|
We are in
a mixed network, which includes a router Cisco, a 3COM swich common to the two
networks and a hub where gateway/fire wall linux computer is connected.
One of the network is my company network ( 192.168.X.X / 255.255.0.0. I am in charge of it) and the other network belongs to other company (10.10.X.X / 255.255.0.0). This company has a VPN. Now, they are accusing me as hacker, alleging we have tried to go into their VPN. As prove of tha t , they are showing the following type of message:Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.185:138 192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71) Oct 21 04:10:01 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109 SYN (#70) Oct 21 04:10:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.138:137 192.168.255.255:137 L=78 S=0x00 I=49285 F=0x000 T=32 (#71) Oct 21 04:10:16 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.20:138 192.168.2.255:138 L=238 S=0x00 I=56451 F=0x000 T=32 (#71) Oct 21 04:10:20 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.5:138 192.168.2.255:138 L=234 S=0x00 I=39272 F=0x000 T=128 (#71) Oct 21 04:11:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.5:137 192.168.2.255:138 L=78 S=0x00 I=39528 F=0x000 T=128 (#71) Oct 21 04:12:00 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.100:138 192.168.255.255:138 L=241 S=0x00 I=31461 F=0x000 T=128 (#71) Oct 21 04:14:04 localhost kernel: Packet log: input DENY eth0 PROTO=17 192.168.2.172:137 192.168.255.255:137 L=78 S=0x00 I=50473 F=0x000 T=32 (#71) They have as many as 40 pages of this type of messages , presenting this "deny" access as the evidence we have tried to penetrate their network.Since we are not int er ested is go into that VPN, nor we have tried to do it, please help me in find a technnical explanation for the "evidences" the have shown. Thanks. |
- [expert] Firewall Log Question Eduardo Bencomo
- Re: [expert] Firewall Log Question Tarragon Allen
- Re: [expert] Firewall Log Question Leif Madsen
- Re: [expert] Firewall Log Question Tarragon Allen
- Re: [expert] Firewall Log Question eduardo
- Re: [expert] Firewall Log Question Tarragon Allen
- Re: [expert] Firewall Log Question Eduardo Bencomo
- Re: [expert] Firewall Log Question kons Richard Bown
- RE: [expert] Firewall Log Question Jose M. Sanchez
