Re: [PLUG] Messages in security log of my FiOS Quantum router

Robert on 21 Apr 2019 14:13:13 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Messages in security log of my FiOS Quantum router

From: Robert <mlists@zoominternet.net>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Messages in security log of my FiOS Quantum router
Date: Sun, 21 Apr 2019 17:13:07 -0400
Authentication-results: smtp01.armstrong.cmh.synacor.com smtp.user=mlists; auth=pass (LOGIN)
Dkim-signature: v=1; a=rsa-sha1; d=zoominternet.net; s=20180516; c=relaxed/simple; q=dns/txt; i=@zoominternet.net; t=1555881189; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=bfyDos6fkbTWBYBJPda9k31whdA=; b=PSyDH6wRk4Cs0P0dxRQk3FSVVzujA4Mr5A5yj7GKsQTEtItZ2wS0DjVDtVocnsdy GUG6QCpcYFmPmf6cY/OsricrvNGschNg3ONc+jnfDhtPUm4IIbcZAbFIyb4qwlpr d76h08Z8YKNqSy42pt1PjpMOC7YG5M1Ol8kWGEjb9SpTiW0RT1UWsJA6J5ggsted oFPngMdjmMY66gaZo8mfgqZqFY32/oa0h8qmqwQ76/Yvy2rOuNrdV5xdJ+ygNdtA e9fc3SS6rferjjxLAt5A6Ti+Yr4MnXw9Q4+R5bLcuUYA8YzcUEn0pXATSgOPE9LL 29Zf7ytA/JuWHp/qHRQ1XQ==;
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
X_cmae_category: , ,
X_cmae_category: , ,

Hello Bhaskar,

The MAC Address will always remain the same as MAC Addresses is a layer2 protocol. As for the rest it looks like responses to your web sitesurfing.


SPT=443 = The web servers responce

DPT=37085 = The web browsers port it chose when making the connection.





On 4/20/19 6:52 PM, K.S. Bhaskar wrote:

My Verizon FiOS Quantum router has a message like this in the securitylog every few seconds (not exact; varies):
*<UTCDateTime>*ulogd[895] notice<173> Blocked IN=eth1 OUT=MAC=*<WANMACAddress>*:2c:21:72:60:0f:c1:08:00 SRC=31.13.71.50DST=*<WANIPAddress>* LEN=88 TOS=00 PREC=0x00 TTL=90 ID=1443 DFPROTO=TCP SPT=443 DPT=37085 SEQ=1187210841 ACK=1457699171 WINDOW=330ACK URGP=0 MARK=0
In the above, the SRC IP address changes, as do most of theparameters, but the hex digits after the <WANMACAddress> seem to beconstant.
I'm not sure what to make of these messages. They seem to regular andinfrequent to be scripts probing for vulnerabilities. But I can'tfigure out what they are. Ideas welcome. Thank you very much, in advance.
Regards
– Bhaskar

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


Thank you for your time.

--

Regards,
Robert


Smile, it increases your face value.........


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Messages in security log of my FiOS Quantum router
  - From: "K.S. Bhaskar" <ksbhaskar@gmail.com>

References:
- [PLUG] Messages in security log of my FiOS Quantum router
  - From: "K.S. Bhaskar" <ksbhaskar@gmail.com>

Prev by Date: Re: [PLUG] Memory Problem on New Build
Next by Date: Re: [PLUG] Memory Problem on New Build
Previous by thread: [PLUG] Messages in security log of my FiOS Quantum router
Next by thread: Re: [PLUG] Messages in security log of my FiOS Quantum router
Index(es):
- Date
- Thread