Yet another log query - different log..

miker · Feb 14, 2008, 22:43:57

Never had access to such info before so hence this query.

If you lot look at your Event Log do you get loads of these?;

Type Date/Time Event Description
INF 2008-02-14T22:28:33Z fw,fwmon: src=24.64.45.176 dst=87.127.109.249 ipprot=17 sport=27748 dport=1028 Unknown inbound session stopped
INF 2008-02-14T22:28:33Z fw,fwmon: src=24.64.230.215 dst=87.127.109.250 ipprot=17 sport=21331 dport=1027 Unknown inbound session stopped
NTC 2008-02-14T22:28:33Z fw,fwmon: src=24.64.230.215 dst=87.127.109.250 ipprot=17 sport=21331 dport=1028 UDP Port Scan Detected
INF 2008-02-14T22:28:33Z fw,fwmon: src=24.64.230.215 dst=87.127.109.250 ipprot=17 sport=21331 dport=1028 Unknown inbound session stopped
NTC 2008-02-14T22:28:33Z fw,fwmon: src=24.64.54.83 dst=87.127.109.251 ipprot=17 sport=20093 dport=1027 UDP Port Scan Detected
INF 2008-02-14T22:28:33Z fw,fwmon: src=24.64.54.83 dst=87.127.109.251 ipprot=17 sport=20093 dport=1027 Unknown inbound session stopped
INF 2008-02-14T22:28:33Z fw,fwmon: src=24.64.54.83 dst=87.127.109.251 ipprot=17 sport=20093 dport=1028 Unknown inbound session stopped
INF 2008-02-14T22:28:33Z fw,fwmon: src=24.64.239.71 dst=87.127.109.252 ipprot=17 sport=23154 dport=1026 Unknown inbound session stopped
INF 2008-02-14T22:28:33Z fw,fwmon: src=24.64.239.71 dst=87.127.109.252 ipprot=17 sport=23154 dport=1028 Unknown inbound session stopped
NTC 2008-02-14T22:28:33Z fw,fwmon: src=24.64.239.71 dst=87.127.109.252 ipprot=17 sport=23154 dport=1027 UDP Port Scan Detected
INF 2008-02-14T22:28:33Z fw,fwmon: src=24.64.239.71 dst=87.127.109.252 ipprot=17 sport=23154 dport=1027 Unknown inbound session stopped

Sebby · Feb 14, 2008, 22:49:42

It looks like the firewall is just doing its job. It's completely normal for your router to receive requests all the time by bots/infected computers trying to see if there are any open holes.

kinmel · Feb 14, 2008, 22:51:43

yes, busy little log isn't it.

Sebby · Feb 14, 2008, 22:54:11

Those poor routers don't have a minute to relax.

Rik · Feb 14, 2008, 23:58:28

It's a good idea to clear the log every day or two, Mike. Sadly, there doesn't seem to be a way to do it automatically.

miker · Feb 15, 2008, 10:35:45

Thanks.
Yeah I am clearing it. Its just that there was soooo much of it, I was concerned!

Rik · Feb 15, 2008, 11:07:19

Don't be, the firewall seems to be 'industrial strength' compared to anything else I've used.

Lance · Feb 15, 2008, 23:26:45

It seems that with it being a business orientated router, it certainly has better performance!