[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Netgear FVS-318 log Dest IP 255.255.255.255 ???

Posted on 2004-09-22
4
Medium Priority
?
279 Views
Last Modified: 2010-04-17
My client is receiving several of the following lines of data in their Netgear FVS-318 log and also by a Kiwi Syslog program installed on a nearby workstation which reads all router/firewall syslog activity. It's the Dest IP that unusual. Is this a hack attempt or what?

Dest IP  255.255.255.255     TCP    Port  3128     Src IP 210.49.67.246
0
Comment
Question by:kvnsdr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 15

Expert Comment

by:scampgb
ID: 12127501
Hi kvnsdr,

It sounds like a virus is trying to elicit a response from your network through a directed broadcast.

Port 3128 is generally used by the Squid proxy, but it's also used by MyDoom.B
This sets itself up as a proxy server on your machine, for starting Denial of Service attacks.

The IP resolves to c210-49-67-246.rochd3.qld.optusnet.com.au - this sounds like a DSL or dial-in account to me.  The machine is probably infected by MyDoom.B

Does that help?
0
 
LVL 1

Author Comment

by:kvnsdr
ID: 12127679
I don't understand how the virus could install on one or more of their workstations if Port 3128 is certainly closed on the firewall???
0
 
LVL 15

Accepted Solution

by:
scampgb earned 375 total points
ID: 12131052
Sorry, probably a mistake in my phrasing.  When I said "their machine", I meant 210.49.67.246

I think the virus is probing your network to see if it can find any of it's little friends.  The firewall is doing its job perfectly by blocking it and reporting it in the log.  I wouldn't consider it to be a hack attempt as such, "just" a virus port scanning.

Still, it would be worthwhile making sure that the AV software on the PCs is up to date :-)

Does that make sense?

0
 
LVL 15

Expert Comment

by:scampgb
ID: 12135151
Glad I could help :-)


0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question