Hi bitonw,
i looked at your logfile and analyzed it.
It shows that four im/p2p protocol's are detected.
Skype from the internal host 172.27.7.30, i assume that is your skypephone.
Bittorrent from the internal host 172.17.7.197, i assume that is our bittorrent client for download ASG images
.
the first false postive detections WinNYwas a packet sent from the internal host 172.27.7.32 with source port 80, therefore i assume this is a webserver.
As i don't know what kind of content gets downloaded from there. If you plan to further investigate your need to check the webserver logfile what kind of data has been downloaded at this timeframe 2008:05:15-06:09:03 from a client with the ip address 90.199.99.147.
If possible please send me the URL so i can verify this false postive on my system (you use the PersonalMessage for that)
The second false postive QQ, was a packet, and now this is strange, from the src ip 172.27.7.31 to the destination ip 172.27.7.31 with the source port of 53.
Is this your DNS server? Do you have any special NAT settings?
in both cases it was a single packet.
i hope this helps,
thx
Gert
v7.193 IM/P2P wrong reports; tencent_qq, bittorrent & winny
Linear Mode
