BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Alert MSSG in ADSL log

Subject: Alert MSSG in ADSL log
From: tmetro-blu-5a1Jt6qxUNc at public.gmane.org (Tom Metro)
Date: Sun, 08 Mar 2009 13:26:17 -0500
In-reply-to: <49B300C8.3080501-SkCWf5sxpj0sV2N9l4h3zg@public.gmane.org>
References: <49B300C8.3080501@mail2.gis.net>

jbk wrote:
> I just bought and configured a Dlink 2540B DSL modem to 
> replace my Zoom X5. I am getting the following warning 
> message in the log and I am not sure what to make of it:
> 
> kernel: Intrusion -> IN=ppp_0_35_3 OUT= MAC= SRC=173.73.2.60 
> DST=63.209.236.25 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=5380 
> DF PROTO=TCP SPT=56551 DPT=42065 WINDOW=8192 RES=0x00 SYN URGP=0

Seeing as no one has responded, I'll take a stab at this...it looks like
a typical kernel log message produced by iptables. Off the top of my
head, here is what some of the fields mean:

> IN=ppp_0_35_3

The interface that the packet arrived on. The name suggests your modem
is connected via PPP.

> OUT=

The interface the packet was routed to, if it got routed.

> MAC= 

Ethernet MAC address, I believe of the packet source. Probably empty
here because the packet arrived via ATM (ADSL) rather than Ethernet.

> SRC=173.73.2.60 

The IP address of the machine that sent you the packet.

> DST=63.209.236.25

The IP address the packet was directed at. Typically your address for an
inbound packet.

> PROTO=TCP

The IP protocol of the packet.

> SPT=56551 DPT=42065

Source and destination ports.

> ...I am not sure what to make of it

Some devices that implement NAT will log a message whenever they receive
a packet that doesn't match up with the current translation tables. In
other words, an unsolicited packet. Such an occurrence is pretty common
and harmless, usually.

But to really know the significance you'd have to examine the iptables
rules to see what the firewall in this device is set to log. That's
something that may be impossible to do.

Check your local man pages or search the net for more info on iptables.

> It seems to have an embedded linux OS. 

That seems likely, given the above log entry.

> Is there a way to access the OS other than through the WEB interface?

You'll have to google for that. Try adding the keyword "hacked" to the
product model number.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

References:
- Alert MSSG in ADSL log
  - From: jbk-SkCWf5sxpj0sV2N9l4h3zg at public.gmane.org (jbk)

Prev by Date: Ethernet over unused twisted pair?
Next by Date: Do we want to organize something at Barcamp?
Previous by thread: Alert MSSG in ADSL log
Next by thread: Ethernet over unused twisted pair?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org