Windows Vista Forums

Event 5152

  1. #1


    Mike via WinServerKB.com Guest

    Event 5152

    Windows Server 2008 Web Edition

    I am getting lots of Event 5152 log entries with the following error message:

    ==============================
    The Windows Filtering Platform has blocked a packet.

    Application Information:
    Process ID: 0
    Application Name: -

    Network Information:
    Direction: Inbound
    Source Address: <various IP addresses>
    Source Port: 1176
    Destination Address: <my IP address>
    Destination Port: 80 (ALWAYS THIS HTTP PORT)
    Protocol: 6

    Filter Information:
    Filter Run-Time ID: 68463
    Layer Name: Transport
    Layer Run-Time ID: 13
    =============================================

    What could be wrong? My Windows Firewall allows TCP 80 from any IP and I can
    access the web sites via TCP 80.

    --
    Message posted via WinServerKB.com
    http://www.winserverkb.com/Uwe/Forum...erver/201001/1


      My System SpecsSystem Spec

  2.   


  3. #2


    Mike via WinServerKB.com Guest

    Re: Event 5152

    Wanted to add that I do see requests from this IP addresses in my IIS logs,
    so proxy does not block them. Any ideas why I am getting lots of these 5152
    events then?

    Mike wrote:

    >Windows Server 2008 Web Edition
    >
    >I am getting lots of Event 5152 log entries with the following error message:
    >
    >==============================
    >The Windows Filtering Platform has blocked a packet.
    >
    >Application Information:
    > Process ID: 0
    > Application Name: -
    >
    >Network Information:
    > Direction: Inbound
    > Source Address: <various IP addresses>
    > Source Port: 1176
    > Destination Address: <my IP address>
    > Destination Port: 80 (ALWAYS THIS HTTP PORT)
    > Protocol: 6
    >
    >Filter Information:
    > Filter Run-Time ID: 68463
    > Layer Name: Transport
    > Layer Run-Time ID: 13
    >=============================================
    >
    >What could be wrong? My Windows Firewall allows TCP 80 from any IP and I can
    >access the web sites via TCP 80.
    --
    Message posted via WinServerKB.com
    http://www.winserverkb.com/Uwe/Forum...erver/201001/1


      My System SpecsSystem Spec

  4. #3


    Dusko Savatovic Guest

    Re: Event 5152

    It is possible that your web server is blocking malicious packets such as
    those that were used in Nimda, Code Red and other viruses/worms etc. IIS
    (Web Server component) in Windows 2008 has already built in functionality
    and filtering that was introduced with IIS Lockdown tool. This tool was
    released to defend against mentioned virus attacks. To see more detail about
    possible attacks to your web server you may install some kind of intrusion
    detection software. BTW attacks against web servers are constant. With
    properly configured (firewalled, filtered)and patched web server you are on
    the safe side, but you should always follow the trends and latest threat
    warnings.


    "Mike via WinServerKB.com" <no@newsgroup> wrote in message
    news:a28276ada11cf@newsgroup

    > Windows Server 2008 Web Edition
    >
    > I am getting lots of Event 5152 log entries with the following error
    > message:
    >
    > ==============================
    > The Windows Filtering Platform has blocked a packet.
    >
    > Application Information:
    > Process ID: 0
    > Application Name: -
    >
    > Network Information:
    > Direction: Inbound
    > Source Address: <various IP addresses>
    > Source Port: 1176
    > Destination Address: <my IP address>
    > Destination Port: 80 (ALWAYS THIS HTTP PORT)
    > Protocol: 6
    >
    > Filter Information:
    > Filter Run-Time ID: 68463
    > Layer Name: Transport
    > Layer Run-Time ID: 13
    > =============================================
    >
    > What could be wrong? My Windows Firewall allows TCP 80 from any IP and I
    > can
    > access the web sites via TCP 80.
    >
    > --
    > Message posted via WinServerKB.com
    > http://www.winserverkb.com/Uwe/Forum...erver/201001/1
    >

      My System SpecsSystem Spec


Event 5152
Similar Threads
Thread Forum
the dns server sendto() function failed. the event data contains the error - event id 7053 Server General
CAPI2 Event 11 and Event 30 and Event 82 Errors Vista General
HELP need to solve this problem asap - Unable to start event viewer/event log service Software
Firewall Event 5152 and 5157 Vista networking & sharing
Windows Event Log fails to translate event description. Vista General