Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Does this router system log look right to you?


  • Please log in to reply
3 replies to this topic

#1 BustedFlush

BustedFlush

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 27 December 2016 - 02:03 PM

Apologies for being something of a novice with these matters, but i've been trying to get to know basic security, and tightening up my router, and came across these in the system log. Does this look suspicious?

 

I dont know what is being sent or received here or to whom, could it be a potential DNS case? In the latter picture it shows the date as 1970(!) and has some strange commands (or whatever they are on the right).

 

Any idea what any of this means?

 

Thanks

 

Screen%20Shot%202016-12-27%20at%208.01.0

 

 

 

Screen%20Shot%202016-12-27%20at%207.15.1

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 27 December 2016 - 04:58 PM

This looks normal to me.

 

There are no DNS events in the logs you posted, only DHCP and PPP.

DHCP gives IP addresses for the MAC addresses (the 12 hexadecimal digits separated by a colon) it gets requests for.

PPP is what your router/modem uses to connect to your ISP. Remark that your username is showing in entry 397.

 

The 1970 date means that your router had not yet synched with a time service.

A lot of systems store the time in Unix format. Unix format counts the numbers of seconds since 1/1/1970 00:00:00 UTC.

https://en.wikipedia.org/wiki/Unix_time

 

So when a device that uses Unix time starts and its clock is 0, it will display 1/1/1970 ... as timestamps.


Edited by Didier Stevens, 27 December 2016 - 05:00 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 27 December 2016 - 05:00 PM

Thanks Didier, much obliged. 



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 AM

Posted 27 December 2016 - 05:13 PM

No problem.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users