cancel
Showing results for 
Search instead for 
Did you mean: 

Router Firewall Warnings

Superuser
Superuser
Posts: 9,042
Thanks: 492
Fixes: 43
Registered: 06-04-2007

Router Firewall Warnings

Just wondering how probes such as the following make it through to my router?

Feb 5 16:16:13
FIREWALL replay check (1 of 1): Protocol: ICMP
Src ip: 178.160.246.215 Dst ip: 100.127.254.xxx
Type: Destination Unreachable Code: Port Unreacheable

The source IP is Armenian. The message is no different from the normal random probes one gets on a non-CG NAT IP - not concerned about that aspect - but as an unsolicited connection how does the CG NAT edge router decide it must be for me rather than blocking it as my router did?
David
7 REPLIES
Moderator
Moderator
Posts: 17,357
Thanks: 982
Fixes: 114
Registered: 11-01-2008

Re: Router Firewall Warnings

that's interesting, because as you say in theory there is way the CGnat router you're behind to know the packet was destined for you, which is why bittorrent doesn't work correctly.
Will Moderate For Thanks
Community Veteran
Posts: 4,939
Thanks: 357
Fixes: 16
Registered: 10-06-2010

Re: Router Firewall Warnings

Well the packet is a response (error message) to an outgoing connection attempt. The response contains details of the attempt that failed. The ICMP Destination Unreachable message wouldn't have been blocked if your router had a record of the corresponding outgoing connection attempt.
MJN
Aspiring Pro
Posts: 1,091
Thanks: 39
Fixes: 2
Registered: 26-08-2010

Re: Router Firewall Warnings

The OP says it was an unsolicited connection i.e. not the result of an outbound request. How this was determined I don't know, but perhaps there were no devices connected to the router at the time.
Superuser
Superuser
Posts: 9,042
Thanks: 492
Fixes: 43
Registered: 06-04-2007

Re: Router Firewall Warnings

At the time my computer was connected to the router but I certainly made no requests to that site. Such warnings (and others) are a common occurrence reported by other concerned users on these forums.
The warnings do occur when nothing is connected to the router, for example the following from a Russian IP

Jan 30 07:39:56
FIREWALL icmp check (1 of 1):
Protocol: ICMP  Src ip: 77.220.180.62 Dst ip: 212.159.xxx.xxx
Type: Destination Unreachable Code: Port Unreacheable

(Not connected via CG NAT at that time)
David
MJN
Aspiring Pro
Posts: 1,091
Thanks: 39
Fixes: 2
Registered: 26-08-2010

Re: Router Firewall Warnings

Of course, yes, some might be random unsolicited packets coming in. However, some might be genuine responses to packets sent out that you were not aware of e.g. apps/services on your machine(s), malware even.
Community Veteran
Posts: 4,939
Thanks: 357
Fixes: 16
Registered: 10-06-2010

Re: Router Firewall Warnings

The type of packet (icmp destination unreachable) contained the details of another packet. Any NAT would have to look at those details to determine what to do with the packet.
@MJN Genuine responses to packets sent out shouldn't appear in the firewall log.
MJN
Aspiring Pro
Posts: 1,091
Thanks: 39
Fixes: 2
Registered: 26-08-2010

Re: Router Firewall Warnings

Ah okay. I'm not familiar with this firewall and didn't know what it logged.