Router Logs Showing DoS Attacks
Sep 13, 2012
I've noticed in the mornings lately when I get up around 6 am my internet will not work. Not on wireless or on my desktop. I decided I'd log into the router to see if there was a firmware update or anything. I had checked the logs and there are quite a few entries relating to DoS. I googled around and saw that it could be some sort of packet loss and the router is mistaking it for some sort of DoS attack. And that due to it not showing up multiple times every second it likely isn't a DoS attack. Here is a few from the logs:
[code].....
View 4 Replies
ADVERTISEMENT
Oct 31, 2012
I have linksys E4500 and I would like to be able to see the website visited vs ip address.Is there a way to enable same or achive same via parental controls.Again I do not want to block a website but monitor which websites are visited. Is this achievable via router or an additional software/hardware required to be used with router
View 5 Replies
View Related
May 10, 2012
We recently had to rebuild our ACS server. Now when we have an 802.1x authentication failure and look at the RADIUS logs for the specific user, it does not show us the MAC address of the device the user tried to login with. We use this all the time because users have PDAs and other mobile devices that they save their passwords on. Then when they change their domain password on their laptop, they don't change it on their PDA which then tries to authenticate them using the wrong password and eventually locks them out. We need to see the MAC address so we can pinpoint which device is causing the lockout. The report I am generating is when you go to this location: Monitoring & Reports > ... > Reports > Catalog > User > User_Authentication_Summary
View 4 Replies
View Related
May 16, 2011
OK, so just mooching around in the pages of my switch, a 24 port switch and it has in the logs:
268InfoMay 15 22:43:51NIMInterface 26 is Link Down
269InfoMay 15 22:43:51NIMInterface 26 is Link Down
270InfoMay 15 22:43:51NIMevent(39),intf(26),component(2), on non-existent interface
Now, correct me if I`m wrong but my switch only has 24 ports and two of those (23 and 24) are dual personality jobbies!?Where the hell is port 26? Where did it come from? and why did it need to show up only for the switch to realise that it doesn`t really exist?
View 2 Replies
View Related
May 18, 2011
I am having trouble viewing all the Administration logs in ACS View. I have my Local Log Target set to a Maximum log retention period of 90 days. In ACS View I can display authentications that go back 90 days + However when I try and display the "ACS_Configuration_Audit" in View and perform a Custom query that goes back 90 days it will only display about 35 days of Admin logs.I know the logs are there because when I go into CLI and do a search like "show logging | i "ObjectType=Administrator Account" the Administration logs go back over a year.why ACS View cannot display all the Admin logs?The ACS is running v5.1.0.44 Patch 6 (Also experiencing this in a v5.2 ACS as well)
View 2 Replies
View Related
Feb 27, 2011
We’ve got lot of ASA appliances (around 30, 5505/5510/5520) and we never had this problem since the use of the new image software ASA 8.4(1) and ASDM 6.4(1). So, my problem is located on two ASA 5520 with active/passive failover with ASA image 8.4(1) and ASDM image 6.4(1).
My problem is that our appliance doesn’t show any logs when an ACL deny a packet, even if when I specify a specific “deny ACL” with a specific logging condition, asdm and ssh buffer logging are empty but the counters of the ACL increment.
View 6 Replies
View Related
Oct 17, 2012
I have an issue on an ASA 5510 that I have noticed today, when I am using the log viewer all of the information recorded only shows the high end source and destination ports. For example
Source IP 10.10.4.69
Source Port 59886
Destination IP 8.8.8.8
Destination Port 59866
So what seems to be happening is that I am seeing only half of the connection in the log viewer, I see the side with the high end ports and not the side with the ports the application uses, this example was done with a ping. All my services are working correctly and the client sending the ping gets the response expected, it just seems I have lost the logging display?
View 4 Replies
View Related
Oct 16, 2012
We have a stack of 4 Cisco WS-3750G-24TS with Sw Version 12.2(52) SE and giving weird errors:-
-Traceback= 17211C8 16FA4C0 16FA4FC 18625E4 18608D4 286A850 283E6FC 282EDF4 2859BBC 1B2EDA8 1B25878
Oct 17 22:26:48 AEDT: %SNMP-3-CPUHOG: Processing GetBulk of lldpRemEntry.7
Oct 17 22:26:50 AEDT: %SYS-3-CPUHOG: Task is running for (2098)msecs, more than (2000)msecs (8/6),process = SNMP ENGINE.
-Traceback= 172108C 17211CC 16FA4C0 16FA4FC 18625E4 18608D4 286A850 283E6FC 282EDF4 2859BBC 1B2EDA8 1B25878
Oct 17 22:26:51 AEDT: %SNMP-3-CPUHOG: Processing GetBulk of lldpRemEntry.7
Oct 17 22:26:53 AEDT: %SNMP-3-CPUHOG: Processing GetBulk of lldpRemEntry.6
Oct 17 22:26:53 AEDT: %SYS-3-CPUHOG: Task is running for (2097)msecs, more than (2000)msecs (1/1),process = SNMP ENGINE.
What are these errors is this a bug in the IOS
View 1 Replies
View Related
Feb 23, 2012
I was just checking my router's firewall log and I noticed a couple of entries which appear somewhat suspicious, amongst all the 'normal' background radiation of (mainly) Russian and Chinese IPs: [code] The source IP for these 'attacks' is/was unused on my internal network.
My router is a Billion BiPAC 7800N running 1.06e firmware. There are a number of devices permanently connected to the internal network and a number which are connected at other times (e.g. desktops, laptops, mobile/cell phones, games consoles). Some are wired, some are wireless. Some have static IPs (none of which are listed in the above 'attacks'), some have dynamic IPs (assigned by DHCP by the router in a range not listed above). The WiFi is secured with a strong key on WPA/WPA2-PSK, AES (no WPS). Web Access Control for the router is disabled. Block WAN PING (and Block WAN (IPv6) PING) are both enabled.
View 2 Replies
View Related
Feb 17, 2013
I have found log from IPS on router WRVS4400N and most of attacks i am getting from 0.0.0.0 IP adress. Is it normal?
View 1 Replies
View Related
Mar 22, 2013
i can detect the IP of DDOS attacks and if there's a simple way to prevent it. I've heard different suggestions from blocking incoming ping requests to blocking specific IP ranges
running 2.03 firmware
View 4 Replies
View Related
May 6, 2013
We have an ASA 5505 and we keep getting short bursts of ICMP packets (5000 in one second) They will do this and it just simply overloads the ASA and it crashes.Is this since it is 1000 past the 4000 connections per second capacity of the ASA 5505 or do we have a setting wrong some place that could prevent this type of overload from happening? We are looking to prevent DoS and other attacks that prevent even a short loss of connection since the servers are getting attacked daily and we have voice streaming on through the ASA. [code]
View 2 Replies
View Related
Sep 1, 2012
We are finding the price for ASA 5505 to high and our clients are having problem securing budgets for these devices. We don't want to move to different vendors and we have a team of people we already know Cisco well.I have seen Cisco router 877 which have the ipadvance ios, is this the same as the ASA5505.We would like to offer our clients an alternative to ASA5505, but something which can do the same as a edge device but also protect the client from malicious attacks and has CLI.
View 1 Replies
View Related
Jan 2, 2013
If your wireless indicator is flashing red when you discover the smurf, it can mean that someone has tried to logon with an incorrect password. this is not necessarily an attack, it could be someone you have allowed access too, who has forgotten the password? In this case entering the correct password will solve the problem.However putting your own MAC address into the filter will simply block your own machine.
View 6 Replies
View Related
Feb 5, 2011
my computer is a dell dimension 1100, with a Linksys WMP54G wifi card, running vista home basic.In the wifi thing in the notification area, it shows two wireless networks, One is my normal SSID (Lower Net), and one is "Unidentified network". They are both on one wireless connection (Wireless Network Connection 3). When i try to go on the internet, it says i'm not connected. i tried disconnecting from the unidentified network, but that disconnects me from lower net too.
View 13 Replies
View Related
Nov 4, 2012
I am running two ASA 5520 routers synched up with eachother. I had a massive connectivity issue this weekend that I am investigating. Now I have figured out how to get the live logging but I need to know how to get the old logs from my router.
View 4 Replies
View Related
Nov 15, 2012
I am using a 2851 router in mpls network. We had a power shut down activity recently and post to that i could not find any logs in the router.
View 4 Replies
View Related
Apr 2, 2013
I'm getting below msgs in my ZBFW logs on my test router. .Apr 2 23:09:43: %FW-6-DROP_PKT: Dropping icmp session 115.186.192.153:0 10.40.2.100:0 on zone-pair ZP-OUTSIDE-INSIDE class class-default due to DROP action found in policy-map with ip ident 0
The bit I'm curious about is that I am NOT NAT-ting any ICMP. Hence why is the ZBFW even triggering against the LAN IP? It should only activate after NAT according to order of operations (and hence why unlike CBAC you put the inside local IP not the outside global IP).....
If the ICMP was directed at the WAN interface (not the 10.40.2.100 internal IP) then it is allowed, but morever even if blocked it should be logged against my WAN IP (which is publicly routable not a 10.x internal).
View 2 Replies
View Related
Feb 4, 2010
Is LinkLogger the only option for reading logs on the WRT610Nv2? I read about Linksys's own software called LogViewer 1.14 but I can't find it.
View 3 Replies
View Related
Jul 17, 2012
I have hardware version 2 and firmware 3.0.2.01 (latest firmware available for this hardware version I believe) and I cannot get it to email me logs. I have entered my outlook address and our SMTP server.
View 1 Replies
View Related
Aug 29, 2011
if i flash my firmware on my router, can i still view the router logs before the flash? i heard that .logs can be on the ram of the router.
View 1 Replies
View Related
Apr 9, 2012
I have a D-Link model DIR-625, and it always seems to disconnect when my mother logs on her computer. Is there some kind of setting on her computer that could be disconnecting us? When my dad is on his I never disconnect which is why I am wondering it must be something on her computer that's interfering with the signal or something. If I reset the router while she's still on, It will disconnect again within a few minutes. So where can I check if it could be her computer that's interfering with the signal?
View 1 Replies
View Related
Aug 11, 2012
As I've seen in my Linksys' admin panel, I have a log option (Administration/Log). So if I enabled it i can check which sites was browsed in my home network?And the second question: if Linksys can store the browsed sites history and if I will use a VPN connection on my PC or iPhone (not router!) the logs will be still look like before setting-up VPN on PC? So like: [URL] not like: [URL]?
View 3 Replies
View Related
Nov 18, 2012
I have got a l2 link of 512 kbps from two different ISP. I want to aggegrate the bandwidth of this connection so that I can feel like having 1 mbps connection. I am not actually talking about load balancing, but bandwidth/link aggegration. Can we have the solution of failover with different vlan from different isp ? Can we be able to make the link as a single link.
View 2 Replies
View Related
Mar 5, 2013
I absolutely need to collect the router logs and send them to a syslog daemon or via email.
View 9 Replies
View Related
Dec 2, 2011
How i can transfer the router logs to email address.Wev are using the router 2600.
View 5 Replies
View Related
Nov 10, 2011
I have a cable modem internet connection and my cable modem is connected to an ASA 5505. The inside interface of the ASA has an IP address of 192.168.2.2 and is connected to a Linksys router's internet port which has an IP address of 192.168.2.1. The Linksys router then has a local area network of 192.168.1.0 and all my clients are on that network. Everything is working fine except in my ASA logs all the traffic shows up as the router's external address which is 192.168.2.1. I would like to see the 192.168.1.x address of the clients in the ASA firewall. I've tried making some changes to the Linksys router but that hasn't resolved it. Is there any changes I can make on the ASA to get this to work?
View 6 Replies
View Related
May 13, 2012
I'm having problems with the networking here, Im not Admin But since it only effects me no one else is bothered.The problem is; that I do not show up on the router, or my Mac address, and port checkers say every port is shut for me (yet i'm here). Noticed this once ports I opened (and were working fine for weeks) suddenly stopped working, Went to check the problem and I wasn't there. But when i unplug myself from the router and plug it back in, they work on "Test Drive 2" (shows if ports are opened or closed on the launcher) but show they're closed on a port checker and a few minutes later the launcher then says they are shut.
View 4 Replies
View Related
Oct 21, 2011
Some background first. Last night I went trolling around for a solution to an ip address conflict message I receive when I try to go onto Xbox live via a network bridge on my laptop. What I eventually ended up doing was going into my tp-link wireless router settings (not sure of the exact model number as I am not home right now) and reserving two different ip addresses for my laptop and my Xbox using their MAC addresses. It didn't appear to do anything ( now I think possibly because my Xbox needs the same ip as my laptop?). Anyways I tried to go onto Xbox live and it worked at the start (as it always does) and then 30 minutes in, the ip address conflict message came up (usually meaning a disconnect from Xbox live is imminent). But I actually ended up staying online for another 3 hours until the Internet crashed.
Upon further investigation I noticed that my wireless network was not even showing up on my computer, my phone, or any of my roommates computers. I went upstairs to check the wireless router and it was seemingly working correctly (i.e. no flashing lights or anything). Not quite sure what to do. I would go back and change the router settings but I don't think I can without a connection to it.
View 3 Replies
View Related
Jul 11, 2011
Have another problem with my new rev B router.
I am trying to configure access control rules, but the list of computers (ip addresses and mac addresses) are empty, I have setup all of my devices with static ip's, they are all turned on and all have internet access. None of the systems including the one I am trying to configure the rules with are there, They don't show up in port forwarding either. Any one ever have this problem? I returned and DIR-825 Rev.b for this same problem because i thought it was defective.
I have tried rebooting the router, rebooting each pc and trying different ports on the router itself. There are wireless and wired computers that I am trying to setup but none of them show up. When I try to manually enter them into access control ie. 192.168.0.103 it will only allow me to put one computer in for each rule.
The old rev.A router this one replaced work perfectly fine with the same cables and computers setup the same way.
View 3 Replies
View Related
Dec 10, 2012
Cisco E1000 router.connecting directly to the router, internet works. When connecting wirelessly, it works for about 2 minutes, then I get no connection and a yellow ! in the connection setting icon. No wireless internet will work until I power down and restart the router. Then the same problem continues.Today when trying it, it won't even connect for a few minutes. It shows as "connected" on my laptop but it has the yellow ! and will not access the internet. So I am no longer ever able to connect wirelessly. I've done a hard reset already.
View 15 Replies
View Related
Jun 3, 2011
every now and then my Belkin brand router will just switch from green light, to red light. Sometimes unplugging it for a while fixes it, sometimes unplugging it for a LONG while fixes it, sometimes prayer and chanting fixes it. But most of the time the red light sits there mocking my efforts.What's making this happen? Is it my wireless security settings? Because I used to try and fix it by pressing/holding down the WPS button.
View 4 Replies
View Related
Jan 26, 2013
Region : Australia
Model : TL-WR702N
Hardware Version : V1
Firmware Version :
ISP :
I am posting this in the wrong place but thats only because I cant find the forum for the TL-WR642G ver 3.6 device.Basically I am unable to see any QOS configuration and I wanted to know if this is available to this model ?I know the ver 4.0 firmware update states that QOS is added but can I update a 3.6 device using a ver 4.0 firmware ?
View 2 Replies
View Related
