| Author |
Message |
| < Networking and Network Security ~ Is this normal or is someone trying to gain access? |
|
 Posted:
Wed Dec 07, 2005 12:46 am
|
|
|
|
|
Hey guys. I have an b wireless router and I just recently decided to check out the log. Basically what it looks like is this
2006/01/09 19:44:23 Connection attempt to base station from WAN blocked -- src:<209.108.192.162:2890> dst:< MY IP ADDRESS>
It has that about every 30 seconds... It's like almost non stop.
Does this show that someone is trying to gain access to my network? I went on a whois service and it said it was somewhere in china (wtf?)
Well I was just a little bit worried. but yeah it looks like
2006/01/09 19:44:23 Connection attempt to base station from WAN blocked -- src:<209.108.192.162:2890> dst:< MY IP ADDRESS>
2006/01/09 19:44:23 Connection attempt to base station from WAN blocked -- src:<209.108.192.162:2890> dst:< MY IP ADDRESS>
2006/01/09 19:44:23 Connection attempt to base station from WAN blocked -- src:<209.108.192.162:2890> dst:< MY IP ADDRESS>
2006/01/09 19:44:23 Connection attempt to base station from WAN blocked -- src:<209.108.192.162:2890> dst:< MY IP ADDRESS>
2006/01/09 19:44:23 Connection attempt to base station from WAN blocked -- src:<209.108.192.162:2890> dst:< MY IP ADDRESS>
2006/01/09 19:44:23 Connection attempt to base station from WAN blocked -- src:<209.108.192.162:2890> dst:< MY IP ADDRESS>
2006/01/09 19:44:23 Connection attempt to base station from WAN blocked -- src:<209.108.192.162:2890> dst:< MY IP ADDRESS>
Except the only difference is, instead of the same IP address there are numerous src ip addresses with the dst always being my ip
|
|
|
|
|
 |
|
| Posted:
Thu Dec 08, 2005 12:46 am
|
|
|
|
|
can i get some help guys??! im a little worried
|
|
|
|
|
|
|
| Posted:
Thu Dec 08, 2005 12:46 am
|
|
|
|
|
I think anyone that looks at their router logs for the first time is surprised.
I don't know what exactly that port is for, it is officially for something called CSPCLMULTI, whatever that is.
Scans go on constantly every day all day. The scans aren't from "someone", they are from programs that are running automatically, probably worms.
Some guy that hasn't updated Windows since it was installed in 2002. Sometime in early 2003 he clicked on an e-mail attachment hoping for a nudie picture; a worm was launched, and it has been pinging random IP's searching for vulnerable machines ever since. Well, doing that as well as sending out thousands of spam e-mails for everything from pen1s enhancers to Nigerian get rich schemes. You just noticed it in your logs.
So there are hundreds of thousands of these guys out there. If the worms are well written, they won't slow down the machine, and the guy will never know anything is happenening. The pings will continue until the machine is junked. I still get MS blaster pings, when was that fixed?
You will be fine as long as you do not put your machine in DMZ and know what ports you are forwarding to the router and why.
|
|
|
|
|
|
|
| Posted:
Thu Dec 08, 2005 12:46 am
|
|
|
|
|
Its most likely infected machines blindly groping for an open port, nothing to worry about as there being blocked.
|
|
|
|
|
|
|
| Posted:
Thu Dec 08, 2005 12:46 am
|
|
|
|
|
Maybe this is what should be tested ?
http://www.grc.com/
Go to ShieldsUP!
Click the 'Proceed' button
Click the 'All Service Ports' button
After about a minute or so, it will tell you ...
you want all STEALTH (and it should say 'PASSED')
|
|
|
|
|
|
|
| Posted:
Fri Dec 09, 2005 12:46 am
|
|
|
|
|
If the router is stating blocked then connection attempts are blocked.
|
|
|
|
|
|
|
