[Dshield] CVTWIN DShield Logs Not Matching

Greg Parrott wparrott1 at nc.rr.com
Tue Sep 9 02:53:54 GMT 2003


I think I have discovered why my logs aren't getting converted.  I told
CVTWIN to e-mail me a copy.  Looks like the destination "port" address for
ICMP inbound is getting converted to 0 not 8.  I know it is not a "port",
but the ICMP type.  See the CVTWIN excerpt:

2003-09-08 11:17:29 -04:00 96526936 1 8 0 ICMP
2003-09-08 11:17:30 -04:00 96526936 1 500 500 UDP
2003-09-08 11:17:33 -04:00 96526936 1 8 0 ICMP

My Sonicwall logs, submitted via SONICRELAY, show a source and destination
"port" of 8.

Who do I need to report this to in order to see if it is the desired
behavior (this is a Netgear router reporting to Kiwi Syslogd.)



----- Original Message ----- 
From: "Wayne Larmon" <wlarmon at dshield.org>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Monday, September 08, 2003 12:16 PM
Subject: RE: [Dshield] CVTWIN DShield Logs Not Matching

> > Holy cow, I didn't know there was a new version of cvtwin out. I was
> > 1.1.24 ohhh I feel so out of touch. Any chance we could get a
> > notice posted
> > to this mailing list that there's a new version out?
> Because CVTWIN supports so many different firewalls and routers, it has
> of releases that address issues for one specfic firewall.  So there is no
> reason for most people to be updated for each release.  Unless there is an
> issue that affects your own firewall/router.
> Because there are so many CVTWIN releases, I didn't want to clutter up the
> list with release announcements.  CVTWIN tends to either work or not, so
> there usually isn't a reason for updating if the version you have is
> working.  Except for the cases where somebody reports that CVTWIN is
> rejecting some lines that it shouldn't and the updated version is better
> than the older version.
> When in doubt, check the changelog
> http://www.dshield.org/clients/cvtwinchangelog.php
> CVTWIN download page
> http://www.dshield.org/windows_clients.php
> Wayne Larmon
> DShield.org
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list