- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey all,
So I noticed some interesting admin actions on my Firewall Security Log.
I haven't seen any of the WBM user unknown activity, but I'm seeing firewall settings being changed by the admin user without a login or logout, but associated with a specific internal IP. No login. What the heck?
I have a couple of these entries. The admin name in each is all lower-case, while my preferred login (what I use to log in) is mixed-case. So "admin" instead of "Admin" (as an example).
Any time I log in manually, I get the typical expected report in the Firewall Log. I can't figure out how my machine would register logins to the router.
Or is this just an app on my machine @ 192.168.1.3 requesting UPnP dynamic firewall changes? (see in table below)
As a second note: what traffic would be going over ixp1? I have entries that show as inbound traffic, but the log indicates traffic originating from inside my network.
Jan 25 xx:xx:xx 2012 | Firewall Setup | Configuration change | WBM user ***** (192.168.1.3) has changed security settings |
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DCNerd wrote:
I have a couple of these entries. The admin name in each is all lower-case, while my preferred login (what I use to log in) is mixed-case. So "admin" instead of "Admin" (as an example).
User name is not case sensitive.
DCNerd wrote:
Or is this just an app on my machine @ 192.168.1.3 requesting UPnP dynamic firewall changes? (see in table below)
Yes.