cancel
Showing results for 
Search instead for 
Did you mean: 

Smurf showing in router logs??????

N/A

Smurf showing in router logs??????

I'm not the most technically savvy person when it comes to all things internet. I went away for the weekend, returned this evening, switched on PC and router and received the following:

Quote

07/23/2006 22:20:33 SMTP> Succeed in sending alert mail.
07/23/2006 22:20:32 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:20:26 SMTP> Succeed in sending alert mail.
07/23/2006 22:20:25 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:20:18 SMTP> Succeed in sending alert mail.
07/23/2006 22:20:18 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:20:17 SMTP> Succeed in sending alert mail.
07/23/2006 22:20:16 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:20:02 SMTP> Succeed in sending alert mail.
07/23/2006 22:20:01 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:20:01 SMTP> Succeed in sending alert mail.
07/23/2006 22:20:00 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:52 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:51 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:51 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:50 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:42 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:42 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:41 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:40 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:32 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:32 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:31 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:30 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:27 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:26 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:22 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:22 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:21 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:20 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:12 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:11 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:10 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:09 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:19:09 SMTP> Succeed in sending alert mail.
07/23/2006 22:19:08 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:57 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:56 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:55 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:54 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:51 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:50 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:49 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:48 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:48 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:46 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:45 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:44 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:31 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:31 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:30 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:29 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:29 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:28 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:27 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:26 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:26 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:25 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:25 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:23 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:23 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:22 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:21 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:21 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:20 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:19 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:18 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:18 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:17 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:16 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:16 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:15 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:14 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:13 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:13 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:12 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:12 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:11 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:10 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:10 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:09 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:08 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:08 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:07 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:05 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:04 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:18:03 SMTP> Succeed in sending alert mail.
07/23/2006 22:18:03 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:17:28 SMTP> Succeed in sending alert mail.
07/23/2006 22:17:27 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:17:24 SMTP> Succeed in sending alert mail.
07/23/2006 22:17:23 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)
07/23/2006 22:17:22 SMTP> Succeed in sending alert mail.
07/23/2006 22:17:21 **Smurf** 169.254.255.255->> 169.254.54.110, Type:3, Code:3 (from ATM1 Outbound)


And again while typing this out:

Quote

07/23/2006 23:00:00 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:58 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:56 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:52 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:51 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:48 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:47 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:43 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:42 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:39 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:38 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:34 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:33 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:30 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:29 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:26 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:24 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:21 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:20 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:16 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:16 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:12 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:11 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:07 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:07 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:59:04 SMTP> Succeed in sending alert mail.
07/23/2006 22:59:02 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:58:58 SMTP> Succeed in sending alert mail.
07/23/2006 22:58:58 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:58:54 SMTP> Succeed in sending alert mail.
07/23/2006 22:58:53 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:58:50 SMTP> Succeed in sending alert mail.
07/23/2006 22:58:49 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)
07/23/2006 22:58:45 SMTP> Succeed in sending alert mail.
07/23/2006 22:58:44 **Smurf** 192.168.2.3->> 169.254.255.255, Type:8, Code:0 (from LAN Inbound)


I have tried using some of the web based DNS lookup programmes, but have all come back as having no PTR records found. What is that? I have also tried to run a traceroute, but it keeps timing out. I have tried to decipher these messages from my Belkin router to no avail.

Can anybody please tell me:

a) What is SMURF?
b) What is Type 3
c) What is Code 3?
d) Is ATM1 outbound from me or from them?
e) Where has it originated from?
f)What is Type 8?
g) What is Code 0?

I have Zone alarm working, up to date AVG and I use Spybot at least once per week, last time on Thursday evening, i'm on BB+ so no p2p.

A lot to ask for I know, but any help would be gratefully received.

Mark
3 REPLIES
astarsolutions
Grafter
Posts: 393
Registered: 26-07-2007

Smurf showing in router logs??????

It looks like a DDOS attack or something similar; I wouldn't worry about it.

Smurf:
http://www.google.co.uk/search?q=define:smurf+attack

DDOS:
http://www.google.co.uk/search?q=define%3ADDOS
N/A

Smurf showing in router logs??????

These smurf attacks are becoming worryingly frequent now. I came home from a weekend away and switched on my router which reported DNS failure for 5 minutes. when I finally got connected, I received 88 emails from my router all about yet more smurf attacks. What is even more worrying is that I have a dynamic ip, so I am definitely not being singled out and targetted.

I am averaging about 3 a week now and it's not funnt any more. Is there anything that can be done about it, bearing in mind the originating ip's seem to be forged?

Mark

(Incidentally, the originating (forged) ip is the same every time on checking the logs. Someone somewhere has got it in for the F9 range of ip's!!!
N/A

Smurf showing in router logs??????

Smurf is more of a server threat by the looks of it but the DDOS could be a threat.

If you have Zonealarm fully updated and windows updates installed I wouldnt worry about it.