The Site > Old Forums > Kerio - Tiny Support > [Kerio 2.x] What is "no owner"?

[Kerio 2.x] What is "no owner"?

Blocked: Out TCP, localhost:9126->64.233.189.104:80, Owner: no owner
 

Well your log is incomplete to start as Kerio doesn't log anything without a rule, unless its from that 'suspicous' setting which just logs garbage/fragmented packets anyway.

No, I always had the "Log suspicious packets" option disabled. The entry was from a 'catch all remaining outbound' rule I placed at the bottom of ruleset (i.e. block all outgoing from any application)

I think it means it cannot determine the owner and most likely the application closed before Kerio could get the info.

That's the OUTBOUND case you have. An INBOUND case happens a lot on things like late DNS replies or connection attempts after closing the program (like bittorrent).

Thanks Bill. Your explanation makes sense.

Among many proggies I've been testing recently, one now comes to mind, a TCP-based traceroute app which runs the trace using TCP SYN packets - which I believe Kerio picks up as "No Owner". Sort of like how the Windows built-in ping which leaves "Owner:TCPIP Kernel Driver" instead of "Owner: PING.EXE".

Yep, you already have the right insight how things really work. There's also a likelihood, Kerio 2.x older technology will get worse and worse at getting things right as the network stack evolves further. Not much you can do about that except... be wise.