Re: (ASCEND) Syslog message meaning?

To: ascend-users@max.bungi.com
Subject: Re: (ASCEND) Syslog message meaning?
From: "Max User" <maxed_out_user@hotmail.com>
Date: Tue, 23 May 2000 12:25:45 PDT
Sender: owner-ascend-users@max.bungi.com

If you have SCM there is certain checkbox you can check to have the Pipeline 
log certain packets.  Therefore, probably checked something in your firewall 
configurations to have it log rejects on a certain packet type.  The 
messages you see now are just firewall logging as instructed to do so by the 
Pipeline.  In this case, someone with a source IP of 207.51.x.2 and source 
TCP port of 1854 (or 1853 as in the other sample packet) tried to go to a 
destination IP of 216.65.x.x and destination port 8080, but the Pipeline's 
firewall rejected the packet (!pass) and logged it to syslog.



Hello,

Can anyone please tell me what this syslog message indicates? I have not 
seen a syslog message like this before and I have it running on 6 or 7 
various pipeline models. I called in to check the syslog when the
customer said the connection was very slow. The Pipeline was spitting these 
messages out continuously one after the other. I temporarily disconnected 
the ISP connection and it stopped.

<134>ASCEND: wanidle0 tcp 207.51.x.2;1854 -> 216.65.x.x;8080 48 syn
!pass (reject) in 22-May 14:51:40.28 from 192.168.x.x

<134>ASCEND: wan1 tcp 207.51.x.2;1853 -> 216.65.x.x;8080 48 syn !pass
(reject) in 22-May 14:51:46.10 from 192.168.x.x

192.168.x.x is the secondary IP # assigned to the Pipeline 75 that is 
sending the syslog message to another 192.168.x.x machine we connect to with 
pcAnywhere after dialing the Pipeline. The primary IP # is 207.51.x.3. and 
serves as Internet connection for about 10 users on the LAN. We are using 
SCM Firewall on the Internet connection and it's a dial-up.

The 207.51.x.2 number is a pc on the LAN. I did a trace to the 216.65.x.x - 
some kind of banner rotation program website giffle.com).  Although the 
customer is not doing anything like this and has no webserver etc.  Their 
connection is just for Internet access.

It looks like rejected login attempts where someone from the LAN is
attempting to login elsewhere but it seems like the Pipeline would not
show this in syslog messages. Or is this an attempt to login to the
Pipeline from somewhere else?

Any insight appreciated.

Thanks,

Scott Starbuck
Aobe Network Group
5340 Millertown Pike, Suite 131
Knoxville, TN 37924
Phone: 865-689-7290
Fax: 865-688-0068
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: (ASCEND) RE: Max3048 with NFAS configuration
Next by Date: Re: (ASCEND) RE: Max3048 with NFAS configuration
Prev by thread: (ASCEND) Syslog message meaning?
Next by thread: (ASCEND) ATM-Direct attributes from RADIUS? (MAX TNT prob.)
Index(es):
- Date
- Thread