Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

firewall log question

Status
Not open for further replies.
comox

comox

IS-IT--Management
May 14, 2003
4
CA
Hi, I have TINY firewall ( software ) running on a W2K machine, and noticed the following in the log file.

'Packet to unopened port received': Blocked: In UDP, 192.168.1.1:1521 -> localhost:162

'Packet to unopened port received': Blocked: In UDP, 192.168.1.1:1522 -> localhost:162

'Packet to unopened port received': Blocked: In UDP, 192.168.1.1:1523 -> localhost:162

and on and on,

this has been occurring for the past few days, and the router (192.168.1.1) port runs from 1026 to 16000, and repeats, with approx 2 lines per minute.


Is this initiating from the router? Or is this something that may be incoming from outside? The network has been slower than usual.

Thanks for any input.
 
Sort by date Sort by votes
Port 162 UDP = SNMP traps. That is how Linksys routers transmit their router logs.

All of your blocked packets are inbound (localhost). Your firewall appears to be doing exactly what it's supposed to do - blocking a port that has not been opened by any program.

Is your router configured to send SNMTP traps to your workstation PC?


Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]
 
Upvote 0 Downvote
Thanks,
Would the router's NAT or DHCP be responsible for the traps?
How much of a strain is this on the network?
Also wondering why this would have only started showing up the past few days, I havent made any changes to the router setup.

 
Upvote 0 Downvote
I would look at changes made in your TINY firewall setup to request, enable or create the traps and thus your log traffic. The number and alert nature of the traps might be a sign worthy of concern.

A router can stand very high traffic levels (I seem to recall reported testing levels of 100K port accesses per hour) without any noticeable problems. A strained network should be evident.

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]
 
Upvote 0 Downvote
Perhaps you may look at the statistics/errorlogs on the router (web/console/telnet/ssh/client-app... don't know the linksys). Probably the router was already configured to send SNMP-traps in case of errors and now it's time look why it starts doing so.
chris
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
826
intel233
intel233
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
324
hairlessupportmonkey
hairlessupportmonkey
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
226
hall5942
hall5942
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
203
hall5942
hall5942
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
217
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top