Is there a guide to router event logs?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Is there a guide to router event logs?
Is there a guide to router event logs?
20-02-2015 11:29 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is there a wiki / guide to what the messages actually mean in practice? I'm not completely dumb, so with most of them I can make an educated guess, but it would be good to read if anyone has put together a guide to the messages that the firewall / IDS / router displays in case there are additional security steps etc I can take.
Thanks!
Matt
Re: Is there a guide to router event logs?
20-02-2015 5:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Not that I know of - these questions have been asked before. Generally these messages are indication that the firewall is doing its job properly.
IDS = Intrusion Detection System - so anything having this marker is an indication of attempted intrusions being blocked.
It can be beneficial to set the PlusNet firewall - see here https://portal.plus.net/my.html?action=firewall - to at least LOW. This will put the boundary for some attacks at the other end of your "phone" line and slightly reduce your bandwidth utilisation.
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Re: Is there a guide to router event logs?
20-02-2015 6:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Is there a guide to router event logs?
21-02-2015 8:42 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: ejs Most of the stuff that the Plusnet Broadband Firewall "Low" (or higher) member centre setting would block doesn't get logged by the 582n anyway.
Could you give some examples of those please, ,just so we can see what sort of things they are, thanks.
Re: Is there a guide to router event logs?
21-02-2015 9:16 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
IN=ppp0 OUT= MAC= SRC=112.241.190.113 DST=87.112.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=45 ID=30223 DF PROTO=TCP SPT=49993 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
There were typically 100 to 200 connection attempts to port 23 over the course of a day.
Over the 24 hours of yesterday, I have 2 log entries mentioning port 23 from my 582n, and I've only got those log messages because I've enabled tcpchecks=exact. The default is tcpchecks=none so wouldn't even log those.
<81> Feb 20 04:18:01 FIREWALL exact tcp state check (1 of 1): Protocol: TCP Src ip: 23.120.237.114 Src port: 53561 Dst ip: 87.112.my.ip Dst port: 23
<81> Feb 20 20:55:40 FIREWALL exact tcp state check (1 of 1): Protocol: TCP Src ip: 162.201.120.153 Src port: 50934 Dst ip: 87.113.my.ip Dst port: 23
Changing that setting also logs the stuff you get from the forum servers if you use https to access these forums
<81> Feb 21 09:13:14 FIREWALL exact tcp state check (1 of 8): Protocol: TCP Src ip: 84.93.230.178 Src port: 44340 Dst ip: 87.113.my.ip Dst port: 10878
Re: Is there a guide to router event logs?
21-02-2015 9:43 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Is there a guide to router event logs?