 | Greetings,
I recently noticed suspicious messages in the security log of my
NETGEAR firewall. There are between 1 to 10 such messages per day that
read like this:
[Sat, 2005-01-22 15:53:17] - Administrator Interface Connecting[TCP] -
Source:192.168.0.4,2435 - Destination:192.168.0.1,80 - [Receive]
This is very suspicious since I *know* that I didn't connect as
administrator to the firewall for at least several weeks. What's even
more scary is that the log indicates "[Receive]", not "[Drop]" as
should be in the case of someone trying to get externally spoofing the
source address...
Is it possible that I have just evidenced a successful attack and
break-in into my LAN? Or is this message benign?
BTW, I did not enable "Remote Management" in my NETGEAR router, I
allows only PCs on the local LAN to configure this firewall.
Thanks,
Daniel
|
|
