Yet another log query - different log..

Started by miker, Feb 14, 2008, 22:43:57

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

miker

Never had access to such info before so hence this query.

If you lot look at your Event Log do you get loads of these?;

Type  Date/Time  Event Description
INF  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.45.176 dst=87.127.109.249 ipprot=17 sport=27748 dport=1028 Unknown inbound session stopped
INF  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.230.215 dst=87.127.109.250 ipprot=17 sport=21331 dport=1027 Unknown inbound session stopped
NTC  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.230.215 dst=87.127.109.250 ipprot=17 sport=21331 dport=1028 UDP Port Scan Detected
INF  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.230.215 dst=87.127.109.250 ipprot=17 sport=21331 dport=1028 Unknown inbound session stopped
NTC  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.54.83 dst=87.127.109.251 ipprot=17 sport=20093 dport=1027 UDP Port Scan Detected
INF  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.54.83 dst=87.127.109.251 ipprot=17 sport=20093 dport=1027 Unknown inbound session stopped
INF  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.54.83 dst=87.127.109.251 ipprot=17 sport=20093 dport=1028 Unknown inbound session stopped
INF  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.239.71 dst=87.127.109.252 ipprot=17 sport=23154 dport=1026 Unknown inbound session stopped
INF  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.239.71 dst=87.127.109.252 ipprot=17 sport=23154 dport=1028 Unknown inbound session stopped
NTC  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.239.71 dst=87.127.109.252 ipprot=17 sport=23154 dport=1027 UDP Port Scan Detected
INF  2008-02-14T22:28:33Z  fw,fwmon:  src=24.64.239.71 dst=87.127.109.252 ipprot=17 sport=23154 dport=1027 Unknown inbound session stopped


Sebby

It looks like the firewall is just doing its job. It's completely normal for your router to receive requests all the time by bots/infected computers trying to see if there are any open holes.

kinmel

Alan  ‹(•¿•)›

What is the date of the referendum for England to become an independent country ?

Sebby

Those poor routers don't have a minute to relax.  :D

Rik

It's a good idea to clear the log every day or two, Mike. Sadly, there doesn't seem to be a way to do it automatically. :(
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

miker

Thanks.
Yeah I am clearing it. Its just that there was soooo much of it, I was concerned!

Rik

Don't be, the firewall seems to be 'industrial strength' compared to anything else I've used.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Lance

It seems that with it being a business orientated router, it certainly has better performance!
Lance
_____

This post reflects my own views, opinions and experience, not those of IDNet.