A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Netgear DG834G logging...


« Doh! | Re: PlusNet »

 
 
Thread Tools Display Modes
  #1  
Old May 10th 04, 10:17 AM posted to uk.telecom.broadband
Simon B
external usenet poster
 
Posts: 7
Default Netgear DG834G logging...

After coming up with some techniques at work to monitor the progres of the
sasser worm through the internal corporate network (like acl's on routers,
and montoring/logging matches to port 5554, etc.), I thought that I would
set up my home DG834G to syslog to a local PC, and see just how much sasser
activity was getting through to my router. Two things:

1 - didn't see ANY (probing) activity on ports 135, 445, 5554 or 9996 (i.e.
those associated with sasser).
2 - but also didn't see much else. Some activity from my ISP, but not even
an event like me logging onto the router for admin purposes was logged....
(which I had seen before, e.g. under V1.03.00 firware).

Am on V1.04.01 firware. Got all logging options checked on the relevant
router config page. The web-interface logfile window seems to reflect what's
being (and what's NOT being) logged via syslog....

Anyone else notice a lack of logged events on this device? (Just want to
check before raising a call with Netgear).

Thanks,


  #2  
Old May 10th 04, 08:54 PM posted to uk.telecom.broadband
bikeulike
external usenet poster
 
Posts: 1
Default Netgear DG834G logging...

Simon B wrote:
After coming up with some techniques at work to monitor the progres
of the sasser worm through the internal corporate network (like acl's
on routers, and montoring/logging matches to port 5554, etc.), I
thought that I would set up my home DG834G to syslog to a local PC,
and see just how much sasser activity was getting through to my
router. Two things:

1 - didn't see ANY (probing) activity on ports 135, 445, 5554 or 9996
(i.e. those associated with sasser).
2 - but also didn't see much else. Some activity from my ISP, but not
even an event like me logging onto the router for admin purposes was
logged.... (which I had seen before, e.g. under V1.03.00 firware).

Am on V1.04.01 firware. Got all logging options checked on the
relevant router config page. The web-interface logfile window seems
to reflect what's being (and what's NOT being) logged via syslog....

Anyone else notice a lack of logged events on this device? (Just want
to check before raising a call with Netgear).

Thanks,


Yes, Mine is the same. Not logging access to the router. I have the same
software version.


  #3  
Old May 11th 04, 12:52 PM posted to uk.telecom.broadband
Colum Mylod
external usenet poster
 
Posts: 3
Default Netgear DG834G logging...

On Mon, 10 May 2004 19:54:52 +0100, "bikeulike"
wrote:

Simon B wrote:

[...]
thought that I would set up my home DG834G to syslog to a local PC,
and see just how much sasser activity was getting through to my
router. Two things:

1 - didn't see ANY (probing) activity on ports 135, 445, 5554 or 9996
(i.e. those associated with sasser).
2 - but also didn't see much else. Some activity from my ISP, but not
even an event like me logging onto the router for admin purposes was
logged.... (which I had seen before, e.g. under V1.03.00 firware).

[...]
Anyone else notice a lack of logged events on this device? (Just want
to check before raising a call with Netgear).


Yes, Mine is the same. Not logging access to the router. I have the same
software version.


I set up logging when I got mine, but it didn't mail me anything when
I pinged it from work. Then lo! my Pipex connection died during a
lightening storm, I rebooted it to re-establish the connection and it
began to spam me with port ping reports. Didcha reboot yours? I must
check the firmware version - didn't upgrade it from purchase.

The box did stay connected for 333 hours until the time of the
(unrelated?) storm. It doesn't reconnect without a prod - reboot or
click [Test] on the settings page. A good little number but not 100%.



Headers spam-proofed. Use cmylod at bigfoot . com
  #4  
Old May 11th 04, 02:21 PM posted to uk.telecom.broadband
Simon B
external usenet poster
 
Posts: 7
Default Netgear DG834G logging...


"Colum Mylod" wrote in message
...
On Mon, 10 May 2004 19:54:52 +0100, "bikeulike"
wrote:

Simon B wrote:

[...]
router. Two things:

1 - didn't see ANY (probing) activity on ports 135, 445, 5554 or 9996
(i.e. those associated with sasser).
2 - but also didn't see much else. Some activity from my ISP, but not
even an event like me logging onto the router for admin purposes was
logged.... (which I had seen before, e.g. under V1.03.00 firware).

[...]
Anyone else notice a lack of logged events on this device? (Just want
to check before raising a call with Netgear).


Yes, Mine is the same. Not logging access to the router. I have the same
software version.


began to spam me with port ping reports. Didcha reboot yours? I must
check the firmware version - didn't upgrade it from purchase.


Pretty sure it's been rebooted at least once after the last firmware upgrade
(which would have included a reboot). I'll try one more, and if that fails,
see what Netgear make of it....
Ta.


  #5  
Old May 11th 04, 05:21 PM posted to uk.telecom.broadband
Graham Tavener
external usenet poster
 
Posts: 30
Default Netgear DG834G logging...


"Simon B" wrote in message
...

"Colum Mylod" wrote in message
...
On Mon, 10 May 2004 19:54:52 +0100, "bikeulike"
wrote:

Simon B wrote:

[...]
router. Two things:

1 - didn't see ANY (probing) activity on ports 135, 445, 5554 or 9996
(i.e. those associated with sasser).
2 - but also didn't see much else. Some activity from my ISP, but not
even an event like me logging onto the router for admin purposes was
logged.... (which I had seen before, e.g. under V1.03.00 firware).

[...]
Anyone else notice a lack of logged events on this device? (Just want
to check before raising a call with Netgear).


Yes, Mine is the same. Not logging access to the router. I have the

same
software version.


began to spam me with port ping reports. Didcha reboot yours? I must
check the firmware version - didn't upgrade it from purchase.


Pretty sure it's been rebooted at least once after the last firmware

upgrade
(which would have included a reboot). I'll try one more, and if that

fails,
see what Netgear make of it....
Ta.


I have my DG834 (not wireless) with same firmware version and it is logging
via email ok.
I haven't tested out the syslog reporting, but will do soon when I get
another server configured for network monitoring.

Graham

  #6  
Old May 11th 04, 05:41 PM posted to uk.telecom.broadband
Simon B
external usenet poster
 
Posts: 7
Default Netgear DG834G logging...


"Graham Tavener" wrote in message
...

"Simon B" wrote in message
...

"Colum Mylod" wrote in message
...
On Mon, 10 May 2004 19:54:52 +0100, "bikeulike"
wrote:

Simon B wrote:
[...]
router. Two things:

1 - didn't see ANY (probing) activity on ports 135, 445, 5554 or

9996
(i.e. those associated with sasser).
2 - but also didn't see much else. Some activity from my ISP, but

not
even an event like me logging onto the router for admin purposes

was
logged.... (which I had seen before, e.g. under V1.03.00 firware).
[...]
Anyone else notice a lack of logged events on this device? (Just

want
to check before raising a call with Netgear).

Yes, Mine is the same. Not logging access to the router. I have the

same
software version.


I have my DG834 (not wireless) with same firmware version and it is

logging
via email ok.
I haven't tested out the syslog reporting, but will do soon when I get
another server configured for network monitoring.

Graham


Well, I'd say that syslog as a function is working fine (haven't tried
email), in that it is syslogging every event that you can view if simply
logged into the the admin console web-interface, and refreshing the "logs"
config window screen. The problem seems to be more that it appears that not
all required events are being logged - anywhere (admin interface, syslog -
possibly email). The obvious one is the "router admin login" not being
logged (I know this, because I had seen that one before). The more worrying
thing is what is it NOT logging, that I have asked it to log?.....

S.


  #7  
Old May 12th 04, 12:27 AM posted to uk.telecom.broadband
Graham Tavener
external usenet poster
 
Posts: 30
Default Netgear DG834G logging...


"Simon B" wrote in message
...

"Graham Tavener" wrote in message
...

"Simon B" wrote in message
...

"Colum Mylod" wrote in message
...
On Mon, 10 May 2004 19:54:52 +0100, "bikeulike"
wrote:

Simon B wrote:
[...]
router. Two things:

1 - didn't see ANY (probing) activity on ports 135, 445, 5554 or

9996
(i.e. those associated with sasser).
2 - but also didn't see much else. Some activity from my ISP, but

not
even an event like me logging onto the router for admin purposes

was
logged.... (which I had seen before, e.g. under V1.03.00

firware).
[...]
Anyone else notice a lack of logged events on this device? (Just

want
to check before raising a call with Netgear).

Yes, Mine is the same. Not logging access to the router. I have the

same
software version.


I have my DG834 (not wireless) with same firmware version and it is

logging
via email ok.
I haven't tested out the syslog reporting, but will do soon when I get
another server configured for network monitoring.

Graham


Well, I'd say that syslog as a function is working fine (haven't tried
email), in that it is syslogging every event that you can view if simply
logged into the the admin console web-interface, and refreshing the "logs"
config window screen. The problem seems to be more that it appears that

not
all required events are being logged - anywhere (admin interface, syslog -
possibly email). The obvious one is the "router admin login" not being
logged (I know this, because I had seen that one before). The more

worrying
thing is what is it NOT logging, that I have asked it to log?.....

S.

A quick check of my email logs shows that admin logins are being logged.
Graham

  #8  
Old May 13th 04, 02:13 PM posted to uk.telecom.broadband
David
external usenet poster
 
Posts: 4
Default Netgear DG834G logging...

Hi Simon,

I'm running firmware v1.03 (been OK for me and, with no need for VPN, I
decided to heed the groups warnings about v.1.04.01) so mine is logging
admin log-ins fine.

It's also logging inbound activity as far as I can tell. I don't have
anything on the sasser ports you mention but I do get the regular NETBIOS
(port 137) probes and some other common trojans.

Have you set up an inbound firewall rule with logging enabled? The default
inbound rule (which, afaik cannot be altered) has logging set to "Never". If
you add a new inbound rule (actually the same rule, block all services from
all IPs) but with logging set to "Always" any probes should appear in the
log (or at least they seem to on firmware v1.03).

The only thing I don't understand (my lack of knowledge) is that the source
ip for the probe is reported but the destination ip is always (or at least
seems to be always) 1.0.0.0 rather than my real IP (I've a static ip from my
ISP) which is what I would have expected - not that it matters much.

Many thanks, David


"Simon B" wrote in message
...
After coming up with some techniques at work to monitor the progres of the
sasser worm through the internal corporate network (like acl's on routers,
and montoring/logging matches to port 5554, etc.), I thought that I would
set up my home DG834G to syslog to a local PC, and see just how much

sasser
activity was getting through to my router. Two things:

1 - didn't see ANY (probing) activity on ports 135, 445, 5554 or 9996

(i.e.
those associated with sasser).
2 - but also didn't see much else. Some activity from my ISP, but not even
an event like me logging onto the router for admin purposes was logged....
(which I had seen before, e.g. under V1.03.00 firware).

Am on V1.04.01 firware. Got all logging options checked on the relevant
router config page. The web-interface logfile window seems to reflect

what's
being (and what's NOT being) logged via syslog....

Anyone else notice a lack of logged events on this device? (Just want to
check before raising a call with Netgear).

Thanks,




  #9  
Old May 13th 04, 03:00 PM posted to uk.telecom.broadband
Simon B
external usenet poster
 
Posts: 7
Default Netgear DG834G logging...

"David" wrote in message
...
Hi Simon,

I'm running firmware v1.03 (been OK for me and, with no need for VPN, I
decided to heed the groups warnings about v.1.04.01) so mine is logging
admin log-ins fine.

It's also logging inbound activity as far as I can tell. I don't have
anything on the sasser ports you mention but I do get the regular NETBIOS
(port 137) probes and some other common trojans.

Have you set up an inbound firewall rule with logging enabled? The default
inbound rule (which, afaik cannot be altered) has logging set to "Never".

If
you add a new inbound rule (actually the same rule, block all services

from
all IPs) but with logging set to "Always" any probes should appear in the
log (or at least they seem to on firmware v1.03).

The only thing I don't understand (my lack of knowledge) is that the

source
ip for the probe is reported but the destination ip is always (or at least
seems to be always) 1.0.0.0 rather than my real IP (I've a static ip from

my
ISP) which is what I would have expected - not that it matters much.

Many thanks, David


"Simon B" wrote in message
...
After coming up with some techniques at work to monitor the progres of

the


Thanks for the detailed reply. However, since the first post (which was
possibly a little premature on my part - i.e. before I'd completed more
homework myself), I have rebooted the router AGAIN (another posters
suggestion), and certainly the next admin logon was logged (as indeed was an
attempt to a configured blocked site - another log event that seemed to be
missing before the reboot). The last re-boot before this one would have been
the one following the upgrade to V1.04.01... I also noticed the fact that
the default rule was "not logging", and considered a new rule that blocks
and logs everything inbound - but haven't tried that yet (was also owndering
about order of rule application, etc.). Will give it a go and also take a
look at the source address issue you mentioned... thanks,


  #10  
Old May 13th 04, 10:09 PM posted to uk.telecom.broadband
Andrew Jackson
external usenet poster
 
Posts: 8
Default Netgear DG834G logging...

"David" wrote in message
...
Hi Simon,

I'm running firmware v1.03 (been OK for me and, with no need for VPN, I
decided to heed the groups warnings about v.1.04.01) so mine is logging
admin log-ins fine.

It's also logging inbound activity as far as I can tell. I don't have
anything on the sasser ports you mention but I do get the regular NETBIOS
(port 137) probes and some other common trojans.

Have you set up an inbound firewall rule with logging enabled? The default
inbound rule (which, afaik cannot be altered) has logging set to "Never".

If
you add a new inbound rule (actually the same rule, block all services

from
all IPs) but with logging set to "Always" any probes should appear in the
log (or at least they seem to on firmware v1.03).

The only thing I don't understand (my lack of knowledge) is that the

source
ip for the probe is reported but the destination ip is always (or at least
seems to be always) 1.0.0.0 rather than my real IP (I've a static ip from

my
ISP) which is what I would have expected - not that it matters much.

Many thanks, David


[snip]

Hi David,

I have observed exactly the same behaviour on v1.03 with the inbound
destination always logged as 1.0.0.0. I reported it to Netgear - they were
aware of the problem. IIRC, v1.04.01 does show the correct address for
inbound traffic. However, if I set a rule to log all inbound traffic, then
it seems consistently to prevent me from successfully downloading anything
by ftp. Goodness knows why. I have logged this with Netgear (weeks ago)
and not received any response. Has anyone else seen this behaviour?


While we're talking about NetGear, though I probably should start a new
thread, has anyone had success with the latest version of the drivers for
the WG511? On XP Pro, I cannot get the new driver to connect with a ME102
using the NetGear "Wizard". I can only connect if I let Windows manage the
adapter. (I could connect with the previous drivers and config. utility.)

Cheers,
Andy



 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Netgear DG834G Richard Rollins uk.telecom.broadband (UK broadband) 13 April 22nd 04 03:04 PM
Netgear DG834G Scooby Doo uk.telecom.broadband (UK broadband) 9 January 6th 04 03:11 AM
Netgear DG834G Steve uk.telecom.broadband (UK broadband) 0 December 9th 03 01:45 PM
Netgear DG834G Steven Archer uk.telecom.broadband (UK broadband) 0 November 29th 03 01:37 PM


All times are GMT +1. The time now is 10:45 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright ©2004-2019 BroadbanterBanter.
The comments are property of their posters.