Hi Julian, Can you post some of the router config- namely what logg commands, are you logging on your ACLs, and if you are logging on the ACLs can you post the ACL? Thanks, JT Jim Terry --- On Mon 12/09, Julian Young wrote:From: Julian Young [mailto: julian.youngat_private]To: incidentsat_private: 09 Dec 2002 10:37:47 +0100Subject: Odd entries in my Security Router logsI keep seeing these entry in my external routers log files. Does any one recognize theme and know what type of attack they are. ok is obviously something to do with DHCP. but i recently had a firewall compromised and i still don't know how. since that wall had dhcp open I wounder if this could have been the trick. I has left the ip number as they are since none of them belong to me or in any range i use ! # Time Packet Information Reason Action 1|Dec 8 02 |From:192.168.7.249 To:192.168.255.254 |match |block | 09:37:12 |UDP src port:00068 dest port:00067 |service deny | 2|Dec 8 02 |From:192.168.8.250 To:192.168.255.254 |match |block | 09:37:12 |UDP src port:00068 dest port:00067 |service deny | 3|Dec 8 02 |From:192.168.7.249 To:192.168.255.254 |match |block | 15:45:32 |UDP src port:00068 dest port:00067 |service deny | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 09:52:35 PST