Firewall Log - hacker

what is below log telling you ?

You can also see full entries of lon on http://www.sawmill.net/dcforum/DCForumID2/4059.html

please help

 

To me, it says that your system clock is 10 years behind. Other than that, what should we see ? Use http://networktools.nl/whois to find who is registered at that address and send them an email with your concerns. See what they have to say.

 

if RTC (cmos clock) is behind, renew your cmos battery. with this date you can not check digital certificates, they were all outdates and thats a big security issue.

IP http://img1.imagebanana.com/img/dq2md5e2/Gold.png http://whois.domaintools.com/66.70.78.30

next problem - that firewall seems to be crap

hello? either it turned stupid or someone has allowed that action

i assume you are using a modem only, no router. with router you wont have that incoming traffic.

 

This is a packet log, not a log of blocked connections.

Hello Barney, welcome.

As it happens, there is a post a couple of years old posing the same question as yours, here. The IP in question is identical, except... there is no mention of that IP in logs from that post.
Now, if we wish to continue this thread we would need to know all of the specifics related to these log entries (software used to collect logs, OSes in question, more log entries, etc...). Otherwise, blindliy deciphering (or guessing better yet) what is happening behind log entries will get us nowhere. To me, from these 3 you posted here it looks like all is normal.

 

I'll stick my neck out "blindly deciphering" (great phrase, Seer) and GUESSING.
NetScreen is or was a Juniper Networks enterprise level router-and-more, used often for VPN and tons of other things. The log looks like a router log of all packets. Possibly accepting inbound packets to one of many servers, perhaps a VPN server, hooked to the router where the local DNS service runs for looking up local servers, and quite possibly remote servers. Inbound to 443 might be https login via some RSA key or other security device.

What's really baffling is how can today's log have virtually identical date entries to the one Seer referenced?

 

I want to tell this to everybody that this is assignment in one of the security classes - forensic data. Prof told us to observe the same. That's why i thought I might get some answer as I have done quite a search and couldn't found anything.

 

I don't think this its normal because as I mentioned this is assignment and Prof has told us that - Assume the IP address of 66.70.78.30 is the "bad guy"- what is he trying to do here. Also, for more log entries the link you provided is provided by prof. Thats the same data, if you can found out something, it would be great.

What I think is 'bad guy' is trying to contact different webservers and hacks into the system.

 

Probably Prof is giving same assignment since these many years.. What baffling to me is in this age of Internet, I cant get answer. Now on this forum, we can give help to all those students who are wondering for the answers.

 

You never mentioned until post#6 today it's not your log but some class assignment so don't try to offend people who try to help, so your reply in post#7 is impolite.

Still not sure what you want. Lets' assume, we are talking about what I suggested and that assumption maybe totally wrong of course since you gave no other details and I have no idea what your prof wants.
Read these:
http://en.wikipedia.org/wiki/Virtual_private_network
http://www.cisco.com/en/US/docs/sec...r/security_manager/3.3/user/guide/vpchap.html
http://www.isaserver.org/img/upl/vpnkitbeta2/dnsvpn.htm
Why those? because I see packets to port 53 on 10.100.0.110 which implies a DNS server, and packets to 10.100.0.109, different box and port 443, normally used for https activity one of which might be login to get permissions to login to the company resources.
Device-id and Policy-id means nothing to someone not familiar with this router. It's some rule somebody setup.

 

I just want to inform that I am not asking just because its 'homework' thing. This is stuff which could help analyze stuff as well. Still, I am sorry to anybody if I have offended. I thought that people discuss issues than I might can as well. Really sorry. And thanks to all who take out time to respond on my post.

 

Go do your own homework. Read your book like a good student.