Question - IPS logs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Question - IPS logs

Randymandy
Hi All,

I have a question about the IPS logs, I have this entry in my log...

780652  [Drop] [**] [1:2102123:7] GPL EXPLOIT Microsoft cmd.exe banner [**] [Classification: Successful Administrator Privilege Gain] [Priority: 1] {TCP} 2.16.4.187:80 -> 10.10.10.198:3550

My question is if I didn't have the Shield woudn't my regular router firewall also have dropped this probe/request?
I have a few of these entries, two of them happened overnight while th PC was off.  So there could not have been
a request from my side...

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Question - IPS logs

Roadrunnere42
Hi RandyMandy
I always thought that  my firewall would stop all traffic coming in when it's not requested, but I soon found out thats not the case. In your case do you have port fowarding on or have Unpn turned on in your firewall, this allows programs on devices connected on your internal networks to open ports in your router this include mobile phones.

If your did not have the Shield then this would not have been Dropped (Stopped), the ip address is based in Switzerland. Every router thats connected to the internet is probed by spy bots (automatically) which try and find out what devices and operating systems are on that ip address, these are all done automatically.

Hope this helps

Roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Question - IPS logs

Randymandy
Hi Roadrunner4e2,
Thanks for your answer, in my case I do not have any port forwarding or Upnp.
I've noticed a lot of these probes are for common game ports...

My real concern was if I switch back to my edgerouter X I would be more vulnerable...
50Mb throughput on the Shield is killing me on my video downloads.

I've been viewing this web site for a while, but couldn't register untill now.
I always have to make a double take when I see your user name, because Roadrunner is my
user name for my laptop (on the Road) and I think "What wait I didn't"...

anyways... hehe...
Reply | Threaded
Open this post in threaded view
|

Re: Question - IPS logs

Randymandy
Is it just me that gets off on reading the IPS logs, Or what?
I know it’s a false sense of security (0 days and what not)
Still kinda cool...  Better than nothing!!!

Don't want to be low hanging Fruit...