Solved

What does this Firewall warning message meand ?

Posted on 2009-07-15
4
513 Views
Last Modified: 2012-05-07
The error log from the Netgear FWG114p (small 4 port firewall) reports these warning messages, like the one below - I understand the ones where it blocks access to some sites (I had put some keywords to reject those websites) - but what does this one

Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]

indicate?  Does it mean that some agent is trying to connect to the firewall interface?  192.168.79.4 is one of the computers on the network, and 1 is the firewall.
[Wed, 2009-07-15 10:45:00] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/clk;210582580;32170325;t?http://travel.travelocity.com/flights/i .[block]
 
[Wed, 2009-07-15 10:45:01] - Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]
 
[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/favicon.ico,WAN - [Block]
[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/activity;src=1903938;type=flight;cat=flight;ord=159410481?,WAN - [Block]

Open in new window

0
Comment
Question by:XCLN
  • 2
  • 2
4 Comments
 
LVL 12

Expert Comment

by:kevin_u
ID: 24866638
That message is telling you that 192.168.7.4 is using a browser to connect to the administative web page of the router.  

Basically someone is accesing the setup screen of the router.   It could just have been you looking at the logs.  If you know for sure that .4 wasn't accessing it at that time legitimately, then it might be a virus or trojan.  
0
 

Author Comment

by:XCLN
ID: 24866653
Thanks Kevin  -  noone was accessing the admin interface or looking at logs - since I did not see any "wrong password" attempts does that mean that whatever malware agent wasnt successful ?
Why then would a malware connect without attempting to log in ? Just to see the login page ?
0
 
LVL 12

Accepted Solution

by:
kevin_u earned 125 total points
ID: 24866676
IF it is malware, it will try to exploit many things.  It might get your router model information to pass on to some controlling site, for someone to come back and hack against it.

0
 

Author Closing Comment

by:XCLN
ID: 31604113
Makes perfect sense - thanks !
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Asymmetric Routing (Firewall) 3 78
Sonicwall Web User login Redirect 9 66
SRX240 SYSLOG Setting 6 114
Website Issue 10 79
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question