Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 [3]

Author Topic: Have You Checked Your Firewall Logs Lately ?.  (Read 11556 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Have You Checked Your Firewall Logs Lately ?.
« Reply #30 on: November 03, 2016, 06:19:03 PM »

Btw, I was talking rubbish earlier when I wrote about a quiet time of day - whose time zone?

A second traffic capture this afternoon recorded 7 such events over a 30 s period, during which there was a fair bit of normal network going on. So there’s clearly a good bit of variance and who's to say when the busier times might be. Any statistical figures have to be very approximate anyway.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Have You Checked Your Firewall Logs Lately ?.
« Reply #31 on: November 03, 2016, 06:30:35 PM »

To get the traffic captures, I used the Andrews & Arnold traffic capture feature that can be triggered on their routers. I set it to capture all PPP traffic (not just IP) going to and from my main LAN. You can do this by going to the clueless.aa.net.uk web server. (They're now wanting us to call that web server 'control.aa.net.uk', which provides the control panel UI, but I prefer the traditional not-tooo-sensible name.)

Firewall:

I looked at my firewall-router’s firewall state (the firewall-router is a Firebrick) to see a list of blocking ('drop') session objects it had created, but that doesn't give me any counts of events, I can just see source IP addresses.

I'm not sure that the firewall can do logging of this type, which might constitute a denial-of-service opportunity in itself with the amount of CPU time it would take up at high traffic rates.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Have You Checked Your Firewall Logs Lately ?.
« Reply #32 on: November 03, 2016, 06:31:57 PM »

The answer seems to be then to just junk IPv4, and problem solved.
Logged

vic0239

  • Reg Member
  • ***
  • Posts: 519
Re: Have You Checked Your Firewall Logs Lately ?.
« Reply #33 on: November 03, 2016, 10:07:33 PM »

Thanks. Would that be the "Traffic Dump" button on the line info and diag section?
Logged
Lothian Broadband 900/900 + AAISP VDSL, Vigor2865Vac, MikroTik rb260gsp, ZyXel NWA50AX WiFi AP.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Have You Checked Your Firewall Logs Lately ?.
« Reply #34 on: November 03, 2016, 10:24:31 PM »

"Traffic Dump" button, indeed. Takes you to another page where there is a decode option, which is what I used, and an option to download the results in a file.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Have You Checked Your Firewall Logs Lately ?.
« Reply #35 on: November 04, 2016, 12:46:23 AM »

I also checked my 3G iPad, which just has a single global public IPv4 address. I only saw three incoming TCP dest_port = 23 events in a 30 s capture period. So although it might seem pretty quiet, you would expect this given that the destination IP address range window is 64 times narrower that with the earlier DSL-to-whole-LAN tests, and in fact you could say that it's much much worse per dest-IP.

Unfortunately the iPad is replying to these incoming packets. This has to be a bad thing, although at least it might be stopping further inbound retransmissions.
Logged

vic0239

  • Reg Member
  • ***
  • Posts: 519
Re: Have You Checked Your Firewall Logs Lately ?.
« Reply #36 on: November 04, 2016, 09:03:49 AM »

"Traffic Dump" button, indeed.
Thanks for your help.  :)
Logged
Lothian Broadband 900/900 + AAISP VDSL, Vigor2865Vac, MikroTik rb260gsp, ZyXel NWA50AX WiFi AP.
Pages: 1 2 [3]