DUX COMPUTER DIGEST

 

Site Search

Site Info

Home » Forums » Forum Archives » Networking and Internet Sharing » Topic # 1126

Interpret SMC Barricade Wireless Router Log File
btober Aug-20-01 12:33 PM
Can anyone help me interpret the log file from an SMC Barricade Wireless Router? Here is a snippet:

-09:40:49 Unexpected access from 216.238.112.7 to 198.32.1.116 (prot=11)
-09:30:46 Unexpected access from 216.238.112.7 to 216.238.98.41 (prot=11)
-09:30:42 Unexpected access from 216.238.112.7 to 216.238.98.40 (prot=11)
-09:30:42 Unexpected access from 216.238.112.7 to 216.238.98.41 (prot=11)
-08:30:14 Unexpected access from 216.238.112.7 to 216.238.98.40 (prot=11)
-08:30:14 Unexpected access from 216.238.112.7 to 198.32.1.116 (prot=11)
-06:45:00 Unrecognized access from 216.39.134.13:137 to UDP port 137
-06:44:58 Unrecognized access from 216.39.134.13:137 to UDP port 137
-06:44:57 Unrecognized access from 216.39.134.13:137 to UDP port 137
-01:23:36 Unrecognized access from 63.119.26.75:2457 to TCP port 25
-01:23:34 Unrecognized access from 63.119.26.75:2457 to TCP port 25


1. RE: Interpret SMC Barricade Wireless Router Log File
lbyard Aug-20-01 05:36 PM
In response to message 0
These may be scans from the Internet looking for weaknesses… I don’t know for sure.

Unexpected access from 216.238.112.7 to 198.32.1.116 (prot=11) 216.238.112.7 = thebiz.net Your ISP?

06:45:00 Unrecognized access from 216.39.134.13:137
Port 137 -- netbios-ns 137/tcp NETBIOS Name Service

01:23:36 Unrecognized access from 63.119.26.75:2457 to TCP port 25
Port 25/tcp Simple Mail Transfer (longshot… SirCam virus?)

You can look the hosts involved with Netinfo (http://www.netinfo.co.il/), similar programs and on-line DNS lookup services.
Larry


2. RE: Interpret SMC Barricade Wireless Router Log File
btober Aug-20-01 06:36 PM
In response to message 1
Indeed, "thebiz.net" is my ISP. However, my interest was in specifically understanding the phrases "Unrecognized access" and (I think there was a) "Unexpected access".

I previously saw "Unauthorized access" messages in the system log, which someone a few months ago explained to me was, in fact, a hacking attempt that the router firewall functionality successfully foiled.

Also, I haven't seen the "(prot=11)" part of the message before either.

In a couple cases, I entered the IP addresses I didn't recognize in my web browser, looking for a web site, but generally got a 404 error in response.

Once or twice I even did a

ping <addr> -l 65500 -n 10000, just to see what would happen, but I haven't had any FBI agents blasting down my door, yet <g>.

Any more details on the interpretation of the Barricade router system log messages would be most appreciated.


3. RE: Interpret SMC Barricade Wireless Router Log File
lbyard Aug-20-01 09:49 PM
In response to message 2
I think you'll have to go to SMC for more info. Larry

| Home | Guides | How to | Reviews | Online Store | FAQ | Forums | Forum Archives |
| Links | News | Newsletter | About Dux | Advertising | Contact Info | Privacy |