Security Incidents mailing list archives
RE: Odd entries in my Security Router logs
From: Julian Young <julian.young () nl compuware com>
Date: 10 Dec 2002 12:28:45 +0100
The router is performing NAT and statefull packet inspection only. Currently it had no wan-> lan input channels. and no further ACL defined. It's sole purpose is to relieve the fire wall of DHCP duty. Although it seems to clean up a lot more that that at the moment Both are on a 255.255.255.0 net mask On Tue, 2002-12-10 at 11:22, Jim Terry wrote:
Hi Julian, Can you post some of the router config- namely what logg commands, are you logging on your ACLs, and if you are logging on the ACLs can you post the ACL? Thanks, JT Jim Terry --- On Mon 12/09, Julian Young wrote:From: Julian Young [mailto: julian.young () nl compuware com]To: incidents@securityfocus.comDate: 09 Dec 2002 10:37:47 +0100Subject: Odd entries in my Security Router logsI keep seeing these entry in my external routers log files. Does any one recognize theme and know what type of attack they are. ok is obviously something to do with DHCP. but i recently had a firewall compromised and i still don't know how. since that wall had dhcp open I wounder if this could have been the trick. I has left the ip number as they are since none of them belong to me or in any range i use ! # Time Packet Information Reason Action 1|Dec 8 02 |From:192.168.7.249 To:192.168.255.254 |match |block | 09:37:12 |UDP src port:00068 dest port:00067 |service deny | 2|Dec 8 02 |From:192.168.8.250 To:192.168.255.254 |match |block | 09:37:12 |UDP src port:00068 dest port:00067 |service deny | 3|Dec 8 02 |From:192.168.7.249 To:192.168.255.254 |match |block | 15:45:32 |UDP src port:00068 dest port:00067 |service deny | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web!
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Odd entries in my Security Router logs Jim Terry (Dec 11)
- RE: Odd entries in my Security Router logs Julian Young (Dec 11)
- <Possible follow-ups>
- RE: Odd entries in my Security Router logs Andrews, Jonathan (US - Hermitage) (Dec 11)
- RE: Odd entries in my Security Router logs Julian Young (Dec 11)
- Re: Odd entries in my Security Router logs Michael Sierchio (Dec 11)
- RE: Odd entries in my Security Router logs David Gillett (Dec 11)
- Re: Odd entries in my Security Router logs Valdis . Kletnieks (Dec 12)
- Re: Odd entries in my Security Router logs Valdis . Kletnieks (Dec 12)
- Re: Odd entries in my Security Router logs James C. Slora Jr. (Dec 11)
- Re: Odd entries in my Security Router logs HggdH (Dec 12)