?
Solved

Need assistance interpeting Sonicwall log

Posted on 2010-09-23
10
Medium Priority
?
3,508 Views
Last Modified: 2013-11-16
We have a Sonicwall TZ210 installed behind our Netgear DSL modem. The daily log is emailed to be, but I've had problems interpeting it. The following records are in the logs every day. Can someone tell me what they neam?

09/22/2010 06:00:28.016 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:05:26.832 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:10:26.688 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:15:26.544 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:20:26.400 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:25:26.256 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:30:26.112 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:35:25.928 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:40:25.784 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 06:45:25.640 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 

Open in new window


09/22/2010 09:10:23.736 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:15:23.592 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:18:37.720 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:20:23.448 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:25:23.304 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:30:23.160 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:23.016 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:35:43.432 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 - 	192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx
09/22/2010 09:40:22.848 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:45:22.704 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:50:22.560 - Info - PPP - PPP message: LCP Echo Request Received  - 0.0.0.0 - 	0.0.0.0 - 	 
09/22/2010 09:52:47.528 - Alert - Intrusion Prevention - 	IP spoof dropped - 	xx.xx.xx.xx, 123, X0 -192.168.0.175, 123, X0, Server8 - 	MAC address: 00:b0:d0:74:xx:xx

Open in new window

0
Comment
Question by:Tony Giangreco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 6

Expert Comment

by:jkratzer
ID: 33749816
Do you have the sonicwall attempting to do a PPP to your upstream providor?

What type if internet connection do you have???   DSL/T1/Other?

Is the IP address 192.168.0.175 an IP within your network?

It looks like you have someone on the inside trying to do a PPP connection to your TZ.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33751079
jkratzer is on the right track with DSL.  The messages you get is normal for PPPoE which DSL uses.  You can safely disregard them.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753134
We are not uploading anything upstream. We have two types of users:

1. Connect from their laptop inside the facility and use outlook on out server that is behind the firewall
2. remote users connect via sslvpn to check mail and open documents from remote locations.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Expert Comment

by:digitap
ID: 33753413
but, the question is, do you have a DSL type Internet?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753439
Yes
0
 
LVL 33

Expert Comment

by:digitap
ID: 33753678
then, that's what those messages are...communication between the sonicwall and the PPPoE provider.  did they occur suddenly?  did you only recently start receiving the log files via email?  why the concern all of a sudden?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 33753784
The firewall was installed in April and these messages have been in the logs from the first day of operation.

Is there starter video or tutorial available that describes the log messages?
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 33753829
ah, I see.  regarding your last question, not really.  i've been working with these sonicwall appliances for a number of years and have seen these messages on all the DSL setups.  i just did a quick scan of the sonicwall KB (http://www.sonicwall.com/us/support/kb.asp)...a great resource by the way...and I can't find anything describing the messages.  I scanned through the sonicwall forums and i find information similar to what i posted above.
0
 
LVL 25

Author Closing Comment

by:Tony Giangreco
ID: 33775783
Thanks
0
 
LVL 33

Expert Comment

by:digitap
ID: 33775807
Thanks for the points!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question