Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Search logging for a specific NAT connection (I need to find the local computer that tried to reach an specific IP.)
  •  
benjalamelami is currently offline benjalamelami

Messages: 72

Karma: 5
Send a private message to this user
Does Kerio supports that?

Currently, my 'Connection' tab in the logs section in Kerio Control shows no results.

Is there any other way or place to look into?
  •  
reiferreira is currently offline reiferreira

Messages: 152
Karma: -7
Send a private message to this user
Go to Traffic Rules and enable Accounting (and log connections)
in all rules that you want to monitore connections.

Reinaldo Ferreira
FCBrasil - General Manager
https://www.fcbrasil.com.br
  •  
ipsys is currently offline ipsys

Messages: 30
Karma: 2
Send a private message to this user
you can also click on 'status' (just above logs) and then 'active connections'. if you know the incoming ip, you can enter that in the filter to see its destination?

for me, i get the same thing - blank connection log. but the status/active connections is producing output.
  •  
benjalamelami is currently offline benjalamelami

Messages: 72

Karma: 5
Send a private message to this user
Yes... well, thank you both. I think I missed my chance to find it, but I have a good candidate to look for.

The thing is somehow, one single request slipped through the firewall and I got flagged as spammer for spreading conficker. And then, I do not know how else to know which host did.

They said:
Quote:
Behind a NAT, you should be able to find the infected machine by looking for attempted connections to IP address "104.244.14.252" or host name "n/a" on any port with a network sniffer such as Wireshark. Equivalently, you can examine your DNS server or proxy server logs to references to "104.244.14.252" or "n/a". See Advanced Techniques for more detail on how to use Wireshark - ignore the references to port 25/SMTP traffic - the identifying activity [/code]is NOT[/code] on port 25.



Thanks anyway.

I will be ready next time.
Previous Topic: 9.2.5 Patch 3
Next Topic: Unable to buy Kerio products no longer.
Goto Forum:
  

 ] [ PDF ]

Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Aug 20 06:34:34 CEST 2018

Total time taken to generate the page: 2.42385 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.