The router is performing NAT and statefull packet inspection only. Currently it had no wan-> lan input channels. and no further ACL defined. It's sole purpose is to relieve the fire wall of DHCP duty. Although it seems to clean up a lot more that that at the moment Both are on a 255.255.255.0 net mask On Tue, 2002-12-10 at 11:22, Jim Terry wrote: > > > Hi Julian, > > Can you post some of the router config- namely what logg commands, are you logging on your ACLs, and if you are logging on the ACLs can you post the ACL? > > Thanks, > > JT > > > Jim Terry --- On Mon 12/09, Julian Young wrote:From: Julian Young [mailto: julian.youngat_private]To: incidentsat_private: 09 Dec 2002 10:37:47 +0100Subject: Odd entries in my Security Router logsI keep seeing these entry in my external routers log files. Does any > one recognize theme and know what type of attack they are. ok is > obviously something to do with DHCP. but i recently had a firewall > compromised and i still don't know how. since that wall had dhcp open > I wounder if this could have been the trick. > > I has left the ip number as they are since none of them belong to me or > in any range i use ! > > # Time Packet Information > Reason Action > 1|Dec 8 02 |From:192.168.7.249 To:192.168.255.254 |match > |block > | 09:37:12 |UDP src port:00068 dest port:00067 |service deny > | > 2|Dec 8 02 |From:192.168.8.250 To:192.168.255.254 |match > |block > | 09:37:12 |UDP src port:00068 dest port:00067 |service deny > | > 3|Dec 8 02 |From:192.168.7.249 To:192.168.255.254 |match > |block > | 15:45:32 |UDP src port:00068 dest port:00067 |service deny > | > > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > > > _______________________________________________ > Join Excite! - http://www.excite.com > The most personalized portal on the Web! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 10:31:16 PST