Need help understanding attack log from D-Link router
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
Need help understanding attack log from D-Link router

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Firewalls
Author Message
Guest
Posted: Mon Nov 21, 2005 5:21 pm    Post subject: Need help understanding attack log from D-Link router Reply with quote
Hi,

I've got a D-Link wireless router. Last night I got about 200 attack
logs sent to me from it - one every few minutes. The contents looked
like the following:

Nov/21/2005 08:12:37
Target IP(192.168.0.255), Target Port(138) Packet Dropped
Nov/21/2005 08:12:37
Spoof IP(192.168.0.104), Spoof Port(138)
Nov/21/2005 08:12:37
Spoof Attack fromd MAC(XX) Detect,
Nov/21/2005 08:04:06
SMTP: send mail succeed
Nov/21/2005 08:04:05
Target IP(192.168.0.255), Target Port(137) Packet Dropped
Nov/21/2005 08:04:05
Spoof IP(192.168.0.104), Spoof Port(137)
Nov/21/2005 08:04:05
Spoof Attack fromd MAC(XX) Detect,

The MAC address in this log corresponds to my MAC address. I've
replaced it here with XX.

The Spoof IP is the IP of my system. The Target IP doesn't exist.

It seems like this attack is internal. But I am not sure why it is
occurring. Can anyone shed any light?

My system is running Windows XP.

Thanks for your help.

Regards,
Steve
Back to top
E.
Guest
Posted: Wed Nov 23, 2005 1:18 am    Post subject: Re: Need help understanding attack log from D-Link router Reply with quote
google@stevesanyal.com wrote:
Quote:
Hi,

I've got a D-Link wireless router. Last night I got about 200 attack
logs sent to me from it - one every few minutes. The contents looked
like the following:

Nov/21/2005 08:12:37
Target IP(192.168.0.255), Target Port(138) Packet Dropped
Nov/21/2005 08:12:37
Spoof IP(192.168.0.104), Spoof Port(138)
Nov/21/2005 08:12:37
Spoof Attack fromd MAC(XX) Detect,
Nov/21/2005 08:04:06
SMTP: send mail succeed
Nov/21/2005 08:04:05
Target IP(192.168.0.255), Target Port(137) Packet Dropped
Nov/21/2005 08:04:05
Spoof IP(192.168.0.104), Spoof Port(137)
Nov/21/2005 08:04:05
Spoof Attack fromd MAC(XX) Detect,

The MAC address in this log corresponds to my MAC address. I've
replaced it here with XX.

The Spoof IP is the IP of my system. The Target IP doesn't exist.

It seems like this attack is internal. But I am not sure why it is
occurring. Can anyone shed any light?

My system is running Windows XP.

Thanks for your help.

Regards,
Steve


Looks like normal winblows advertising netbios names etc to me.
E.
Back to top
Guest
Posted: Wed Nov 23, 2005 2:16 am    Post subject: Re: Need help understanding attack log from D-Link router Reply with quote
I didn't think it was malicious. However, it seems to me like it is an
infinite loop, because I suddenly get my router logs filled with these
requests.

I have turned off attack logging so I don't get 200 logs sent to me in
a few hours. But ideally I'd like to reduce the amount of logging of
this nature. Any idea how?

Thanks,
Steve
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Firewalls All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB