1. Home
  2. Digital Subscriber Line
  3. westell 2200 firewall log fills up even when ppp is down

westell 2200 firewall log fills up even when ppp is down

I've been running my Verizon DSL ok for a few days now. I run it in manual mode because when I tried automatic with a 20 minute timeout it seemed it was waking up when I didn't want it to. Manual is ok since it's very easy to just hit the modem's http interface and connect the ppp in just a few seconds.

What I wanted to ask is what is going on with the huge number of these in the firewall log even when the Westell 2200 modem is in PPP DOWN mode:

644 00:59:23 mirror0 Inbound 645 00:59:25 mirror0 Inbound 646 00:59:25 mirror0 Inbound 647 00:59:28 mirror0 Inbound .....etc

these go Packet Details

Source IP: 70.18.121.120 Destination IP: 70.18.251.209 Protocol: TCP Source Port: 3715 Destination Port: 445 TCP Flags: 02 ( syn )

the linux host command seems to point to both the source and destination being verizon addresses. Port 445 I think is for https but I don't know what 3715 is. The linux /etc/services file doesn't have a 3715 port entry.

Mark

Reply to
Mark
Loading thread data ...
445 is labelled as Microsoft-DS on the IANA site. So prolly some kind of vulnerbility exploit attempt. Outgoing ports are often fairly random, but in a specific range, but this port is listed as the "Anoto Rendezvous Port" Dunno if that helps. btw, HTTPS is normally 443 G
Reply to
THe NuTTeR

HTTPS is port 443. Port 445 is a Windows RPC sort of thing; most Internet traffic seeking port 445 is a WinWorm of the Blaster, or Sasser variety, looking for a computer to infect. Port 3715 is in the range of ports assigned for outbound connections. Most systems start assigning ports at TCP port 1024 and increment for each outbound request, usually until about 5000, or so; after that the assignments recycle to 1024. Unless the port assignment is faster than the wait time for re-assignment; in which case the ports can go past 5000. Ports in the ten thousands are usually controlled directly by the application, and not assigned by the TCP/IP process of the OS.

Reply to
NormanM

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.