[Dshield] NetGear DG843GT

Chris Wright dshield at yaps4u.net
Tue Jun 21 21:39:00 GMT 2005


Hi,

As an aside to the doom and gloom around the 'supposed' death of Dshield, I have a question for the masses...

I recently switched over one of my Router/ADSL Modem to a NetGear DG843GT.  I now use this as my entry point on to the external ASDL connection.  

I have my Netgear forward the logs to a machine on my network which is always on, and is running the latest version of KiwiSysLog (btw - 7.2.1.8 was released on 20th June).

I have no problem submitting my logs, (and hmm. No problem getting reports either), but since I started using the Netgear router, it all of my target addresses are 1.0.0.0 

I set up a rule on the Netgear that basically blocks ALL incoming ports from all incoming IP's on both TCP/UDP and logs ALL activity.  These events are then sent via the syslog to the machine running Kiwi.

I've had a look at an Ethereal trace, and it is definitely the Netgear that is sending the target addresses of 1.0.0.0.

Actually, the more I think about it, it is probably down to the rule I set on the router.
I wasn't getting much in the way of logs before (other than known DoS Attacks and port scans) because the Netgear filters the rest without logging.  It was only after I created the log all filter that that destination addresses changed to 1.0.0.0

So, my apologies if this is now no longer relevant to this forum, but I am wondering if anyone else has had problems with the Netgear DG843GT.  (I believe that actual model is not available in North America, but a similar one might be).

In the mean time, I shall go double check the Netgear site and see if I can find anything there.

Regards

Chris


--

Chris Wright
http://www.yaps4u.net
 





More information about the list mailing list