Security Incidents mailing list archives
Re: Invalid IP address
From: "Dave Phelps" <tippenring () tippenring com>
Date: Tue, 22 Oct 2002 01:20:24 -0500
"A log entry with port 0 means that the router didn't need to inspect the port number to allow [or deny] the traffic, such as with the following: access-list 100 permit any any established log" -- Credit: Francois Labreque, comp.dcom.sys.cisco - 11/09/2000 ----- Original Message ----- From: "Steven Lee" <idsforensic () yahoo com> To: <incidents () securityfocus com> Sent: Monday, October 21, 2002 3:05 PM Subject: Invalid IP address | | | I am seeing this on my router syslog after I applied an access list on the | internal interface. Can anyone tell me what this could be? The 68.84.8.41 | is a comcast IP that is active on the network; however, someone inside our | network is attempting to use it to go out to other sites? Thanks for your | help. | | l7.Info X.X.X.X 38644: .Oct 21 13:40:27: %SEC-6-IPACCESSLOGP: list 101 | denied tcp 68.84.8.41(0) -> 67.34.160.17(0), 1 packet | 2002-10-21 13:35:37 Local7.Info X.X.X.X 38645: .Oct 21 13:40:28: % | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 217.121.116.154 | (0), 1 packet | 2002-10-21 13:35:38 Local7.Info X.X.X.X 38646: .Oct 21 13:40:29: % | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 141.156.130.147 | (0), 1 packet | 2002-10-21 13:35:39 Local7.Info X.X.X.X 38647: .Oct 21 13:40:30: % | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 68.9.184.233(0), | 2 packets | 2002-10-21 13:35:40 Local7.Info X.X.X.X 38648: .Oct 21 13:40:32: % | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 24.203.121.105 | (0), 1 packet | 2002-10-21 13:35:41 Local7.Info X.X.X.X 38649: .Oct 21 13:40:33: % | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 67.82.63.49(0), 1 | packet | | -------------------------------------------------------------------------- -- | This list is provided by the SecurityFocus ARIS analyzer service. | For more information on this free incident handling, management | and tracking system please see: http://aris.securityfocus.com | | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Invalid IP address Steven Lee (Oct 21)
- Re: Invalid IP address Kerry Thompson (Oct 21)
- Re: Invalid IP address David Pick (Oct 22)
- Re: Invalid IP address Dave Phelps (Oct 22)
- Re: Invalid IP address Jérôme Tytgat (Oct 23)
- Re: Invalid IP address Kerry Thompson (Oct 21)