Page 1 of 4 123 ... LastLast
Results 1 to 10 of 36

Thread: router udp logs

  1. #1
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152

    router udp logs

    Fri, 2010-08-27 10:37:02 - UDP packet - Source: 2xx.xxx.xxx.xxx(our ip) - Destination: 2xx.xxx.xxx.xxx (isp dns) - [Ceiling for number of connections reached, dropping packet Src 1403 Dst 53 from SELF]

    I get a bazzillion of these logged on my router everytime a consultant comes in and plugs his MAC laptop into our router...he says its probably his IMAP email....

    I say its a torrent\p2p client??

    your thoughts??

    MLF
    Last edited by morganlefay; August 27th, 2010 at 04:36 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  2. #2
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    uhhh dns?

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    uuuhhh yeah its dns...but why would it roll out 1000s of entries a day while his mac is attached to my router???

    And why would I get "number of connections reached" ???

    And why it only happens when said consultant is connected???

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    right >.< sorry. But at least we can both agree that that traffic is DNS so we can proceed accordingly Can you post some of the DNS queries that are being made? That would shed a lot light on the situation.

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    No...my router only logs incoming ...and not the outgoing??..If he was on my network I would have all requests...but I dont let consultants on the LAN with their machines...I give them internet access direct through the router with a static ip

    I don think its his IMAP client...

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    Well, the DNS response packets would suffice as well.... actually that would be a lot more helpful now that I think of it. ^.^

    I would need to see some of that information if I were to make any sort of discernible judgment on the situation though >.<

  7. #7
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    If ur gonna spend time on this one, dont f@ck around. Create a Consultant LAN and sniff the packets to get to the bottom of it. Also, even though he's not on ur LAN, he may be sucking up bandwidth and impacting your users. QoS to limit bandwidth consumption on the consultant LAN.

    I agree with u. Sounds like p2p/torrent/malware.
    Damn those consultants.

    FYI... Increasingly, I have been told by clients that I am no longer able to plug my laptop into their network. I use an aircard. Perhaps your evil consultant could do same.

    CSR
    In God We Trust....Everything else we backup.

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Ahoy Capt'n Ron...ya ole salt??

    Where you been???

    Thanks for the reply matey......we will see next time he comes in on what I can do?

    Looks like repeated DNS request??...but why??

    Anyhoo nice to see you back

    SMM aka MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #9
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Me and me crew been on hiatus at our secret lair, but with summer almost over, it's time to get back to civilization.

    Perhaps show him the log and ask him, "wtf"?
    In God We Trust....Everything else we backup.

  10. #10
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    I do love copy/paste...

    [quote="Morganlefay"]
    he says its probably his IMAP email.... :roll:
    Bull ****.
    One of two things:
    P2P using a text file to do multiple lookups.
    Malware/Bot searching for home.
    Next time idiot boy comes in - get a hold of his MAC and go to Applications->Utilities->Activity Monitor
    Same as task manager in Windows.
    Also, as csr suggested. WireShark is your friend.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Similar Threads

  1. Auditing Routers: The Checklist - Looking for Feeback
    By KuiXing-2005 in forum Network Security Discussions
    Replies: 2
    Last Post: April 4th, 2005, 04:44 PM
  2. Linksys Router Owners - HEADS UP!
    By thehorse13 in forum Network Security Discussions
    Replies: 31
    Last Post: June 8th, 2004, 08:19 AM
  3. Central Secure Logging in a Win2k Environment
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 5
    Last Post: March 4th, 2004, 05:00 PM
  4. anyone want to help me with some cisco hw?
    By Simo in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: October 28th, 2003, 03:47 PM
  5. how to hack cisco a router... wow
    By NUKEM6 in forum Non-Security Archives
    Replies: 1
    Last Post: February 3rd, 2002, 11:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •