Windows Vista Forums

Event 5152

  1. #1


    Mike via WinServerKB.com Guest

    Event 5152

    Windows Server 2008 Web Edition

    I am getting lots of Event 5152 log entries with the following error message:

    ==============================
    The Windows Filtering Platform has blocked a packet.

    Application Information:
    Process ID: 0
    Application Name: -

    Network Information:
    Direction: Inbound
    Source Address: <various IP addresses>
    Source Port: 1176
    Destination Address: <my IP address>
    Destination Port: 80 (ALWAYS THIS HTTP PORT)
    Protocol: 6

    Filter Information:
    Filter Run-Time ID: 68463
    Layer Name: Transport
    Layer Run-Time ID: 13
    =============================================

    What could be wrong? My Windows Firewall allows TCP 80 from any IP and I can
    access the web sites via TCP 80.

    --
    Message posted via WinServerKB.com
    http://www.winserverkb.com/Uwe/Forum...erver/201001/1


      My System SpecsSystem Spec

  2. #2


    Mike via WinServerKB.com Guest

    Re: Event 5152

    Wanted to add that I do see requests from this IP addresses in my IIS logs,
    so proxy does not block them. Any ideas why I am getting lots of these 5152
    events then?

    Mike wrote:

    >Windows Server 2008 Web Edition
    >
    >I am getting lots of Event 5152 log entries with the following error message:
    >
    >==============================
    >The Windows Filtering Platform has blocked a packet.
    >
    >Application Information:
    > Process ID: 0
    > Application Name: -
    >
    >Network Information:
    > Direction: Inbound
    > Source Address: <various IP addresses>
    > Source Port: 1176
    > Destination Address: <my IP address>
    > Destination Port: 80 (ALWAYS THIS HTTP PORT)
    > Protocol: 6
    >
    >Filter Information:
    > Filter Run-Time ID: 68463
    > Layer Name: Transport
    > Layer Run-Time ID: 13
    >=============================================
    >
    >What could be wrong? My Windows Firewall allows TCP 80 from any IP and I can
    >access the web sites via TCP 80.
    --
    Message posted via WinServerKB.com
    http://www.winserverkb.com/Uwe/Forum...erver/201001/1


      My System SpecsSystem Spec

  3. #3


    Dusko Savatovic Guest

    Re: Event 5152

    It is possible that your web server is blocking malicious packets such as
    those that were used in Nimda, Code Red and other viruses/worms etc. IIS
    (Web Server component) in Windows 2008 has already built in functionality
    and filtering that was introduced with IIS Lockdown tool. This tool was
    released to defend against mentioned virus attacks. To see more detail about
    possible attacks to your web server you may install some kind of intrusion
    detection software. BTW attacks against web servers are constant. With
    properly configured (firewalled, filtered)and patched web server you are on
    the safe side, but you should always follow the trends and latest threat
    warnings.


    "Mike via WinServerKB.com" <no@newsgroup> wrote in message
    news:a28276ada11cf@newsgroup

    > Windows Server 2008 Web Edition
    >
    > I am getting lots of Event 5152 log entries with the following error
    > message:
    >
    > ==============================
    > The Windows Filtering Platform has blocked a packet.
    >
    > Application Information:
    > Process ID: 0
    > Application Name: -
    >
    > Network Information:
    > Direction: Inbound
    > Source Address: <various IP addresses>
    > Source Port: 1176
    > Destination Address: <my IP address>
    > Destination Port: 80 (ALWAYS THIS HTTP PORT)
    > Protocol: 6
    >
    > Filter Information:
    > Filter Run-Time ID: 68463
    > Layer Name: Transport
    > Layer Run-Time ID: 13
    > =============================================
    >
    > What could be wrong? My Windows Firewall allows TCP 80 from any IP and I
    > can
    > access the web sites via TCP 80.
    >
    > --
    > Message posted via WinServerKB.com
    > http://www.winserverkb.com/Uwe/Forum...erver/201001/1
    >

      My System SpecsSystem Spec

Event 5152

Similar Threads
Thread Forum
the dns server sendto() function failed. the event data contains the error - event id 7053
Hi! All, How do I resolv this issue? I am looking up for help on various forums - posting it here and hoping to get a resolution soon. event id...
Server General
CAPI2 Event 11 and Event 30 and Event 82 Errors
I have three computers running Vista. Made the mistake of looking in the event log on the one running Vista Ultimate 32-bit and noticed this...
Vista General
HELP need to solve this problem asap - Unable to start event viewer/event log service
Hi all, i tried loading the eventvwr.msc file from system32 folder directly as well as from the administrator tools, but i get: "event log...
Software
Event ID 10 — Event Filter Query Functionality
I did a search for this, but nothing popped. So, if there is another thread, just let me know. I am getting this error, and am uncertain about...
Vista hardware & devices
Boot up Issues - Critical Event Log errors - Event ID = 100, 200, 400, 307, 402
I am getting lots of critical errors in the event viewer. Event ID = 100, 200, 400, 307, 402.... (Below are the details for a couple of them). I...
General Discussion
Firewall Event 5152 and 5157
hi all, id message 5152 the windows filtering platform blocked a packet. 5157 the windows filtering platform has blocked a connection....
Vista networking & sharing
Windows Event Log fails to translate event description.
Actually I want the events description not in XML but in text format. I was able to translate all the logs, say, Security, System and application;...
Vista General