Solved

Netgear FVS-318 log Dest IP 255.255.255.255 ???

Posted on 2004-09-22
4
260 Views
Last Modified: 2010-04-17
My client is receiving several of the following lines of data in their Netgear FVS-318 log and also by a Kiwi Syslog program installed on a nearby workstation which reads all router/firewall syslog activity. It's the Dest IP that unusual. Is this a hack attempt or what?

Dest IP  255.255.255.255     TCP    Port  3128     Src IP 210.49.67.246
0
Comment
Question by:kvnsdr
  • 3
4 Comments
 
LVL 15

Expert Comment

by:scampgb
ID: 12127501
Hi kvnsdr,

It sounds like a virus is trying to elicit a response from your network through a directed broadcast.

Port 3128 is generally used by the Squid proxy, but it's also used by MyDoom.B
This sets itself up as a proxy server on your machine, for starting Denial of Service attacks.

The IP resolves to c210-49-67-246.rochd3.qld.optusnet.com.au - this sounds like a DSL or dial-in account to me.  The machine is probably infected by MyDoom.B

Does that help?
0
 
LVL 1

Author Comment

by:kvnsdr
ID: 12127679
I don't understand how the virus could install on one or more of their workstations if Port 3128 is certainly closed on the firewall???
0
 
LVL 15

Accepted Solution

by:
scampgb earned 125 total points
ID: 12131052
Sorry, probably a mistake in my phrasing.  When I said "their machine", I meant 210.49.67.246

I think the virus is probing your network to see if it can find any of it's little friends.  The firewall is doing its job perfectly by blocking it and reporting it in the log.  I wouldn't consider it to be a hack attempt as such, "just" a virus port scanning.

Still, it would be worthwhile making sure that the AV software on the PCs is up to date :-)

Does that make sense?

0
 
LVL 15

Expert Comment

by:scampgb
ID: 12135151
Glad I could help :-)


0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question