Router Log

Discussion in 'other security issues & news' started by Patrice, Apr 19, 2003.

Thread Status:
Not open for further replies.
  1. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi there!

    I have a question concerning the log of my router. I'm using a router from Linksys (BEFSR41) and I have to say, that I'm really happy with it. But from time to time I would like to have a closer look on the log file of it. Unfortunately it's not very informative...

    So I went out and looked for a better log tool. I've found some and I think that I will test them soon. But because I know, that some of you are using a router as well, I wanted to ask you about such a tool. Do you know and use such tools? And do you know one, which is really informative, easy to handle,... overall: overhelming?

    Let me know your experiences, I'm very grateful about them!

    Best regards!

    Patrice
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Patrice, The best free, easy to use & very cool logger is WallWatcher from: http://www.sonic.net/wallwatcher/ You may need to get the extra windows files mentioned on the website & available from there. ;) Also you will need enable logging in the Linky's set up
     
  3. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Pilli!

    Thanks for the answer, I'll go and catch this tool! As I see you'll get my "router-buddy"! ;)

    Have fun & til the next time!

    Patrice
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Patrice, How to "Gee Wong" your router (named after the guy who first posted) This creates a virtual black hole on all ports.
    Open your router Menu's got to the "Advanced" tab, open the DMZ host, In the DMZ host box enter 200 or any number up to 255 which is not assigned to a device or PC So that it looks like this 192.168.1.200 Apply. Now open the "Forwarding" tab In the top line Customised applications. Type Black hole or whatever you want to call it. Then in the "Ext Port" type 80 To 80, Tick protocols TCP & UDP, make the IP address look like this 192.168.1.200 (or whatever Number you assigned as above) Tick enable and Apply.
    When you have WallWatcher up & running you will see all the incoming scans etc, going straight into the Black hole Wonderful! ;)
     
  5. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Wow! :eek:

    Think I have to try that! Funny, what these guys find out!

    Greetings!

    Patrice
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Patrice

    The following is a list of logging utilities for the Linksys you could look at.

    Freeware:
    Log Viewer
    Wall Watcher
    SNMP Log
    Router Rooter

    Shareware:
    Link Logger

    Log Viewer by Sven Schaefer does not need NIS installed to work and will run as a service on W2K/XP.

    Regards,

    CrazyM
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Pilli, just another point of view...

    The dummy DMZ or "Gee Wong" settings were/are used to achieve "stealth" results for certain types of scans. Linksys routers, depending on firmware used, would not always stealth UDP scans.

    While some users have used the dummy DMZ settings without any problems, some have experienced problems with router lock ups when subjected to intense scans.

    One thing to note when using this technique is that you are actually allowing unsolicited inbound traffic to pass through the router to the LAN side, albeit to a non existent internal IP. This also results in the router processing this unsolicited traffic via the routing tables [edit: possibly contributing to the lock ups experienced by some].

    This defeats the purpose of having the router in my view. I would rather all unsolicited traffic be dropped/blocked at the router.

    The usual Code Red/Nimda TCP port 80 scans will be blocked by the Linksys, and logged by WallWatcher, without having to forward that port to a non existent internal IP address.

    The Linksys will drop/block all unsolicited inbound traffic without the dummy DMZ setting, it just may not provide a "stealth" response to certain types of scans, depending on model and firmware.

    Regards,

    CrazyM
     
  8. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi CrazyM!

    Thanks for your answers! I know most of the logging utilities you mentioned. Unfortunately I wasn't satisfyied with Log Viewer... Was not an overhelming tool.

    Nevertheless I appreciated you answer!!

    Best regards!

    Patrice
     
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Patrice

    Just curious.....the Linksys Log Viewer or Sven Schaefer's Log Viewer? Sometimes they get confused.

    Regards,

    CrazyM
     
  10. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi CrazyM!

    The Linksys Log Viewer is terribly bad... I meant the Log Viewer of Sven Schaefer. I already tried it out a while ago. I wasn't that happy.

    Greetings!

    Patrice
     
  11. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Patrice

    OK, in that case as Pilli mentioned WallWatcher is probably your best bet for free. LinkLogger is worth looking at and they have a 30 day trial if you are not against paying for a logging utility.

    Regards,

    CrazyM
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks for the information Crazy M, I know there has been a lot of argument about the efficacy of the Gee Wong method but I have been using it now for two years & have not had one lock up - I do recieve regular probes but obviously not enough to cause a problem as yet.
    I beleive also that this was mainly a concern with the Linksys firmware versions that included SPL? Which has now been dropped from the latest firmware. :D

    Cheers Pilli
     
  13. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Pilli & CrazyM!

    Thank you guys for your answers! I installed WallWatcher and GetLog now on my computer and test it thoroughly. So far I really like the tool! It gives me a nice overview of all the inbound/outbound traffic. Unfortunately my router just stores about 70 log records when the computer is down as far as I know... But I can live with that! :doubt:

    Best regards!

    Patrice
     
  14. controler

    controler Guest

    Hello and Happy Easter to all

    Has anyone found a good logfile analyzer for Actiontechs new firewall
    as of yet?

    http://www.qwest.com/dsl/customerservice/Actiontec1520.html

    I tried walwatcher and it doesn't seem to be compatiable and am using XP

    Thanks
     
  15. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Sorry Controller, I don't know your router but reading the spec' file it does not mention logging. In the the Linksys you have a click box to enable logging, WallWatcher etc. tap into this internal log for their info'.
    A feature such as this could be made available through a firmware upgrade if there is no such option already implemented & a logging programme created such as WW.
     
  16. controler

    controler Guest

    Thanks pilli

    I have a linksys router on another network which I like but
    On this network I am using the actiontec.
    I like it's features but the only logging I have seen is the WEB access
    logging, which only shows visited web sites.
    With a logging system such as Linksys has, I think this is a nice router.
     
  17. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yes, I have voted! Patrice - Now vote on Spam please :p
     
Loading...
Thread Status:
Not open for further replies.