[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

What does this Firewall warning message meand ?

Posted on 2009-07-15
4
Medium Priority
?
522 Views
Last Modified: 2012-05-07
The error log from the Netgear FWG114p (small 4 port firewall) reports these warning messages, like the one below - I understand the ones where it blocks access to some sites (I had put some keywords to reject those websites) - but what does this one

Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]

indicate?  Does it mean that some agent is trying to connect to the firewall interface?  192.168.79.4 is one of the computers on the network, and 1 is the firewall.
[Wed, 2009-07-15 10:45:00] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/clk;210582580;32170325;t?http://travel.travelocity.com/flights/i .[block]
 
[Wed, 2009-07-15 10:45:01] - Administrator Interface Connecting[TCP] - Source:192.168.79.4,4974 - Destination:192.168.79.1,80 - [Receive]
 
[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/favicon.ico,WAN - [Block]
[Wed, 2009-07-15 10:45:01] - Attempt to access blocked site - Source:192.168.79.4,LAN - Destination:ad.doubleclick.net/activity;src=1903938;type=flight;cat=flight;ord=159410481?,WAN - [Block]

Open in new window

0
Comment
Question by:XCLN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 12

Expert Comment

by:kevin_u
ID: 24866638
That message is telling you that 192.168.7.4 is using a browser to connect to the administative web page of the router.  

Basically someone is accesing the setup screen of the router.   It could just have been you looking at the logs.  If you know for sure that .4 wasn't accessing it at that time legitimately, then it might be a virus or trojan.  
0
 

Author Comment

by:XCLN
ID: 24866653
Thanks Kevin  -  noone was accessing the admin interface or looking at logs - since I did not see any "wrong password" attempts does that mean that whatever malware agent wasnt successful ?
Why then would a malware connect without attempting to log in ? Just to see the login page ?
0
 
LVL 12

Accepted Solution

by:
kevin_u earned 500 total points
ID: 24866676
IF it is malware, it will try to exploit many things.  It might get your router model information to pass on to some controlling site, for someone to come back and hack against it.

0
 

Author Closing Comment

by:XCLN
ID: 31604113
Makes perfect sense - thanks !
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question