DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
What this log and how to stop it
- talbengal
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 13
- Thank you received: 0
13 Jan 2011 06:48 #65635
by talbengal
What this log and how to stop it was created by talbengal
I am getting log entry:
[DOS][Block][fraggle_attack][10.10.148.1:67->255.255.255.255:68][UDP][HLen=20, TLen=340]
Every 30 Sec.
There is NO network 10.10.148.x on our network.
From this is comming and Please how to stop it?
[DOS][Block][fraggle_attack][10.10.148.1:67->255.255.255.255:68][UDP][HLen=20, TLen=340]
Every 30 Sec.
There is NO network 10.10.148.x on our network.
From this is comming and Please how to stop it?
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
13 Jan 2011 12:08 #65640
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic What this log and how to stop it
Are you on cable, perhaps with a dynamic IP? It looks like a DHCP response from the UBR/CMTS and the reply is coming from your ISP's CMTS's private address. In short, don't worry about it.
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- talbengal
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 13
- Thank you received: 0
13 Jan 2011 12:16 #65641
by talbengal
Replied by talbengal on topic What this log and how to stop it
No USB connection, Yes the WAN2 comming from Cable modem but it has only public IP, and I can't get to it.
The Cable is a virginmedia modem with only one (1) network (internet) port (that is my Public IP address) and one Cable port that go to virginmedia Cable (Coax).
So I don't see any way fr it to come back to the network with privet network IP (10.x.x.x).
WAV 1 is ADSL and it is on the router itself (Vigor 8220) and have NO private address 10.x.x.x. The router has 2 IP subnet:
192.168.1.0 - 255.255.255.0 - our network private IP
217.x.x.136 - 255.255.255.248 - our network public IP.
The Cable is a virginmedia modem with only one (1) network (internet) port (that is my Public IP address) and one Cable port that go to virginmedia Cable (Coax).
So I don't see any way fr it to come back to the network with privet network IP (10.x.x.x).
WAV 1 is ADSL and it is on the router itself (Vigor 8220) and have NO private address 10.x.x.x. The router has 2 IP subnet:
192.168.1.0 - 255.255.255.0 - our network private IP
217.x.x.136 - 255.255.255.248 - our network public IP.
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
13 Jan 2011 18:17 #65646
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic What this log and how to stop it
Try doing a tracert to abc.com via your cable connection. You will see your first external hop will come back with a 10.x.y.z address - mine is 10.72.136.1. This is your CMTS (UBR on old speak).
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- talbengal
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 13
- Thank you received: 0
13 Jan 2011 18:20 #65647
by talbengal
Replied by talbengal on topic What this log and how to stop it
Thanks,
Yes you are right,
Tracing route to abc.com [199.181.132.250]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.1.1
2 7 ms 23 ms 7 ms 10.10.148.1
how can I stop this fron sending alert to me?
Using 2820
Yes you are right,
Tracing route to abc.com [199.181.132.250]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.1.1
2 7 ms 23 ms 7 ms 10.10.148.1
how can I stop this fron sending alert to me?
Using 2820
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
13 Jan 2011 22:14 #65650
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic What this log and how to stop it
I've no idea how you can stop it. I don't have a 2820 and I have not bothered with logging for years as the logs on the 2900 series only worked when you had a logging machine on. When I did logging I used Wallwatcher rather than the Draytek logger and I think it allowed me to filter the logs. Also I did not bother with DOS defence so I probably would not have got the messages anyway.
FWIW, on Sunday I suddenly started getting replies like
FWIW, on Sunday I suddenly started getting replies like
Code:
dhclient: DHCPREQUEST on eth0 to 62.253.131.61 port 67
on my current router/server (ClearOS - Linux) and I had to restart the networking to stop them. It happened again on Tuesday and at lunchtime today. I wonder if VM have done something to their network? 2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek