Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Someone please explain this (firewall security log)


  • Please log in to reply
7 replies to this topic

#1 RandomPerson67

RandomPerson67

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 05 March 2013 - 03:59 PM

Mar 5 15:26:38     In: ppp0     Blocked     
Src IP: 66.206.247.85     Port: 60686
Dest IP: 50.123.     Port: 1080
Proto: UDP     Len: 36
Mar 5 15:26:29     In: br0 -> Out: ppp0     Blocked     
Src IP: 192.168.1.18     Port: 1080
Dest IP: 66.206.247.85     Port: 60686
Proto: UDP     Len: 71
Mar 5 15:26:26     In: ppp0     Blocked     
Src IP: 66.206.247.85     Port: 60686
Dest IP: 50.123.     Port: 1080
Proto: UDP     Len: 36
Mar 5 15:26:23     In: br0 -> Out: ppp0     Blocked     
Src IP: 192.168.1.18     Port: 1080
Dest IP: 66.206.247.85     Port: 60686
Proto: UDP     Len: 71
Mar 5 15:26:15     In: ppp0     Blocked     
Src IP: 66.206.247.85     Port: 60686
Dest IP: 50.123.     Port: 1080
Proto: UDP     Len: 36
Mar 5 15:26:09     In: ppp0     Blocked     
Src IP: 66.206.247.85     Port: 60686
Dest IP: 50.123.     Port: 1080
Proto: UDP     Len: 36


Edited by RandomPerson67, 05 March 2013 - 05:09 PM.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 PM

Posted 05 March 2013 - 04:41 PM

Can you elaborate? What do you want to know?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 RandomPerson67

RandomPerson67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 05 March 2013 - 04:54 PM

Can you elaborate? What do you want to know?

Why it's blocked, what the port is, etc. If known. As I have many different IP's being blocked with that one port, specifically.

 

Cheers!

 

 

~I've edited my first post as I'm more curious with this log then the other. It has blocked traffic that I'm allegedly sending out & receiving? idk. I'd just like some insight. :]


Edited by RandomPerson67, 05 March 2013 - 05:10 PM.


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 PM

Posted 05 March 2013 - 06:15 PM

Port 1080 is used by a couple of services, most popular is the SOCKS proxy. So what you see are probably scans to discover proxies.

It's normal that your firewall blocks this.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 RandomPerson67

RandomPerson67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 05 March 2013 - 07:32 PM

Port 1080 is used by a couple of services, most popular is the SOCKS proxy. So what you see are probably scans to discover proxies.

It's normal that your firewall blocks this.

Hi there, thanks for the reply. Does that apply for the outbound connection that was sent to the IP? I have both inbound and outbound connections blocked for that IP, as seen in the log.



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 PM

Posted 06 March 2013 - 03:10 PM

Your first connection is inbound, at Mar 5 15:26:09, right? Or are there earlier events for that IP that you didn't post?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 RandomPerson67

RandomPerson67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 07 March 2013 - 01:51 AM

Your first connection is inbound, at Mar 5 15:26:09, right? Or are there earlier events for that IP that you didn't post?

Mar 5 15:26:38     In: ppp0     Blocked       <--------- Inbound to my IP address, from 66.206.247.85
Src IP: 66.206.247.85     Port: 60686
Dest IP: 50.123.     Port: 1080
Proto: UDP     Len: 36


Mar 5 15:26:29     In: br0 -> Out: ppp0     Blocked     <-------- That would be outbound to 66.206.247.85, from my ipv4 address
Src IP: 192.168.1.18     Port: 1080
Dest IP: 66.206.247.85     Port: 60686

Proto: UDP     Len: 71

 

& I'm not too sure if this is the first time this has been blocked or not. :)  I don't even know what it is.


Edited by RandomPerson67, 07 March 2013 - 02:37 AM.


#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 PM

Posted 07 March 2013 - 05:25 PM

Now I understand your confusion. You are looking at this the wrong way. Take a look at the timestamps:

 

Mar 5 15:26:38

Mar 5 15:26:29

 

The first event is at the bottom of your log, not the top.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users