[Dshield] Sonicwall / Netgear...

Mitch Thompson mitchthompson at satx.rr.com
Sat Nov 3 15:11:31 GMT 2001


On Friday 02 November 2001 07:32, you wrote:
> Hi.
>
>   A quick notice about Sonicwall and Netgear routers. They both
> have the ability to email an administrator about "policy violations".
>
>   For sonicwall logs, you can send them directly to
> 'sonicwall at dshield.org' to have them included. The Sonicwall setup should
> allow you to manipulate the Subject line of this email. Set it to show
> your userid.
>
>   This feature is still somewhat experimental. So let me know how it goes.
>
> Netgear:
>
>   Some Netgear routers appear to have a similar feature. Does anyone own
> one? If so, I would be interested in looking at the emails to see if we
> can support them like the SonicWall emails.

I have a Netgear RT314 with the latest PROM upgrade (3.25).  The RT314 has 
the ability to send its logs to a remote syslog.  Here is a sample entry:

Oct 28 07:14:20 gatekeeper gatekeeper: IP[Src=24.81.2.176 Dst=24.162.170.xxx 
TCP spo=04219  dpo=27374]}S01>R03mD

Most entries are obvious, but the last part (S01>R03mD) tells which firewall 
rule triggered the entry, the 'D" means the packet was dropped by the 
firewall.

Hope this helps!  Sure would be nice to participate in DShield again.  I was 
participating when I had an ipchains box up.

Mitch




More information about the list mailing list