Firewall reports losts of blocked connections from one source
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Firewall reports losts of blocked connections ...
Firewall reports losts of blocked connections from one source
27-11-2013 9:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 69.43.161.161 Dst ip: 212.*.*.* Type: Destination Unreachable Code: Port Unreacheable
I now have thios one too:
IDS proto parser : tcp null port (1 of 1) : 123.151.42.61 212.*.*.* 0040 TCP 12200->0 [S.....] seq 1564181392 win 8192
Can anyone shed some light for my peace of mind.
Thanks
podman
{Edit Title modified}
Re: Firewall reports losts of blocked connections from one source
27-11-2013 11:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The first one is :-
IP:
69.43.161.161
server location:
San Diego in United States
ISP:
Castle Access
So not sure if that helps but
Re: Firewall reports losts of blocked connections from one source
27-11-2013 11:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
But if you really want to be confused about what they mean try this topic.
Re: Firewall reports losts of blocked connections from one source
28-11-2013 6:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote Trellian Pty Ltd NET-69-43-161-0-1 (NET-69-43-161-0-1) 69.43.161.0 - 69.43.161.255
Castle Access Inc ARIN-CASTLE-ALLOC (NET-69-43-128-0-1) 69.43.128.0 - 69.43.207.255
Re: Firewall reports losts of blocked connections from one source
28-11-2013 7:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have removed the pn router as late last night I found a post in the forums talking about a number of ports which were left open. I wasn't wanting to take the risk.
podman
Re: Firewall reports losts of blocked connections from one source
29-11-2013 11:05 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Not sure what those are? As far as we're aware the only port open on the WAN side of the router is 51005, though I'll not go into details of what's on there and how it responds to queries (though I've no doubt the information is available on google). If you could link to the post we'd be grateful.
Re: Firewall reports losts of blocked connections from one source
29-11-2013 11:22 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
http://www.plus.net/support/security/firewalls/broadbandfirewall.shtml
Beware that if you change product Plusnet in its wisdom disables the Broadband Firewall without telling you that it has done so and you have to reset it.
http://community.plus.net/forum/index.php/topic,74679.16.html
Re: Firewall reports losts of blocked connections from one source
29-11-2013 10:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It was thread on the PN forums. I can't find it just now but it contained the eror texts in it's main text.
podman
Re: Firewall reports losts of blocked connections from one source
30-11-2013 10:19 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
IDS proto parser : tcp null port (1 of 1) : 123.151.42.61 xx.115.191.xx 0040 TCP 12200->0 [S.....] seq 884179504 win 8192
I'll keep an eye on it.
Re: Firewall reports losts of blocked connections from one source
01-12-2013 12:28 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
IDS proto parser : tcp null port (1 of 1) : 123.151.42.61 xx.112.4.xx 0040 TCP 12209->0 [S.....] seq 555868298 win 8192
IDS proto parser : tcp null port (1 of 1) : 123.151.42.61 xx.112.4.xx 0040 TCP 12200->0 [S.....] seq 1254269395 win 8192
IP address: 123.151.42.61
ISP: CHINANET TIANJIN PROVINCE NETWORK
Organization: China Telecom TIANJIN
City: Tianjin
Region: Tianjin
Country: China (CN)
latitude: 39.1422
longitude: 117.1767
Checking IP against the top SPAM source databases and Email Policy block lists...
Note this may include some end-user IP address ranges which should not be delivering unauthenticated SMTP email.
123.151.42.61 is blacklisted! --> [dnsbl-1.uceprotect.net] - IP 123.151.42.61 is UCEPROTECT-Level 1 listed. See info
123.151.42.61 is not in any known email block lists, including ISP Policy blocks.
Re: Firewall reports losts of blocked connections from one source
01-12-2013 1:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Here's a selection of IPs from yesterday's log (I picked out packets going to ports 22,23,1433 and 53)
IN=ppp0 OUT= MAC= SRC=98.89.227.142 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=39 ID=21188 DF PROTO=TCP SPT=48340 DPT=23 WINDOW=4380 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=192.210.53.38 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=117 ID=256 PROTO=TCP SPT=55307 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=192.184.63.94 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=110 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=125.130.109.148 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=49 ID=52741 DF PROTO=TCP SPT=3901 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=121.139.63.155 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=50 ID=62106 DF PROTO=TCP SPT=2834 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=222.99.209.220 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=49 ID=35914 DF PROTO=TCP SPT=4104 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=77.222.172.241 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=41 ID=13578 DF PROTO=TCP SPT=4196 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=60.185.149.68 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=43 ID=11452 DF PROTO=TCP SPT=58227 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=113.106.200.182 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=35 ID=47673 DF PROTO=TCP SPT=55074 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=181.51.250.97 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=45 ID=18864 DF PROTO=TCP SPT=55282 DPT=23 WINDOW=4380 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=50.151.217.100 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=49 ID=63079 DF PROTO=TCP SPT=2560 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=218.28.116.227 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=96 ID=256 PROTO=TCP SPT=6000 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=222.189.239.14 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=97 ID=256 PROTO=TCP SPT=6000 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=37.4.219.206 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=46 ID=54534 DF PROTO=TCP SPT=50434 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=37.4.219.206 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=46 ID=54535 DF PROTO=TCP SPT=50434 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.55.191.148 DST=37.152.my.ip LEN=48 TOS=0x00 PREC=0x80 TTL=102 ID=46497 PROTO=TCP SPT=45491 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.90.153.109 DST=37.152.my.ip LEN=48 TOS=0x00 PREC=0x80 TTL=114 ID=21923 PROTO=TCP SPT=56155 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=5.166.171.92 DST=37.152.my.ip LEN=48 TOS=0x00 PREC=0x80 TTL=118 ID=27878 DF PROTO=TCP SPT=2622 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=176.36.133.73 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=55 ID=62771 DF PROTO=TCP SPT=37855 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=128.39.145.49 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=49 ID=31344 DF PROTO=TCP SPT=45863 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=128.39.145.49 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=49 ID=31345 DF PROTO=TCP SPT=45863 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=81.215.2.198 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=49 ID=38401 DF PROTO=TCP SPT=37515 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=103.28.149.215 DST=37.152.my.ip LEN=48 TOS=0x00 PREC=0x80 TTL=116 ID=4291 PROTO=TCP SPT=30309 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.100.206.37 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=96 ID=256 PROTO=TCP SPT=6000 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=64.120.249.11 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=111 ID=256 PROTO=TCP SPT=41350 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=119.147.216.77 DST=37.152.my.ip LEN=48 TOS=0x00 PREC=0x80 TTL=103 ID=42429 PROTO=TCP SPT=6819 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=85.233.64.4 DST=37.152.my.ip LEN=48 TOS=0x00 PREC=0x80 TTL=118 ID=27468 PROTO=TCP SPT=19237 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=218.7.19.254 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=93 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.93.48.94 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=89 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=58.64.182.105 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=222.64.206.218 DST=37.152.my.ip LEN=86 TOS=0x00 PREC=0x80 TTL=43 ID=3281 PROTO=ICMP TYPE=3 CODE=3 [SRC=37.152.my.ip DST=222.64.206.218 LEN=58 TOS=0x00 PREC=0x00 TTL=241 ID=17 PROTO=UDP SPT=12646 DPT=22062 LEN=38 ]
IN=ppp0 OUT= MAC= SRC=218.65.52.100 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=97 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=121.15.232.229 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=98 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.147.103.168 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=97 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.123.147.83 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=89 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=23.23.144.239 DST=37.152.my.ip LEN=60 TOS=0x00 PREC=0x80 TTL=37 ID=6416 DF PROTO=TCP SPT=35908 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.55.191.148 DST=37.152.my.ip LEN=48 TOS=0x00 PREC=0x80 TTL=102 ID=38020 PROTO=TCP SPT=23608 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=201.252.238.67 DST=37.152.my.ip LEN=56 TOS=0x00 PREC=0x80 TTL=43 ID=44533 DF PROTO=TCP SPT=60894 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=60.211.213.66 DST=37.152.my.ip LEN=48 TOS=0x00 PREC=0x80 TTL=103 ID=64485 PROTO=TCP SPT=28751 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=198.13.103.134 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=118 ID=256 PROTO=TCP SPT=20177 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=103.24.155.190 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=23.228.193.84 DST=37.152.my.ip LEN=40 TOS=0x00 PREC=0x80 TTL=110 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
I wouldn't worry about it too much.
Re: Firewall reports losts of blocked connections from one source
01-12-2013 2:06 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Firewall reports losts of blocked connections ...