Robert on 21 Apr 2019 14:13:13 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Messages in security log of my FiOS Quantum router

Hello Bhaskar,

The MAC Address will always remain the same as MAC Addresses is a layer 2 protocol.  As for the rest it looks like responses to your web site surfing.

SPT=443 = The web servers responce

DPT=37085 = The web browsers port it chose when making the connection.

On 4/20/19 6:52 PM, K.S. Bhaskar wrote:
My Verizon FiOS Quantum router has a message like this in the security log every few seconds (not exact; varies):

*<UTCDateTime>*ulogd[895] notice<173> Blocked IN=eth1 OUT= MAC=*<WANMACAddress>*:2c:21:72:60:0f:c1:08:00 SRC= DST=*<WANIPAddress>* LEN=88 TOS=00 PREC=0x00 TTL=90 ID=1443 DF PROTO=TCP SPT=443 DPT=37085 SEQ=1187210841 ACK=1457699171 WINDOW=330 ACK URGP=0 MARK=0

In the above, the SRC IP address changes, as do most of the parameters, but the hex digits after the <WANMACAddress> seem to be constant.

I'm not sure what to make of these messages. They seem to regular and infrequent to be scripts probing for vulnerabilities. But I can't figure out what they are. Ideas welcome. Thank you very much, in advance.

– Bhaskar

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --

Thank you for your time.



Smile, it increases your face value.........

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --