[Dshield] Logging problem with Linksys wireless router

Deb Hale haled at pionet.net
Tue Aug 12 13:38:22 GMT 2003


Michael,  I have these routers.  Here is what I had to do to set them up.  I
use LinkLogger software to capture the data and DshieldsUp to format and
send to Dshield.  

Configuration:
Logon to the router administration
Click on the Advanced tab
Click on Forwarding
Click on UPnP Forwarding
Add an entry for 
     SNMP - External Port 162 - click on the UDP bullet - IP 192.168.1.1 -
Check mark in enable.

The ip 192.168.1.1 allows all machines on the network to potentially capture
the data.  You will need to use this if you are getting your workstation IP
addresses thru DHCP. If you have static IP's you can put the IP address of
the workstation running the capture software. You should start seeing
transactions in the capture software.  BTW - XP's ICF does not interfere
with this.  I run ICF, and check it everyday just to make sure nothing
malicious is getting thru the Linksys.  

Let me know if you have any questions.

Deb

Deborah F Hale
Certified Business Continuity Professional/Computer Security Specialist
BCP Enterprise, Inc
Telephone: (712) 252-0361
www.bcpenterprise.com
 


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Michael Steeves
Sent: Monday, August 11, 2003 8:58 PM
To: list at dshield.org
Subject: [Dshield] Logging problem with Linksys wireless router


I've got a Linksys Wireless router (model BEFW11S4) that I'm trying to 
get to log to my local machine (WinXP Home Ed.).  I've downloaded all 
three products that were mentioned on the DShield web site (Linksys's 
LogViewer, Kiwi Syslog and the SNMP utility), and can get none of them 
to grab the incoming/outgoing logs on my router.

I've upgraded the firmware to the latest rev, and still nothing.  Access 
logs are enabled, and I've tried setting the destination address to both 
the specific IP of the WinXP machine, as well as the broadcast address 
for the network (192.168.1.255).

Is this a known issue, or am I missing something?

-Mike

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






More information about the list mailing list