[Kerio 2.x] What is "no owner"?

Author	All Replies
shearer Northern Lights Premium join:2002-06-18 Toronto, ON clubs: edit: September 6th, @06:11AM	[Kerio 2.x] What is "no owner"? This thread is merely here to satisfy my curiosity. Some entries in KPF 2.1.5 logs show the application as "No owner", per sample below. Blocked: Out TCP, localhost:9126->64.233.189.104:80, Owner: no owner Well I roughly guess that "no owner" means no application owns the packet. But I was wondering if some knowlegable guru here can provide a deeper explanation as to the causes behind it. Such as why does a packet has "no owner"? thanks
	to forum · permalink · 2007-09-01 14:37:47 · (locked)
BlitzenZeus Burnt Out Cynic Premium,MVM join:2000-01-13 Oregon, USA	Well your log is incomplete to start as Kerio doesn't log anything without a rule, unless its from that 'suspicous' setting which just logs garbage/fragmented packets anyway.
	to forum · permalink · 2007-09-06 04:56:14 · (locked)
shearer Northern Lights Premium join:2002-06-18 Toronto, ON clubs:	No, I always had the "Log suspicious packets" option disabled. The entry was from a 'catch all remaining outbound' rule I placed at the bottom of ruleset (i.e. block all outgoing from any application)
	to forum · permalink · 2007-09-06 06:10:20 · (locked)
Bill_MI Bill In Michigan Premium,MVM join:2001-01-03 Royal Oak, MI ·EarthLink	I think it means it cannot determine the owner and most likely the application closed before Kerio could get the info. That's the OUTBOUND case you have. An INBOUND case happens a lot on things like late DNS replies or connection attempts after closing the program (like bittorrent).
	to forum · permalink · 2007-09-06 06:32:24 · (locked)
shearer Northern Lights Premium join:2002-06-18 Toronto, ON clubs:	Thanks Bill. Your explanation makes sense. Among many proggies I've been testing recently, one now comes to mind, a TCP-based traceroute app which runs the trace using TCP SYN packets - which I believe Kerio picks up as "No Owner". Sort of like how the Windows built-in ping which leaves "Owner:TCPIP Kernel Driver" instead of "Owner: PING.EXE".
	to forum · permalink · 2007-09-06 14:53:52 · (locked)
Bill_MI Bill In Michigan Premium,MVM join:2001-01-03 Royal Oak, MI ·EarthLink	Yep, you already have the right insight how things really work. There's also a likelihood, Kerio 2.x older technology will get worse and worse at getting things right as the network stack evolves further. Not much you can do about that except... be wise.
	to forum · permalink · 2007-09-06 19:19:44 · (locked)


Wednesday, 19-Nov 11:20:24	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com.republican-creole page compression OFF