[Dshield] NetScreen Log Conversion FUBAR

Wayne Larmon wlarmon at dshield.org
Sun Jun 12 19:20:44 GMT 2005


Because there was a bug in CVTWIN's Kiwi Netscreen converter.  Fixed.  Try
CVTWIN 1.2.38, from http://www.dshield.org/windows_clients.php

Wayne Larmon
DShield.org
wlarmon at dshield.org

> Would someone kindly let me in on why the Dshield UFC doesn't
> recognize the dst-port as being valid?
>
> The background on this log is that it is simply coming off of the Self
> log instead of an implicit deny policy, but the logging format is the
> same.
>
> ScreenOS:  ns5gtadv.5.2.0r1.0
>
>
> 2005-06-12 08:52:28	Local7.Notice	192.168.200.1	HorkJunk: NetScreen
> device_id=HorkJunk  [No Name]system-notification-00257(traffic):
> start_time="2005-06-12 08:51:47" duration=0 policy_id=320001
> service=udp/port:1026 proto=17 src zone=Null dst zone=self action=Deny
> sent=0 rcvd=502 src=61.53.154.81 dst=1.1.1.1 src_port=34853
> dst_port=1026 session_id=0<000>
>
> Rejected: Destination Port is invalid. 1026 session_id=0





More information about the list mailing list