[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

Netgear FVS-318 log Dest IP 255.255.255.255 ???

My client is receiving several of the following lines of data in their Netgear FVS-318 log and also by a Kiwi Syslog program installed on a nearby workstation which reads all router/firewall syslog activity. It's the Dest IP that unusual. Is this a hack attempt or what?

Dest IP  255.255.255.255     TCP    Port  3128     Src IP 210.49.67.246
0
kvnsdr
Asked:
kvnsdr
  • 3
1 Solution
 
scampgbCommented:
Hi kvnsdr,

It sounds like a virus is trying to elicit a response from your network through a directed broadcast.

Port 3128 is generally used by the Squid proxy, but it's also used by MyDoom.B
This sets itself up as a proxy server on your machine, for starting Denial of Service attacks.

The IP resolves to c210-49-67-246.rochd3.qld.optusnet.com.au - this sounds like a DSL or dial-in account to me.  The machine is probably infected by MyDoom.B

Does that help?
0
 
kvnsdrAuthor Commented:
I don't understand how the virus could install on one or more of their workstations if Port 3128 is certainly closed on the firewall???
0
 
scampgbCommented:
Sorry, probably a mistake in my phrasing.  When I said "their machine", I meant 210.49.67.246

I think the virus is probing your network to see if it can find any of it's little friends.  The firewall is doing its job perfectly by blocking it and reporting it in the log.  I wouldn't consider it to be a hack attempt as such, "just" a virus port scanning.

Still, it would be worthwhile making sure that the AV software on the PCs is up to date :-)

Does that make sense?

0
 
scampgbCommented:
Glad I could help :-)


0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now