?
Solved

What does this Firewall warning message meand ?

Posted on 2009-07-15
4
Medium Priority
?
520 Views
Last Modified: 2012-05-07
The error log from the Netgear FWG114p (small 4 port firewall) reports these warning messages, like the one below - I understand the ones where it blocks access to some sites (I had put some keywords to reject those websites) - but what does this one

Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]

indicate?  Does it mean that some agent is trying to connect to the firewall interface?  192.168.79.4 is one of the computers on the network, and 1 is the firewall.
[Wed, 2009-07-15 10:45:00] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/clk;210582580;32170325;t?http://travel.travelocity.com/flights/i .[block]
 
[Wed, 2009-07-15 10:45:01] - Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]
 
[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/favicon.ico,WAN - [Block]
[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/activity;src=1903938;type=flight;cat=flight;ord=159410481?,WAN - [Block]

Open in new window

0
Comment
Question by:XCLN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 12

Expert Comment

by:kevin_u
ID: 24866638
That message is telling you that 192.168.7.4 is using a browser to connect to the administative web page of the router.  

Basically someone is accesing the setup screen of the router.   It could just have been you looking at the logs.  If you know for sure that .4 wasn't accessing it at that time legitimately, then it might be a virus or trojan.  
0
 

Author Comment

by:XCLN
ID: 24866653
Thanks Kevin  -  noone was accessing the admin interface or looking at logs - since I did not see any "wrong password" attempts does that mean that whatever malware agent wasnt successful ?
Why then would a malware connect without attempting to log in ? Just to see the login page ?
0
 
LVL 12

Accepted Solution

by:
kevin_u earned 500 total points
ID: 24866676
IF it is malware, it will try to exploit many things.  It might get your router model information to pass on to some controlling site, for someone to come back and hack against it.

0
 

Author Closing Comment

by:XCLN
ID: 31604113
Makes perfect sense - thanks !
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question