Odd IDS/Firewall Log Entries
Results 1 to 5 of 5

Thread: Odd IDS/Firewall Log Entries

  1. #1
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550

    Odd IDS/Firewall Log Entries

    My snort and firewall logs have been filling up with entries from a home/residential cable modem IP since about an hour ago and Im a bit confused about what they were trying to do. Can anyone tell me what might have been happening from this screenshot?

  2. #2
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    I cleaned up the logfile to only reflect entries from that IP and it has a lot more info...thanks to anyone who looks at this BTW

    <Edit> ...not myself today...My IP removed

  3. #3
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    1st I now know your IP address ( next time try replace all before posting .. just a suggestion )

    looks like a port scan by maybe a Bagle variant?

    Is 192.168.1.101 infected?? Or maybe putting out some broadcasts? Otherwise, why the hammering on that internal box?

    Do you have snort monitoring outbound connections as well?

    Dshield says they submitted a fightback report to the ISP 1-31-2005 concerning that attacking address.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  4. #4
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    Yup...one of the boxes was infected...not sure how that could have happened. Thanks IKnowNot

  5. #5
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Glad I could help!!
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •