Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 2859 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I see this in the firewall log some days for a few weeks many entries

Barry_Foss
i don't know how this private ip address can be trying this, it also is nothing close to our internal ip scheme

Default DROP DNS 192.168.53.1 :53→x.x.x.x(my public ip) :63923 len=73 ttl=51 tos=0x00 srcmac=c4:17:fe:fe:c9:b6 dstmac=0:1a:8c:17:5f:52


i think the src mac is from Hon Hai Precision Ind. Co.,Ltd. (what do they make)

i have tried making firewall rules to drop and not log or reject and not log, how can i stop this from showing in log so it is not so big when iam trying to find something

have see this on 8.305 and still on 8.306 astaro 320 device


This thread was automatically locked due to age.
Parents
  • 0
    ok here you go i also added a line from a public dns server 4.2.2.1, thanks for anyisight you can give.   How can that 192.168.53.x number be on the internet?

    2012:09:20-00:00:06 astaro7 ulogd[5676]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" mark="0x307c" app="124" srcmac="c4:17:fe:fe:c9:b6" dstmac="0:1a:8c:17:5f:52" srcip="192.168.53.1" dstip="x.x.x.25" proto="17" length="90" tos="0x00" prec="0x00" ttl="51" srcport="53" dstport="65280" 
    2012:09:20-00:00:06 astaro7 ulogd[5676]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" mark="0x307c" app="124" srcmac="c4:17:fe:fe:c9:b6" dstmac="0:1a:8c:17:5f:52" srcip="192.168.53.1" dstip="x.x.x.25" proto="17" length="90" tos="0x00" prec="0x00" ttl="51" srcport="53" dstport="65280" 
    2012:09:20-00:00:06 astaro7 ulogd[5676]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" mark="0x307c" app="124" srcmac="c4:17:fe:fe:c9:b6" dstmac="0:1a:8c:17:5f:52" srcip="4.2.2.1" dstip="x.x.x.25" proto="17" length="90" tos="0x00" prec="0x00" ttl="51" srcport="53" dstport="64713"
Reply
  • 0
    ok here you go i also added a line from a public dns server 4.2.2.1, thanks for anyisight you can give.   How can that 192.168.53.x number be on the internet?

    2012:09:20-00:00:06 astaro7 ulogd[5676]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" mark="0x307c" app="124" srcmac="c4:17:fe:fe:c9:b6" dstmac="0:1a:8c:17:5f:52" srcip="192.168.53.1" dstip="x.x.x.25" proto="17" length="90" tos="0x00" prec="0x00" ttl="51" srcport="53" dstport="65280" 
    2012:09:20-00:00:06 astaro7 ulogd[5676]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" mark="0x307c" app="124" srcmac="c4:17:fe:fe:c9:b6" dstmac="0:1a:8c:17:5f:52" srcip="192.168.53.1" dstip="x.x.x.25" proto="17" length="90" tos="0x00" prec="0x00" ttl="51" srcport="53" dstport="65280" 
    2012:09:20-00:00:06 astaro7 ulogd[5676]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" mark="0x307c" app="124" srcmac="c4:17:fe:fe:c9:b6" dstmac="0:1a:8c:17:5f:52" srcip="4.2.2.1" dstip="x.x.x.25" proto="17" length="90" tos="0x00" prec="0x00" ttl="51" srcport="53" dstport="64713"
Children
No Data