?
Solved

router log

Posted on 2010-09-08
1
Medium Priority
?
315 Views
Last Modified: 2012-05-10
Can anyone help me interpret these logs and determine a plan of action?  One says ACCESS PERMITTED.  The source is a 66. IP. The other is an ATTACK  and the source is my domain?  The ATTACK destination is 75. IP  The 192. IP is my domain, I think.  That number matches up, except for the last 3 digits.

17  2010-09-08 09:48:57 Firewall rule match: TCP (W to L, rule:1) 66.162.203.122:8093 192.168.10.21:80 ACCESS PERMITTED

18  2010-09-08 09:23:54 ip spoofing - WAN TCP (W to W/ZW) 192.168.10.102:80 75.109.218.9:12551 ATTACK
0
Comment
Question by:rodynetwork
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 21

Accepted Solution

by:
Rick_O_Shay earned 1000 total points
ID: 33629315
The first one is saying you are allowing outside access to a web server at 192.168.10.21. If that is not expected you need to change your firewall rules.

The second one is saying something on the outside is trying to fool your router by using an inside address.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question