Audit Firewall By Port Number & OS Logging
-
Does anyone have a service, application, or script they use that can correlate an blocked attempt at your filewall with processes running on your computer at the same time?
context: I auditing Windows with forensics tools. I see one blocked attempt from Latin America on my LAN. I am wondering what it was trying to go to on my computer. I am hoping by using a logging tool on the operating system to can find the matching port at that time.
-
Perhaps pfBlocker with OpenID running on LAN? Post a screen of that block so we can see what's going on.
-
"I see one blocked attempt from Latin America on my LAN"
"I am wondering what it was trying to go to on my computer."You mean what on your computer was trying to go there? What port was it - could of just been an add in a website pointing to some server hosted there..
You could use a simple tool like tcpview from MS to see where your applications are going for tcp.. But going to have to really catch it in real time… Not like you can go back days later and see what tried to make a network connection days ago, etc.
