Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Need assistance interpeting Sonicwall log

Posted on 2010-09-23
10
Medium Priority
?
3,655 Views
Last Modified: 2013-11-16
We have a Sonicwall TZ210 installed behind our Netgear DSL modem. The daily log is emailed to be, but I've had problems interpeting it. The following records are in the logs every day. Can someone tell me what they neam?

09/22/2010 06:00:28.016 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:05:26.832 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:10:26.688 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:15:26.544 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:20:26.400 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:25:26.256 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:30:26.112 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:35:25.928 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:40:25.784 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:45:25.640 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 

Open in new window


09/22/2010 09:10:23.736 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:15:23.592 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:18:37.720 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:20:23.448 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:25:23.304 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:30:23.160 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:23.016 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:43.432 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 	192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:40:22.848 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:45:22.704 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:50:22.560 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:52:47.528 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 -192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx

Open in new window

0
Comment
Question by:Tony Giangreco
  • 5
  • 4
10 Comments
 
LVL 6

Expert Comment

by:jkratzer
ID: 33749816
Do you have the sonicwall attempting to do a PPP to your upstream providor?

What type if internet connection do you have???   DSL/T1/Other?

Is the IP address 192.168.0.175 an IP within your network?

It looks like you have someone on the inside trying to do a PPP connection to your TZ.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33751079
jkratzer is on the right track with DSL.  The messages you get is normal for PPPoE which DSL uses.  You can safely disregard them.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753134
We are not uploading anything upstream. We have two types of users:

1. Connect from their laptop inside the facility and use outlook on out server that is behind the firewall
2. remote users connect via sslvpn to check mail and open documents from remote locations.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 33

Expert Comment

by:digitap
ID: 33753413
but, the question is, do you have a DSL type Internet?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753439
Yes
0
 
LVL 33

Expert Comment

by:digitap
ID: 33753678
then, that's what those messages are...communication between the sonicwall and the PPPoE provider.  did they occur suddenly?  did you only recently start receiving the log files via email?  why the concern all of a sudden?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753784
The firewall was installed in April and these messages have been in the logs from the first day of operation.

Is there starter video or tutorial available that describes the log messages?
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 33753829
ah, I see.  regarding your last question, not really.  i've been working with these sonicwall appliances for a number of years and have seen these messages on all the DSL setups.  i just did a quick scan of the sonicwall KB (http://www.sonicwall.com/us/support/kb.asp)...a great resource by the way...and I can't find anything describing the messages.  I scanned through the sonicwall forums and i find information similar to what i posted above.
0
 
LVL 25

Author Closing Comment

by:Tony Giangreco
ID: 33775783
Thanks
0
 
LVL 33

Expert Comment

by:digitap
ID: 33775807
Thanks for the points!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question