Re: Event 5152



It is possible that your web server is blocking malicious packets such as those that were used in Nimda, Code Red and other viruses/worms etc. IIS (Web Server component) in Windows 2008 has already built in functionality and filtering that was introduced with IIS Lockdown tool. This tool was released to defend against mentioned virus attacks. To see more detail about possible attacks to your web server you may install some kind of intrusion detection software. BTW attacks against web servers are constant. With properly configured (firewalled, filtered)and patched web server you are on the safe side, but you should always follow the trends and latest threat warnings.


"Mike via WinServerKB.com" <no@xxxxxxxx> wrote in message news:a28276ada11cf@xxxxxx
Windows Server 2008 Web Edition

I am getting lots of Event 5152 log entries with the following error message:

==============================
The Windows Filtering Platform has blocked a packet.

Application Information:
Process ID: 0
Application Name: -

Network Information:
Direction: Inbound
Source Address: <various IP addresses>
Source Port: 1176
Destination Address: <my IP address>
Destination Port: 80 (ALWAYS THIS HTTP PORT)
Protocol: 6

Filter Information:
Filter Run-Time ID: 68463
Layer Name: Transport
Layer Run-Time ID: 13
=============================================

What could be wrong? My Windows Firewall allows TCP 80 from any IP and I can
access the web sites via TCP 80.

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-server/201001/1

.