Solved

Need assistance interpeting Sonicwall log

Posted on 2010-09-23
10
3,245 Views
Last Modified: 2013-11-16
We have a Sonicwall TZ210 installed behind our Netgear DSL modem. The daily log is emailed to be, but I've had problems interpeting it. The following records are in the logs every day. Can someone tell me what they neam?

09/22/2010 06:00:28.016 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:05:26.832 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:10:26.688 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:15:26.544 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:20:26.400 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:25:26.256 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:30:26.112 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:35:25.928 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:40:25.784 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:45:25.640 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 

Open in new window


09/22/2010 09:10:23.736 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:15:23.592 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:18:37.720 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:20:23.448 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:25:23.304 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:30:23.160 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:23.016 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:43.432 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 	192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:40:22.848 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:45:22.704 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:50:22.560 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:52:47.528 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 -192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx

Open in new window

0
Comment
Question by:Tony Giangreco
  • 5
  • 4
10 Comments
 
LVL 6

Expert Comment

by:jkratzer
ID: 33749816
Do you have the sonicwall attempting to do a PPP to your upstream providor?

What type if internet connection do you have???   DSL/T1/Other?

Is the IP address 192.168.0.175 an IP within your network?

It looks like you have someone on the inside trying to do a PPP connection to your TZ.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33751079
jkratzer is on the right track with DSL.  The messages you get is normal for PPPoE which DSL uses.  You can safely disregard them.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753134
We are not uploading anything upstream. We have two types of users:

1. Connect from their laptop inside the facility and use outlook on out server that is behind the firewall
2. remote users connect via sslvpn to check mail and open documents from remote locations.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33753413
but, the question is, do you have a DSL type Internet?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753439
Yes
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 33

Expert Comment

by:digitap
ID: 33753678
then, that's what those messages are...communication between the sonicwall and the PPPoE provider.  did they occur suddenly?  did you only recently start receiving the log files via email?  why the concern all of a sudden?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753784
The firewall was installed in April and these messages have been in the logs from the first day of operation.

Is there starter video or tutorial available that describes the log messages?
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33753829
ah, I see.  regarding your last question, not really.  i've been working with these sonicwall appliances for a number of years and have seen these messages on all the DSL setups.  i just did a quick scan of the sonicwall KB (http://www.sonicwall.com/us/support/kb.asp)...a great resource by the way...and I can't find anything describing the messages.  I scanned through the sonicwall forums and i find information similar to what i posted above.
0
 
LVL 25

Author Closing Comment

by:Tony Giangreco
ID: 33775783
Thanks
0
 
LVL 33

Expert Comment

by:digitap
ID: 33775807
Thanks for the points!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now