7800N Router Firewall Log Shows Attacks From Unused Internal IPs
Feb 23, 2012
I was just checking my router's firewall log and I noticed a couple of entries which appear somewhat suspicious, amongst all the 'normal' background radiation of (mainly) Russian and Chinese IPs: [code] The source IP for these 'attacks' is/was unused on my internal network.
My router is a Billion BiPAC 7800N running 1.06e firmware. There are a number of devices permanently connected to the internal network and a number which are connected at other times (e.g. desktops, laptops, mobile/cell phones, games consoles). Some are wired, some are wireless. Some have static IPs (none of which are listed in the above 'attacks'), some have dynamic IPs (assigned by DHCP by the router in a range not listed above). The WiFi is secured with a strong key on WPA/WPA2-PSK, AES (no WPS). Web Access Control for the router is disabled. Block WAN PING (and Block WAN (IPv6) PING) are both enabled.
View 2 Replies
ADVERTISEMENT
May 6, 2013
We have an ASA 5505 and we keep getting short bursts of ICMP packets (5000 in one second) They will do this and it just simply overloads the ASA and it crashes.Is this since it is 1000 past the 4000 connections per second capacity of the ASA 5505 or do we have a setting wrong some place that could prevent this type of overload from happening? We are looking to prevent DoS and other attacks that prevent even a short loss of connection since the servers are getting attacked daily and we have voice streaming on through the ASA. [code]
View 2 Replies
View Related
Nov 14, 2011
I have PIX 535 and using ACLs for allowing traffic. I need to clean up the rule base. I would like to know how to fetch a report of Unused rules for long time?Also when a traffic is being allowed, I want to know through which rule number its being allowed?
View 2 Replies
View Related
Oct 15, 2012
I Have asa 5520 with the code 8.0, the mem shows 94% and the CPU shows 85%
View 5 Replies
View Related
Jul 22, 2012
I have a pair of ASA 5540 running 8.4 code. The firewall set has about 4500 rules. I am tasked to identify all unused/idel/inactive rules in the past 3 months.
View 2 Replies
View Related
Sep 13, 2012
I've noticed in the mornings lately when I get up around 6 am my internet will not work. Not on wireless or on my desktop. I decided I'd log into the router to see if there was a firmware update or anything. I had checked the logs and there are quite a few entries relating to DoS. I googled around and saw that it could be some sort of packet loss and the router is mistaking it for some sort of DoS attack. And that due to it not showing up multiple times every second it likely isn't a DoS attack. Here is a few from the logs:
[code].....
View 4 Replies
View Related
Jan 10, 2012
Just replaced a WRT54GS with an E2500. It seems that anytime a connected device goes "idle" for a while, the connection breaks or severely reduces and it's nearly impossible to get the connection back without performing an action at the device in question. Let the wireless connection on my laptop go unused for some period and it reduces to 1Mbps and you can't get back on by just using the link more... you have to do a "repair".
Let more than a few minutes pass since you've printed something on the wireless printer and you MUST go to the printer to re-establish the connection by turning the antenna off and then on again.Basically the same problem with my blueray/DVD getting on the network. When I shut the screen off on my phone, the wifi dies and receives NOTHING over that link while the screen is off.
None of these behaviors existed with the WRT... just the 2500. Background/facts - current firmware, DHCP with reservations, WPA2/per, MAC filtering in use, UPnP disabled. MTU/Beacon/Frag threshold/RTS threshold set per recommendations on this site.
View 2 Replies
View Related
Sep 8, 2004
I had the 2 circuits go down at the same time from our ISP and I had to power cycle the router and when it came back up I went from VA # 2 to now VA 3#....I know what is what but it is confusing for my counterpart and I can not remove the old entry for VA#1 and VA#2. [code]
View 3 Replies
View Related
Nov 10, 2011
I have a cable modem internet connection and my cable modem is connected to an ASA 5505. The inside interface of the ASA has an IP address of 192.168.2.2 and is connected to a Linksys router's internet port which has an IP address of 192.168.2.1. The Linksys router then has a local area network of 192.168.1.0 and all my clients are on that network. Everything is working fine except in my ASA logs all the traffic shows up as the router's external address which is 192.168.2.1. I would like to see the 192.168.1.x address of the clients in the ASA firewall. I've tried making some changes to the Linksys router but that hasn't resolved it. Is there any changes I can make on the ASA to get this to work?
View 6 Replies
View Related
Apr 13, 2011
I have a 7800N combined adsl2+ modem/router for about the last 3 months. About 2 days ago I came home from work to find the Wireless Network had dropped, although the green LED on the modem was still on. Since that time I have been unable to connect to the Wireless network, or even have the network appear on the list of connectable networks. I have two laptops a smartphone and the wireless network is not detected by any of these devices.
Nothing has changed with my WLAN setup, no settings were changed by me, no new devices recently connected. My main PC is connected by an ethernet cable and has not been affected, it remains connected to the internet at all times with no issues.
Things I have tried:
* Turning the router off/on
* Unplugging the router for 1 hour
* Changing Wireless Channels (Auto, 1,6,9,13)
* Disabled and Re-Enabled WLAN through modem settings page
* Changing ESSID Name
* Hiding ESSID then Re-Enabling ESSID
* Changing WPA2-PSK Passkey
* Isolating modem on phone line
and finally, Restoring to default settings, and starting all over again.
I live in a small apartment block and typically have 6-8 other low strength wireless networks in the list, and thought something may be conflicting with another device, however after changing channels 4 or 5 times I gave up on this thought.... None of the above resulted in the Wireless network being detected and displayed in a list of connectable networks. The wireless light remains on, and flashes periodically, but for all intents and purposes no Wireless Network seems to exist.
View 2 Replies
View Related
Jan 16, 2012
I am having issues with the wireless on my Billion 7800N My phone and other wireless items were able to detect and use the wireless until recently when now all I do is find it in the list, but when I go to use it, it says failed to connect.
View 1 Replies
View Related
Jul 20, 2012
I recently came home from work to find the safety switch on our house had activated causing half of our house to be without power...including our modem. It wiped all my settings...no big deal...I've entered them all back in again. But now I am no longer able to establish a connection to my laptops... The Wireless WPS light will not come back on the router no matter how many times I turn it off/on or reset it... When I go into the page to establish properties etc for the modem...the WLAN option doesn't even appear anymore. but they were at a complete loss also as to why the option wasn't there..
View 1 Replies
View Related
Dec 8, 2012
I recently picked up a Billion 7800N home router to replace my old netgear which was dropping signal alot.I seem to have develpoed a problem accessing my work network through the VPN client. I am able to connect the Cisco VPN client to the network ok but I don't have any access to the server and exchange email. I have tested the client settings on my old Netgear and it is working fine. This points me to the direction of the router....I don't have any packet filtering on and I have set up profile from my fixed internal home ip to the work ip to allow any protocol and any port.I have also port forwarded 500, 4500 and 10000UDP to my internal ip address.
View 4 Replies
View Related
Jun 7, 2011
I have a LAN with multiple VLANs connected through Catalyst 3750 with IP Base image. In IP Base the router only supports PIM stub multicast (no PIM multicast routing),But I have an ASA connected to the internal router and to the internet router.Asa supports PIM multicast routing and can act as PIM RP. With this configuration, is there a way to configure an internal multicast network? That is a multicast server in one internal vlan (VLAN 1) and multicast clients in VLAN 2. Both VLANs connected to the C3750 router.
View 3 Replies
View Related
Dec 31, 2012
I am aware that we can allow external admins to telnet over a custom port to the internal router. Even i was allowed to connect to a remote router via the remote firewall. The way i was accessing the router is by telnet to the remote ASA address on port 8023.I am not sure how exactly we can configure this on a ASA.
View 2 Replies
View Related
Feb 17, 2013
I have found log from IPS on router WRVS4400N and most of attacks i am getting from 0.0.0.0 IP adress. Is it normal?
View 1 Replies
View Related
Dec 23, 2011
Currently I have an ASA setup as a Firewall with 1 outside interface and 2 inside interfaces. Initially, the Guest interface was setup to receive DHCP from the ASA and everything was working. I'm adding router and a server for the guest interface and what I'm trying to accomplish now is the following: ASA 5505 > Airport Extreme with a public static IP (69.xx.xx.6), handling DHCP and NAT > Mac Server as DNS Server.Right now, when I connect to my Airport Extreme with any computer, I don't have internet. I don't understand what's wrong. My DNS Server has a reserved IP address: 192.168.226.2 and it's pointing to itself and forwarding the ISP DNS servers, the Airport Extreme is handling the DNS Server IP and the ISP DNS Server IP but I can't connect to the internet from the server. [code]
View 31 Replies
View Related
May 8, 2013
What is the best way to monitor an Internet Edge router from the Internal network behind the Firewall?We want to pull more information from the edge router like netflow. We can use SNMPv3 and ACLs to keep the router secure.
But I am looking for the best config to keep both the router and firewall as secure as possible while still allowing us to monitor performance and faults.I am running an ASA and a 2821.
View 2 Replies
View Related
Mar 22, 2013
i can detect the IP of DDOS attacks and if there's a simple way to prevent it. I've heard different suggestions from blocking incoming ping requests to blocking specific IP ranges
running 2.03 firmware
View 4 Replies
View Related
Jul 24, 2012
my family kept having a problem with our Billion 6800n router. (or something like that).Basically we pinned the problem down to it not having the strength to keep several connections running through it. So we upgraded to a Billion 7800n and found it is much more stable and much faster.However it has been having a similar problem to our previous router.
Occasionally the internet light drops from green to orange, and we can't load any more pages until it has gone back to green.Here is a picture of what it looks like when in that status.But the weird thing is the connection bars on the windows toolbar at the bottom of the screen still show full strength.As shown here.Now I thought it might be because it was sharing a power board with other connections going through it,so I transferred it to a smaller two-plug one instead.
View 2 Replies
View Related
Jan 13, 2012
On the STATUS page there are addresses assigned to several devices no longer in use. How do I remove these?
View 8 Replies
View Related
Apr 17, 2012
We have created more than 255 Vlans during last 5 years, and we know that eye-catching part of which are unused, I took a report from campus manager searching for Port Attributes to find out which port is assigned to a specific Vlan but as long as there are numerous ports in trunk mode connecting to Virtual servers I can not find out if unused vlans which I exclude from the report I took are really unused or not , how can I find the unused Vlans.
View 2 Replies
View Related
Feb 2, 2012
I have been getting alerts on unused serial ports on my routers as being operational down. How can I stop these alerts?
View 5 Replies
View Related
Sep 1, 2012
We are finding the price for ASA 5505 to high and our clients are having problem securing budgets for these devices. We don't want to move to different vendors and we have a team of people we already know Cisco well.I have seen Cisco router 877 which have the ipadvance ios, is this the same as the ASA5505.We would like to offer our clients an alternative to ASA5505, but something which can do the same as a edge device but also protect the client from malicious attacks and has CLI.
View 1 Replies
View Related
Apr 3, 2013
I've configured the DHCP server on a Cisco Switch C3560E as follows:
ip dhcp excluded-address 172.16.0.1 172.16.10.255
ip dhcp pool perth_main
network 172.16.0.0 255.255.0.0
default-router 172.16.10.254
lease 0 8
!
My goal was to limit the dhcp to the range 172.16.11.0 - 172.16.13.255, as there are not so many user on this network I so limited the lease time to 8 hours in order to "recycle" the unused addresses". What happend is that it is always using new IPs, even if the lease time has expired.
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
172.16.109.90 XXXXXXXXXXXX Apr 04 2013 10:00 PM Automatic
172.16.113.106 XXXXXXXXXXXX Apr 04 2013 06:55 PM Automatic
172.16.113.122 XXXXXXXXXXXX Apr 04 2013 09:04 PM Automatic
[code]....
1. How can I force the DHCP server to recycle the unused IPs?
2. Can I specify a DHCP range (172.16.11.0 - 172.16.13.255) instead of an "excluded-address" range?
View 15 Replies
View Related
Aug 7, 2011
I have new ASA5520. After configured and upgrade with ASA 8.0(3) image its works for few times (few times means after restarted several times). But now the error comes as "Booting system, Please wait..."
View 9 Replies
View Related
Jul 14, 2012
We use ASDM 6.2 to manage our Cisco ASA 5520 running ASA Software Version 8.2 (1). I just noticed that some static routes have "A-" when you view the static routes with ASDM e.g. A-172.24.0.0 or A-192.168.176.0 (pls see attached print screen). I haven't seen this before and dont know what it means.
View 4 Replies
View Related
May 25, 2011
The Cisco ASDM or the event manager show wrong source/destination for teardown tcp messages:In this example the communication is an ssh session;from 1.1.1.1 -> 2.2.2.2 ssh and the connection is reseted by 2.2.2.2
The message build outbound is correct, i.e. source is 1.1.1.1 (message id is 302013)
But the teardown is incorrect, i.e. source for the connection is 2.2.2.2 which is definitely not true (message id is 302014)
Also there seems to be a documentation bug in syslog messages for ASA 8.4 since the message for the teardown 302014 is gone!
View 3 Replies
View Related
Nov 23, 2011
I have a ASA 5505 as a default gateway to a network, whenever I tracert to outside it shows every hop ip address as the ip address I'm trying to get too, quick example
lets say I'm in a 192.168.0.0/25 network but I want to trace to 10.10.10.10
View 6 Replies
View Related
Jul 28, 2011
I have the below configuration for a cisco asa 5505. There is a ADSL router in front of the ASA which has a static IP. I set up a remote-access VPN (using the wizard), but I cannot connect to the ASA firewall as the attached VPN client log shows. My only concern is that there might be something missing, ie a static route that goes to the inside interface. [code]
View 7 Replies
View Related
Feb 3, 2012
got a crahed 5520 this week and was showing <163>Nov 28 2011 11:34:45: %ASA-3-201013: Per-client connection limit exceeded -125/100 What the negative number tells ? i usually see same numbers like 100/100 with means the connection limited has reached.
View 3 Replies
View Related
Sep 16, 2012
On our ASA 5510 we have two security contexts. After opening ASDM I can see and manage admin context, but cannot see second context. I can do changes to second context via CLI but as probably you know it's easier and quicker doing it via ASDM.
View 7 Replies
View Related
Jun 13, 2012
When we setup a connection between two hosts we receive the message "TCP checksum incorrect" , This is between a settop box on the outside and a server inside the firewall. This STB used to communicate with the server on port 443 which is NAT-en to port 12697.With a new settop box image which uses on the inside and outside port 12697 we receive this TCP checksum incorrect on the Firewall with wireshark.
Strange is that on the outside of the firewall we see an MSS of 1460 and on the inside it is 1380 (don't know if there is a relation with this and the issue we have)
View 1 Replies
View Related
