
Does Kerio supports that?

Currently, my 'Connection' tab in the logs section in Kerio Control shows no results.

Is there any other way or place to look into?

Report message to a moderator

Re: Search logging for a specific NAT connection [message #139330 is a reply to message #139323] Wed, 11 April 2018 16:23 Go to previous messageGo to next message
reiferreira is currently offline  reiferreira
Messages: 153
Registered: October 2010
Location: Brazil
Go to Traffic Rules and enable Accounting (and log connections)
in all rules that you want to monitore connections.

Reinaldo Ferreira
FCBrasil - General Manager
https://www.fcbrasil.com.br

Report message to a moderator

Re: Search logging for a specific NAT connection [message #139333 is a reply to message #139323] Wed, 11 April 2018 17:16 Go to previous messageGo to next message
ipsys is currently offline  ipsys
Messages: 38
Registered: March 2018
Location: Burkina Faso
you can also click on 'status' (just above logs) and then 'active connections'. if you know the incoming ip, you can enter that in the filter to see its destination?

for me, i get the same thing - blank connection log. but the status/active connections is producing output.

[Updated on: Wed, 11 April 2018 17:17]

Report message to a moderator

Re: Search logging for a specific NAT connection [message #139339 is a reply to message #139333] Wed, 11 April 2018 23:12 Go to previous message
benjalamelami is currently offline  benjalamelami
Messages: 72
Registered: October 2010
Location: Cali
Yes... well, thank you both. I think I missed my chance to find it, but I have a good candidate to look for.

The thing is somehow, one single request slipped through the firewall and I got flagged as spammer for spreading conficker. And then, I do not know how else to know which host did.

They said:
Quote:
Behind a NAT, you should be able to find the infected machine by looking for attempted connections to IP address "104.244.14.252" or host name "n/a" on any port with a network sniffer such as Wireshark. Equivalently, you can examine your DNS server or proxy server logs to references to "104.244.14.252" or "n/a". See Advanced Techniques for more detail on how to use Wireshark - ignore the references to port 25/SMTP traffic - the identifying activity [/code]is NOT[/code] on port 25.



Thanks anyway.

I will be ready next time.

Report message to a moderator

Previous Topic: 9.2.5 Patch 3
Next Topic: Unable to buy Kerio products no longer.
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Tue Sep 26 03:36:43 CEST 2023

Total time taken to generate the page: 0.06057 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software