-
August 27th, 2010, 04:31 PM
#1
router udp logs
Fri, 2010-08-27 10:37:02 - UDP packet - Source: 2xx.xxx.xxx.xxx(our ip) - Destination: 2xx.xxx.xxx.xxx (isp dns) - [Ceiling for number of connections reached, dropping packet Src 1403 Dst 53 from SELF]
I get a bazzillion of these logged on my router everytime a consultant comes in and plugs his MAC laptop into our router...he says its probably his IMAP email....
I say its a torrent\p2p client??
your thoughts??
MLF
Last edited by morganlefay; August 27th, 2010 at 04:36 PM.
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 27th, 2010, 06:08 PM
#2
-
August 27th, 2010, 06:18 PM
#3
uuuhhh yeah its dns...but why would it roll out 1000s of entries a day while his mac is attached to my router???
And why would I get "number of connections reached" ???
And why it only happens when said consultant is connected???
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 27th, 2010, 06:22 PM
#4
right >.< sorry. But at least we can both agree that that traffic is DNS so we can proceed accordingly Can you post some of the DNS queries that are being made? That would shed a lot light on the situation.
-
August 27th, 2010, 06:33 PM
#5
No...my router only logs incoming ...and not the outgoing??..If he was on my network I would have all requests...but I dont let consultants on the LAN with their machines...I give them internet access direct through the router with a static ip
I don think its his IMAP client...
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 27th, 2010, 06:43 PM
#6
Well, the DNS response packets would suffice as well.... actually that would be a lot more helpful now that I think of it. ^.^
I would need to see some of that information if I were to make any sort of discernible judgment on the situation though >.<
-
August 28th, 2010, 07:22 PM
#7
If ur gonna spend time on this one, dont f@ck around. Create a Consultant LAN and sniff the packets to get to the bottom of it. Also, even though he's not on ur LAN, he may be sucking up bandwidth and impacting your users. QoS to limit bandwidth consumption on the consultant LAN.
I agree with u. Sounds like p2p/torrent/malware.
Damn those consultants.
FYI... Increasingly, I have been told by clients that I am no longer able to plug my laptop into their network. I use an aircard. Perhaps your evil consultant could do same.
CSR
In God We Trust....Everything else we backup.
-
August 30th, 2010, 11:45 AM
#8
Ahoy Capt'n Ron...ya ole salt??
Where you been???
Thanks for the reply matey......we will see next time he comes in on what I can do?
Looks like repeated DNS request??...but why??
Anyhoo nice to see you back
SMM aka MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 30th, 2010, 12:26 PM
#9
Me and me crew been on hiatus at our secret lair, but with summer almost over, it's time to get back to civilization.
Perhaps show him the log and ask him, "wtf"?
In God We Trust....Everything else we backup.
-
August 30th, 2010, 01:20 PM
#10
I do love copy/paste...
[quote="Morganlefay"]
he says its probably his IMAP email.... :roll:
Bull ****.
One of two things:
P2P using a text file to do multiple lookups.
Malware/Bot searching for home.
Next time idiot boy comes in - get a hold of his MAC and go to Applications->Utilities->Activity Monitor
Same as task manager in Windows.
Also, as csr suggested. WireShark is your friend.
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
Similar Threads
-
By KuiXing-2005 in forum Network Security Discussions
Replies: 2
Last Post: April 4th, 2005, 04:44 PM
-
By thehorse13 in forum Network Security Discussions
Replies: 31
Last Post: June 8th, 2004, 08:19 AM
-
By Tiger Shark in forum The Security Tutorials Forum
Replies: 5
Last Post: March 4th, 2004, 05:00 PM
-
By Simo in forum Miscellaneous Security Discussions
Replies: 7
Last Post: October 28th, 2003, 03:47 PM
-
By NUKEM6 in forum Non-Security Archives
Replies: 1
Last Post: February 3rd, 2002, 11:28 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|