Netgear FVS318 reporting failed Admin logins from internal clients..... falsely?

I've seen surges of these in the logs during the day. They come from users who are to clueless to even try to http to the defautl gateway, so I know there is no user really attempting this.

Has anyone seen false notification of failed Admin logins from the LAN side in their logs?

The two possibilities are:

- Trojan/BackDoors on PC

- Ordinary web traffic is being mistaken as admin logins and Netgear is falsely reported an attempted break-in.

I've cleaned the PC and there were some really old bits of trojans leftover from years ago but only some mild adware active. Some common malware was cleaned out months ago and of recent. Not enough to make me think someone had created some zombies in the LAN. I have seen zombies inthe past and they were loaded with crap.

I *WAS* content to think that this was a bug in Netgear and I am scheduling an update of the firmware(18 months old) this weekend. However, on Friday, this tiny, unimportant, anonymous ten PC office living on a single Cable IP address address was targetted by a series of floods to a known backdoor port, 4865. This distributed flood came from around the world. Coordinated. Over 80 IP addresses were logged making the same attempt repeatedly. Attempts occurred at 12:14,

12:39, and 1:04 and last for a few minutes each. I have never seen this in the logs before. These aren't the random scans we see normally.

UNfortunately, the emailing of logs doesn't work on the Netgear (a semi-working feature) so I missed the begining of it all. The emailing of significatn ALERTS does work. But emailing logs when full, daily, weekly or hourly doesn't work at all. Even hitting SEND LOG just refreshes the page and creates a corruption partway through the textbox failing to display the whole log. I'm hoping this is fixed by the firmware update, although i never see this problem mentioned in any of the bug fix/change lists.

So anyone else seen failed logins? or suspicious stuff that was really nothing on the FVS318? DiGiTAL_ViNYL (no email)

Reply to
DigitalVinyl
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.