Solved

What does this Firewall warning message meand ?

Posted on 2009-07-15
4
511 Views
Last Modified: 2012-05-07
The error log from the Netgear FWG114p (small 4 port firewall) reports these warning messages, like the one below - I understand the ones where it blocks access to some sites (I had put some keywords to reject those websites) - but what does this one

Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]

indicate?  Does it mean that some agent is trying to connect to the firewall interface?  192.168.79.4 is one of the computers on the network, and 1 is the firewall.
[Wed, 2009-07-15 10:45:00] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/clk;210582580;32170325;t?http://travel.travelocity.com/flights/i .[block]
 

[Wed, 2009-07-15 10:45:01] - Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]
 

[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/favicon.ico,WAN - [Block]

[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/activity;src=1903938;type=flight;cat=flight;ord=159410481?,WAN - [Block]

Open in new window

0
Comment
Question by:XCLN
  • 2
  • 2
4 Comments
 
LVL 12

Expert Comment

by:kevin_u
ID: 24866638
That message is telling you that 192.168.7.4 is using a browser to connect to the administative web page of the router.  

Basically someone is accesing the setup screen of the router.   It could just have been you looking at the logs.  If you know for sure that .4 wasn't accessing it at that time legitimately, then it might be a virus or trojan.  
0
 

Author Comment

by:XCLN
ID: 24866653
Thanks Kevin  -  noone was accessing the admin interface or looking at logs - since I did not see any "wrong password" attempts does that mean that whatever malware agent wasnt successful ?
Why then would a malware connect without attempting to log in ? Just to see the login page ?
0
 
LVL 12

Accepted Solution

by:
kevin_u earned 125 total points
ID: 24866676
IF it is malware, it will try to exploit many things.  It might get your router model information to pass on to some controlling site, for someone to come back and hack against it.

0
 

Author Closing Comment

by:XCLN
ID: 31604113
Makes perfect sense - thanks !
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now