What does this Firewall warning message meand ?

The error log from the Netgear FWG114p (small 4 port firewall) reports these warning messages, like the one below - I understand the ones where it blocks access to some sites (I had put some keywords to reject those websites) - but what does this one

Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]

indicate?  Does it mean that some agent is trying to connect to the firewall interface?  192.168.79.4 is one of the computers on the network, and 1 is the firewall.
[Wed, 2009-07-15 10:45:00] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/clk;210582580;32170325;t?http://travel.travelocity.com/flights/i .[block]
 
[Wed, 2009-07-15 10:45:01] - Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]
 
[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/favicon.ico,WAN - [Block]
[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/activity;src=1903938;type=flight;cat=flight;ord=159410481?,WAN - [Block]

Open in new window

XCLNAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevin_uCommented:
That message is telling you that 192.168.7.4 is using a browser to connect to the administative web page of the router.  

Basically someone is accesing the setup screen of the router.   It could just have been you looking at the logs.  If you know for sure that .4 wasn't accessing it at that time legitimately, then it might be a virus or trojan.  
0
XCLNAuthor Commented:
Thanks Kevin  -  noone was accessing the admin interface or looking at logs - since I did not see any "wrong password" attempts does that mean that whatever malware agent wasnt successful ?
Why then would a malware connect without attempting to log in ? Just to see the login page ?
0
kevin_uCommented:
IF it is malware, it will try to exploit many things.  It might get your router model information to pass on to some controlling site, for someone to come back and hack against it.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
XCLNAuthor Commented:
Makes perfect sense - thanks !
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.