westell 2200 firewall log fills up even when ppp is down
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
westell 2200 firewall log fills up even when ppp is down

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> DSL
Author Message
Mark
Guest
Posted: Tue Sep 21, 2004 7:49 am    Post subject: westell 2200 firewall log fills up even when ppp is down Reply with quote
I've been running my Verizon DSL ok for a few days now.
I run it in manual mode because when I tried automatic
with a 20 minute timeout it seemed it was waking up
when I didn't want it to. Manual is ok since it's very
easy to just hit the modem's http interface and
connect the ppp in just a few seconds.

What I wanted to ask is what is going on with the
huge number of these in the firewall log even when
the Westell 2200 modem is in PPP DOWN mode:

644 00:59:23 mirror0 Inbound
645 00:59:25 mirror0 Inbound
646 00:59:25 mirror0 Inbound
647 00:59:28 mirror0 Inbound
.....etc

these go one hour after hour ranging from every few seconds to
a 30 secs or so.

the Packet details button for a typical one of these says:

Packet Details

Source IP: 70.18.121.120 Destination IP: 70.18.251.209
Protocol: TCP
Source Port: 3715 Destination Port: 445
TCP Flags: 02 ( syn )

the linux host command seems to point to both the source and
destination being verizon addresses. Port 445 I think is for
https but I don't know what 3715 is. The linux /etc/services file
doesn't have a 3715 port entry.

Mark
Back to top
THe NuTTeR
Guest
Posted: Thu Sep 23, 2004 2:17 am    Post subject: Re: westell 2200 firewall log fills up even when ppp is down Reply with quote
445 is labelled as Microsoft-DS on the IANA site. So prolly some kind of
vulnerbility exploit attempt.
Outgoing ports are often fairly random, but in a specific range, but
this port is listed as the "Anoto Rendezvous Port"
Dunno if that helps.
btw, HTTPS is normally 443
G

"Mark" <none@xxxyy.com> wrote in message
news:kxN3d.6448$vd1.506@trnddc03...
Quote:

I've been running my Verizon DSL ok for a few days now.
I run it in manual mode because when I tried automatic
with a 20 minute timeout it seemed it was waking up
when I didn't want it to. Manual is ok since it's very
easy to just hit the modem's http interface and
connect the ppp in just a few seconds.

What I wanted to ask is what is going on with the
huge number of these in the firewall log even when
the Westell 2200 modem is in PPP DOWN mode:

644 00:59:23 mirror0 Inbound
645 00:59:25 mirror0 Inbound
646 00:59:25 mirror0 Inbound
647 00:59:28 mirror0 Inbound
....etc

these go one hour after hour ranging from every few seconds to
a 30 secs or so.

the Packet details button for a typical one of these says:

Packet Details

Source IP: 70.18.121.120 Destination IP: 70.18.251.209
Protocol: TCP Source Port: 3715 Destination Port: 445
TCP Flags: 02 ( syn )

the linux host command seems to point to both the source and
destination being verizon addresses. Port 445 I think is for
https but I don't know what 3715 is. The linux /etc/services file
doesn't have a 3715 port entry.

Mark
Back to top
NormanM
Guest
Posted: Fri Sep 24, 2004 11:02 am    Post subject: Re: westell 2200 firewall log fills up even when ppp is down Reply with quote
In article <kxN3d.6448$vd1.506@trnddc03>, Mark says...

Quote:
Port 445 I think is for
https but I don't know what 3715 is. The linux /etc/services file
doesn't have a 3715 port entry.

HTTPS is port 443. Port 445 is a Windows RPC sort of thing; most Internet
traffic seeking port 445 is a WinWorm of the Blaster, or Sasser variety,
looking for a computer to infect. Port 3715 is in the range of ports
assigned for outbound connections. Most systems start assigning ports at TCP
port 1024 and increment for each outbound request, usually until about 5000,
or so; after that the assignments recycle to 1024. Unless the port
assignment is faster than the wait time for re-assignment; in which case the
ports can go past 5000. Ports in the ten thousands are usually controlled
directly by the application, and not assigned by the TCP/IP process of the
OS.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> DSL All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB