cancel
Showing results for 
Search instead for 
Did you mean: 

Router Security Log Am I Under Attack

N/A

Router Security Log Am I Under Attack

Since migrating to Plusnet my router is blocking an awfull lot twenty times more than when I was on Freedom2Surf. Here is a sample from my router's security log. Should I be worried? I have replaced my IP address with *********

05/15/2005 07:28:20 192.168.2.2 login success
05/15/2005 07:28:18 User from 192.168.2.2 timed out
05/15/2005 05:38:32 NTP Date/Time updated.
05/15/2005 05:38:56 Begin to query NTP
05/15/2005 04:46:18 **ICMP Redirect** 207.96.157.105->> ************, Type:5, Code:1 (from ATM1 Inbound)
05/15/2005 04:38:43 **ICMP Redirect** 207.96.157.105->> ************, Type:5, Code:1 (from ATM1 Inbound)
05/15/2005 04:32:34 **ICMP Redirect** 207.96.157.105->> ************, Type:5, Code:1 (from ATM1 Inbound)
05/15/2005 04:22:19 **ICMP Redirect** 221.127.27.89->> **************, Type:5, Code:1 (from ATM1 Inbound)
05/15/2005 04:20:56 **ICMP Redirect** 212.159.16.56->> **************, Type:5, Code:1 (from ATM1 Inbound)
05/15/2005 02:09:29 **Smurf** 210.213.222.255, 10009->> 192.168.2.2, 41952 (from ATM1 Inbound)
05/15/2005 01:21:18 **Smurf** 217.125.255.0, 6881->> 192.168.2.2, 41952 (from ATM1 Inbound)
05/14/2005 23:50:51 **Smurf** 210.213.222.255, 10009->> 192.168.2.2, 41952 (from ATM1 Inbound)
05/14/2005 23:46:11 **Smurf** 210.213.222.255, 10009->> 192.168.2.2, 41952 (from ATM1 Inbound)
05/14/2005 23:44:22 **Smurf** 210.213.222.255, 10009->> 192.168.2.2, 41952 (from ATM1 Inbound)
05/14/2005 23:40:15 **Smurf** 210.213.222.255, 10009->> 192.168.2.2, 41952 (from ATM1 Inbound)
05/14/2005 23:39:26 NTP Date/Time updated.
05/14/2005 23:39:49 Begin to query NTP
05/14/2005 23:39:34 **Smurf** 210.213.222.255, 10009->> 192.168.2.2, 41952 (from ATM1 Inbound)
05/14/2005 20:52:10 **ICMP Redirect** 84.157.89.223->> ***************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 20:48:09 **ICMP Redirect** 84.157.89.223->> ***************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 20:44:08 **ICMP Redirect** 84.157.89.223->> ***************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 20:26:34 **ICMP Redirect** 84.157.89.223->> ***************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 19:26:44 **ICMP Redirect** 84.159.9.214->> ****************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 18:21:40 **ICMP Redirect** 212.61.62.207->> **************, Type:5, Code:0 (from ATM1 Inbound)
05/14/2005 18:17:12 **ICMP Redirect** 212.61.62.207->> *************, Type:5, Code:0 (from ATM1 Inbound)
05/14/2005 18:10:41 **ICMP Redirect** 212.61.62.207->> *************, Type:5, Code:0 (from ATM1 Inbound)
05/14/2005 18:01:06 **ICMP Redirect** 212.61.62.207->> *************, Type:5, Code:0 (from ATM1 Inbound)
05/14/2005 17:40:19 NTP Date/Time updated.
05/14/2005 17:40:43 Begin to query NTP
05/14/2005 13:59:08 ATM1 get IP:**************
05/14/2005 13:59:07 MTU is 1454.
05/14/2005 13:59:07 ATM1 start PPP
05/14/2005 13:58:40 ATM1 stop PPP
05/14/2005 12:11:59 **Smurf** 200.42.238.0, 6881->> 192.168.2.2, 41952 (from ATM1 Inbound)
05/14/2005 11:41:13 NTP Date/Time updated.
05/14/2005 11:41:37 Begin to query NTP
05/14/2005 08:28:21 **ICMP Redirect** 142.173.89.121->> *************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 08:24:18 **ICMP Redirect** 142.173.89.121->> *************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 08:23:07 **ICMP Redirect** 142.173.89.121->> *************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 07:59:45 **ICMP Redirect** 142.173.89.121->> *************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 07:19:52 192.168.2.2 login success
05/14/2005 07:19:50 User from 192.168.2.2 timed out
05/14/2005 05:42:07 NTP Date/Time updated.
05/14/2005 05:42:31 Begin to query NTP
05/14/2005 04:41:03 **ICMP Redirect** 84.228.80.141->> **************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 00:29:31 **LAND** 84.92.154.181, 41952->> ***************, 4158 (from ATM1 Inbound)
05/14/2005 00:13:58 **ICMP Redirect** 82.68.15.230->> ***************, Type:5, Code:1 (from ATM1 Inbound)
05/14/2005 00:01:53 **ICMP Redirect** 82.68.15.230->> ***************, Type:5, Code:1 (from ATM1 Inbound)
05/13/2005 23:55:36 **ICMP Redirect** 82.68.15.230->> **************, Type:5, Code:1 (from ATM1 Inbound)
05/13/2005 23:52:48 **ICMP Redirect** 82.68.15.230->> **************, Type:5, Code:1 (from ATM1 Inbound)
05/13/2005 23:43:01 NTP Date/Time updated.
05/13/2005 23:43:25 Begin to query NTP
05/13/2005 23:27:39 **ICMP Redirect** 24.207.72.122->> **************, Type:5, Code:1 (from ATM1 Inbound)
8 REPLIES
N/A

Router Security Log Am I Under Attack

nope, looks like normal net traffic
N/A

Router Security Log Am I Under Attack

looks like its communicating with a time server for keeping the time on your router updated....
check your router and see if this is allowed or not.....
N/A

Router Security Log Am I Under Attack

Yes I have it set up for updating time and date. It was all the other stuff I was worried about the ICMP redirect and smurf whatever that is?
N/A

Time updates Ivan

Hello,

I agree I think that your router is successfully contacting & updating its time & date information from an internet based time server. In my own experience I have noticed that NTP and time updates definately DO seem to generate ALOT of network traffic & packets & I have a feeling that the ICMP packets shown as inbound from ATM are part of that process (although I dont know enough about the specifics of how NTP time updating works) The smurf stuff I have no idea about but you could try running a google search on the key word smurf?? to be sure to be sure :lol:

Ivan

--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
N/A

Router Security Log Am I Under Attack

Smurf is a type of attack, as is Land. ICMP means a ping .

However to be honest there is nothing in your log to be worried about. The fact your router is pick them up and blocking them is also good news Smiley

You will get hits on your router, and they will vary in number and intensity from time to time, however it's better to think of them as background internet noise as often there is little you can do about them.
N/A

Router Security Log Am I Under Attack

Thanks for the info guys. Would you say that I require a software firewall as well as the NAT firewall or not? According to a couple of the sites that do security scans from I am invisible, un-pingable and I pass all the tests they go through.
N/A

Router Security Log Am I Under Attack

It's always adviceable to have a software firewall as well, since your router won't block outbound applications.

Something like Zone alarm, Jetico or Kerio or the free version of Sygate.
N/A

Router Security Log Am I Under Attack

OK, thanks again. I will download Zone Alarm.