[Dshield] NetGear DG843GT
dshield at yaps4u.net
Tue Jun 21 21:39:00 GMT 2005
As an aside to the doom and gloom around the 'supposed' death of Dshield, I have a question for the masses...
I recently switched over one of my Router/ADSL Modem to a NetGear DG843GT. I now use this as my entry point on to the external ASDL connection.
I have my Netgear forward the logs to a machine on my network which is always on, and is running the latest version of KiwiSysLog (btw - 126.96.36.199 was released on 20th June).
I have no problem submitting my logs, (and hmm. No problem getting reports either), but since I started using the Netgear router, it all of my target addresses are 188.8.131.52
I set up a rule on the Netgear that basically blocks ALL incoming ports from all incoming IP's on both TCP/UDP and logs ALL activity. These events are then sent via the syslog to the machine running Kiwi.
I've had a look at an Ethereal trace, and it is definitely the Netgear that is sending the target addresses of 184.108.40.206.
Actually, the more I think about it, it is probably down to the rule I set on the router.
I wasn't getting much in the way of logs before (other than known DoS Attacks and port scans) because the Netgear filters the rest without logging. It was only after I created the log all filter that that destination addresses changed to 220.127.116.11
So, my apologies if this is now no longer relevant to this forum, but I am wondering if anyone else has had problems with the Netgear DG843GT. (I believe that actual model is not available in North America, but a similar one might be).
In the mean time, I shall go double check the Netgear site and see if I can find anything there.
More information about the list