[Dshield] Follow Up- Interesting log entries on Netgear FR114P

John Dalton dubuque1 at mchsi.com
Mon Mar 17 02:54:47 GMT 2003


I received another attempt today on my Netgear Router, though from a
familiar site (been discussed on here before), if the I.P is not spoofed,
rt.njabl.org.
Although I can't see why they would have scanned these ports.

Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29736,WAN -
Destination:*.219.102.11,1180,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29738,WAN -
Destination:*.219.102.11,1180,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29739,WAN -
Destination:*.219.102.11,80,[HTTP],LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29740,WAN -
Destination:*.219.102.11,81,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29741,WAN -
Destination:*.219.102.11,1182,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29742,WAN -
Destination:*.219.102.11,3128,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29743,WAN -
Destination:*.219.102.11,4480,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29744,WAN -
Destination:*.219.102.11,6588,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29746,WAN -
Destination:192.168.0.2,8080,LAN [Forward] - [Inbound Rule(1) match]
Sun, 2003-03-16 08:51:36 - Administrator login fail, Access deny -
IP:209.208.0.15
Sun, 2003-03-16 08:51:36 - TCP connection - Source:209.208.0.15,29746,WAN -
Destination:*.219.102.11,8080,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29745,WAN -
Destination:*.219.102.11,8000,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29747,WAN -
Destination:*.219.102.11,8081,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29748,WAN -
Destination:*.219.102.11,8090,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29749,WAN -
Destination:*.219.102.11,7033,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29750,WAN -
Destination:*.219.102.11,8085,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29751,WAN -
Destination:*.219.102.11,8095,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29752,WAN -
Destination:*.219.102.11,8100,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29753,WAN -
Destination:*.219.102.11,8105,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29754,WAN -
Destination:*.219.102.11,8110,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29755,WAN -
Destination:*.219.102.11,80,[HTTP],LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29756,WAN -
Destination:*.219.102.11,81,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29757,WAN -
Destination:*.219.102.11,1182,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:36 - TCP packet - Source:209.208.0.15,29758,WAN -
Destination:*.219.102.11,3128,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:37 - TCP packet - Source:209.208.0.15,29759,WAN -
Destination:*.219.102.11,4480,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:37 - TCP packet - Source:209.208.0.15,29760,WAN -
Destination:*.219.102.11,6588,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:37 - TCP packet - Source:209.208.0.15,29761,WAN -
Destination:*.219.102.11,8000,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:37 - TCP packet - Source:209.208.0.15,29762,WAN -
Destination:192.168.0.2,8080,LAN [Forward] - [Inbound Rule(1) match]
Sun, 2003-03-16 08:51:37 - Administrator login fail, Access deny -
IP:209.208.0.15
Sun, 2003-03-16 08:51:37 - TCP connection - Source:209.208.0.15,29762,WAN -
Destination:*.219.102.11,8080,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:37 - TCP packet - Source:209.208.0.15,29763,WAN -
Destination:*.219.102.11,8081,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:37 - TCP packet - Source:209.208.0.15,29764,WAN -
Destination:*.219.102.11,8090,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:37 - TCP packet - Source:209.208.0.15,29765,WAN -
Destination:*.219.102.11,1181,LAN [Drop] - [Inbound Default rule match]
Sun, 2003-03-16 08:51:39 - Administrator login fail, Access deny -
IP:209.208.0.15
Sun, 2003-03-16 08:51:39 - Administrator login fail, Access deny -
IP:209.208.0.15
Sun, 2003-03-16 08:51:45 - Administrator login fail, Access deny -
IP:209.208.0.15
Sun, 2003-03-16 08:51:45 - Administrator login fail, Access deny -
IP:209.208.0.15
Sun, 2003-03-16 08:51:51 - TCP packet - Source:209.208.0.15,30183,WAN -
Destination:*.219.102.11,25,[SMTP],LAN [Drop] - [Inbound Default rule


Sam Spade traceroute shows:
 1 10.19.96.1      100ms   40ms   30ms  TTL:  0  (No rDNS)
 2 12.215.9.33      30ms   30ms   80ms  TTL:  0
(12-215-9-33.client.mchsi.com ok)
 3 12.215.0.146     90ms   60ms   60ms  TTL:  0
(12-215-0-146.client.mchsi.com ok)
 4 12.123.216.34   140ms   40ms   70ms  TTL:  0  (gbr5-p57.cgcil.ip.att.net
bogus rDNS: host not found [authoritative])
 5 12.122.11.41     90ms   40ms   60ms  TTL:  0
(tbr1-p013501.cgcil.ip.att.net bogus rDNS: host not found [authoritative])
 6 12.123.6.33      60ms   50ms   40ms  TTL:  0  (ggr2-p300.cgcil.ip.att.net
bogus rDNS: host not found [authoritative])
 7 208.175.10.93    80ms   70ms   90ms  TTL:  0
(dcr1-so-3-3-0.Chicago.cw.net ok)
 8 208.175.10.10   120ms   70ms  100ms  TTL:  0
(agr3-so-0-0-0.Chicago.cw.net ok)
 9 208.172.98.61   120ms  100ms  181ms  TTL:  0  (acr1-loopback.Miami.cw.net
ok)
10 208.172.98.3    130ms  120ms  370ms  TTL:  0  (bar1-loopback.Miami.cw.net
ok)
11 208.172.100.202 130ms  110ms  120ms  TTL:  0
(atlanticnet-broadband.Miami.cw.net ok)
12 209.208.99.1    171ms  110ms  201ms  TTL:  0
(orldflma-br-1-f0.atlantic.net ok)
13 209.208.112.134 100ms  101ms   90ms  TTL:  0
(gsvlflma-br-1-s4-1.atlantic.net bogus rDNS: host not found [authoritative])
14 209.208.6.126   130ms  110ms  140ms  TTL:  0
(gsvlfl-br-1-s2-0.atlantic.net bogus rDNS: host not found [authoritative])
15 209.208.0.15    150ms   90ms  160ms  TTL:237
(before-reporting-as-abuse-please-see-www.njabl.org

John Dalton



More information about the list mailing list