cancel
Showing results for 
Search instead for 
Did you mean: 

Strange entries in the modem log. What are they?

Jessica
Grafter
Posts: 254
Registered: ‎11-02-2008

Strange entries in the modem log. What are they?

I've just noticed some strange entries in the modem log.  In fact the log is made up of hundreds of these entries.  They all say 'Warning', but what are they?
Recorded Events

Time Message

Warning 04 days 04:34:28 (since last boot) IDS proto parser : tcp data on syn segment (1 of 2) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 818560268 ack 1344443756 win 16384

Warning 04 days 04:33:12 (since last boot) IDS proto parser : tcp data on syn segment (1 of 2) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 57031948 ack 698665965 win 16384

Warning 04 days 04:31:56 (since last boot) IDS proto parser : tcp data on syn segment (1 of 2) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 126827788 ack 994259558 win 16384

Warning 04 days 04:30:40 (since last boot) IDS proto parser : tcp data on syn segment (1 of 2) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 419183884 ack 1490718924 win 16384

Warning 04 days 04:29:23 (since last boot) IDS proto parser : tcp data on syn segment (1 of 2) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 419183884 ack 672647217 win 16384

Warning 04 days 04:28:07 (since last boot) IDS proto parser : tcp data on syn segment (1 of 3) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 419183884 ack 1265319954 win 16384

Warning 04 days 04:26:51 (since last boot) IDS proto parser : tcp data on syn segment (1 of 3) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 419183884 ack 1929155887 win 16384

Warning 04 days 04:25:35 (since last boot) IDS proto parser : tcp data on syn segment (1 of 4) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 504904972 ack 1297647528 win 16384

Warning 04 days 04:24:19 (since last boot) IDS proto parser : tcp data on syn segment (1 of 5) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 504904972 ack 489329565 win 16384

Warning 04 days 04:22:49 (since last boot) IDS proto parser : tcp data on syn segment (1 of 4) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 4280106252 ack 479507094 win 16384

Warning 04 days 04:21:32 (since last boot) IDS proto parser : tcp data on syn segment (1 of 3) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 4280106252 ack 1419104290 win 16384

Warning 04 days 04:20:30 (since last boot) IDS proto parser : tcp data on syn segment (1 of 5) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 2183085324 ack 2197893908 win 16384

Warning 04 days 04:19:14 (since last boot) IDS proto parser : tcp data on syn segment (1 of 5) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 3083812108 ack 139185973 win 16384

Warning 04 days 04:17:58 (since last boot) IDS proto parser : tcp data on syn segment (1 of 4) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 2563259660 ack 1661516488 win 16384

Warning 04 days 04:16:41 (since last boot) IDS proto parser : tcp data on syn segment (1 of 4) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 2563259660 ack 1438825264 win 16384

Warning 04 days 04:15:25 (since last boot) IDS proto parser : tcp data on syn segment (1 of 2) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 2563259660 ack 335943761 win 16384

Warning 04 days 04:13:58 (since last boot) IDS proto parser : tcp data on syn segment (1 of 4) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 2563259660 ack 1922859053 win 16384

Warning 04 days 04:12:29 (since last boot) IDS proto parser : tcp data on syn segment (1 of 2) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 2563259660 ack 1157826053 win 16384

Warning 04 days 04:11:21 (since last boot) IDS proto parser : tcp data on syn segment (1 of 2) : 209.200.154.238 87.114.17.13 0148 TCP 80->19951 [S.A...] seq 2563259660 ack 795712949 win 16384
and so on for pages and pages...

16 REPLIES 16
matt_2k34
Grafter
Posts: 1,300
Registered: ‎09-07-2007

Re: Strange entries in the modem log. What are they?

do you have anything open when this happens, or does it occur all the time ?Huh
(e.g. a P2P application, torrent app)
I would suggest that the router is picking it up as a warning as having many in quick succession can cause degraded or lack of service see: Syn Flood
Jessica
Grafter
Posts: 254
Registered: ‎11-02-2008

Re: Strange entries in the modem log. What are they?

It’s continuous.
Nothing is running except for the usual background tasks.  I’ve been through all the running processes, but there’s nothing unusual there.
Any other ideas?

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Strange entries in the modem log. What are they?

With more than a twist of irony, the IP in those alerts seems to belong to prolexic.com (check the website!)

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

matt_2k34
Grafter
Posts: 1,300
Registered: ‎09-07-2007

Re: Strange entries in the modem log. What are they?

haha Bob, thats quality.
tbh, i wouldnt worrry about them too much unless you start noticing a reduction in the quality of your BB.
Jessica
Grafter
Posts: 254
Registered: ‎11-02-2008

Re: Strange entries in the modem log. What are they?

Am I being attacked by this company?


pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Strange entries in the modem log. What are they?

what Bob said
Quote
Prolexic Technologies was founded in 2003 by Barrett Lyon as a network service which specializes in protecting other web sites from denial-of-service attacks. It gained notability in 2004 for the arrest of Ivan Maksakov[

so they stop attacks?
matt_2k34
Grafter
Posts: 1,300
Registered: ‎09-07-2007

Re: Strange entries in the modem log. What are they?

Quote from: Jessica
Am I being attacked by this company?

While thats what it looks like, not necessarily. I'd keep an eye on it for a few days to see if it changes (e.g. they stop)
Yes the company is "supposed" to be stopping them, but that doesnt mean they dont have a compromised machine,
While many of them would make up a syn flood attack, id hardly call 1 per min an 'attack'  Wink
Jessica
Grafter
Posts: 254
Registered: ‎11-02-2008

Re: Strange entries in the modem log. What are they?

I’ve noticed that every time I boot, my modem log is full of these entries.  If I clear the log and re-boot, they’re back.  The strange entries don’t appear at any other time.
Could they be something to do with the latest version of CoMoDo Firewall?  I was using version 3, but earlier in the week I upgraded to v4.0.  I think they started appearing about the same time.  I’m not sure because of all the disconnections I was getting at the time.
Can any one confirm this?

matt_2k34
Grafter
Posts: 1,300
Registered: ‎09-07-2007

Re: Strange entries in the modem log. What are they?

no idea im afraid, i havent, nor know anyone that uses Comodo firewall.
its possible, But are you saying that it only occurs when your computer is on?
might be worth monitoring it while you disable it for 2 mins, after one of the events, (as if it doesnt occur, it could be something that software is doing) a quick google doesnt relate Comodo to syn attacks (other than it blocks them)
I highly doubt it,probably just be coincidental.
Jessica
Grafter
Posts: 254
Registered: ‎11-02-2008

Re: Strange entries in the modem log. What are they?

Thanks for the reply Matt.
I just googled it.  Nothing positive.  A few other have these entries in their logs but no answers at all, just questions.
I cleared my logs about six hours ago.  There have been no entries since, only another disconnection.  The entries only appear after a boot-up.  I have NAV2010 running and I’ve just run malwarebytes.  I’ve checked CoMoDo settings and there’s nothing unusual in my CoMoDo logs.  My PC is clean.
If it wasn’t for bad luck, I would have no luck at all.  I hate computers.
Cheers.
Jessica

matt_2k34
Grafter
Posts: 1,300
Registered: ‎09-07-2007

Re: Strange entries in the modem log. What are they?

No problem =]
Quote
NAV2010

Eugh, When does your subscription run out?  Crazy
Like a lot of people, im not a huge fan of NAV, its *very* resource heavy, you can get as good (*better*) AV products than Norton, which barely slow the machine Tongue

However, i dont think your at any risk, the fact they are being shown in your router means its doing its job, and blocking the connection attempts.
Quote
I hate computers

Hate is such a strong word  Grin Cheesy
Jessica
Grafter
Posts: 254
Registered: ‎11-02-2008

Re: Strange entries in the modem log. What are they?

Thanks Matt,
I like Norton.  I’ve been using NAV and Ghost for years.  I’m kinda use to them now.  Like an old friend.  Would you care to name a “better” one?
I still get the odd “IDS proto parser” in my modem log.  I’m now almost certain it’s to do with CoMoDo Firewall.  I’ll have to post on the CoMoDo help/support forum to see if any one else is experiencing this.  I only posted here because it may have had something to do with all the disconnections I’m still getting.
Thanks for all the help and support.
Jessica
p.s. I loathe computers.

Toolbox
Grafter
Posts: 180
Registered: ‎14-04-2010

Re: Strange entries in the modem log. What are they?

Well this may be the problem with your disconnections.
You need to make sure nothing on your computer is causing it, like others said turn off computer for a few minutes and see if it still logs the same things.
It may be overloading your router until falls over.
EDIT:
Try turning the loging off for a bit and see how connection is then.
Jessica
Grafter
Posts: 254
Registered: ‎11-02-2008

Re: Strange entries in the modem log. What are they?

I've just remembered.  My disconnections started on the 27th March.  I only installed CoMoDo last Friday.  I don't think CoMoDo has anything to do with my disconnections.  I was just worried about the odd entries in the modem log.  I thought I was being attacked.
Thanks