K.S. Bhaskar on 22 Apr 2019 06:25:06 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Messages in security log of my FiOS Quantum router

Thank you, Robert. That makes sense.

Regards
– Bhaskar

On Sun, Apr 21, 2019 at 5:13 PM Robert <mlists@zoominternet.net> wrote:
Hello Bhaskar,

The MAC Address will always remain the same as MAC Addresses is a layer
2 protocol.  As for the rest it looks like responses to your web site
surfing.

SPT=443 = The web servers responce

DPT=37085 = The web browsers port it chose when making the connection.





On 4/20/19 6:52 PM, K.S. Bhaskar wrote:
> My Verizon FiOS Quantum router has a message like this in the security
> log every few seconds (not exact; varies):
>
> *<UTCDateTime>*ulogd[895] notice<173> Blocked IN=eth1 OUT=
> MAC=*<WANMACAddress>*:2c:21:72:60:0f:c1:08:00 SRC=""
> DST=*<WANIPAddress>* LEN=88 TOS=00 PREC=0x00 TTL=90 ID=1443 DF
> PROTO=TCP SPT=443 DPT=37085 SEQ=1187210841 ACK=1457699171 WINDOW=330
> ACK URGP=0 MARK=0
>
> In the above, the SRC IP address changes, as do most of the
> parameters, but the hex digits after the <WANMACAddress> seem to be
> constant.
>
> I'm not sure what to make of these messages. They seem to regular and
> infrequent to be scripts probing for vulnerabilities. But I can't
> figure out what they are. Ideas welcome. Thank you very much, in advance.
>
> Regards
> – Bhaskar
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Thank you for your time.

--

Regards,
Robert


Smile, it increases your face value.........


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug