Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
311 Views 1 Reply Latest reply: Oct 9, 2013 10:09 AM by Kary Tankink RSS
keith2045 Newcomer 29 posts since
May 17, 2012
Currently Being Moderated

Oct 9, 2013 7:26 AM

HIPS Activity Log

I'm creating some HIPS rules based on the activity log, but the log is confusing to me. For example here is an entry


Blocked Incoming TCP - Source (3269) Destination: (53065)


The machine that this entry came from is (the source). The way i'm reading that entry:


HIPS blocked an Incoming TCP packing froming from (the machine i'm on) and going to the only other thing that i can think of is the request initiated from so HIPS blocked the packet from going out, but why wouldnt it say "blocked outgoing tcp.."

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Oct 9, 2013 10:09 AM (in response to keith2045)
    Re: HIPS Activity Log

    You are reading the log correctly (for Incoming traffic, the Source IP is usually the Remote IP address; Destintation is usually the local IP address or broadcast/multicast address).


    In this case, it appears the Source is trying to initate a new connection into  It's also possible that if the client did send this as an outgoing packet initially (which was allowed), the connection (in the state table) was closed by the time the response came back, hence HIPS will see it as a new (blocked) Inbound connection.

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points