cancel
Showing results for 
Search instead for 
Did you mean: 

activity on security log - why only when I am online?

N/A

activity on security log - why only when I am online?

Dear all,

I have just set up my broadband. I use a belkin router + wireless unit and two different computers,

There is a firewall on the router, which logs some attacks/probes on the system (see below). I think these are external (although some traffic seems to come from my own static IP, but I think this is a spoofed IP), but what I don't understand is why the attacks only occur when either of my computers is logged on.

THis is surprising to me, because one system is linux and one is winxp (with virus scanner + adaware + built in firewall). So it seems unlikely that this is due to internal problems as it would be weird for one virus/attack to succeed on both systems.

This is a part of the log. I put ** in my own external IP. As you can see, three different ports are used and some traffic is directed at intranet IPs (192.168.2.65 is my intranet IP).

Jan.20.2005 09:41:56 security:Session -- Prot: 1, 212.159.1.155:3 > 192.168.2.65:65535
211378.809 ~ 211381.914 size 112/0 time-out
Jan.20.2005 09:42:06 security:Session -- Prot: 6, 192.168.2.65:1072 > 212.159.6.9:80
211380.818 ~ 211391.912 size 60/0 time-out
Jan.20.2005 09:42:06 security:Session -- Prot: 6, 192.168.2.65:1071 > 212.159.6.9:80
211378.782 ~ 211391.912 size 60/0 time-out
Jan.20.2005 09:46:46 security:Session -- Prot: 17, 84.92.119.***:50001 > 212.159.13.50:53
211394.189 ~ 211671.917 size 320/770 time-out
Jan.20.2005 09:46:46 security:Session -- Prot: 17, 84.92.119.***:50001 > 212.159.13.49:53
211394.016 ~ 211671.917 size 688/1566 time-out

Is this normal?
Thanks,
Dirk
4 REPLIES
N/A

activity on security log - why only when I am online?

On the face of it, most of these entries are Plus Net DNS servers, although I'm not sure why they are being listed on your firewall log.

This would explain why your only getting these entries when your logged on. You might want to check how your firewall is configured, as you shouldn't get logs from DNS servers.
N/A

activity on security log - why only when I am online?

isnt this due to the UDP packets being sent to and from the DNS servers and its happening cos the port has already closed *slow response* so it is being flaged as a port attack when it is probably only a slow RST packet coming back
N/A

activity on security log - why only when I am online?

It could well be, as it does say "timed out"

Either way it's nothing really to be concerned about.
N/A

thanks for the help

thanks for the help, I cannot change much on the firewall or the logging part of it, the belkin router is good but not very configurable. So I guess I'll just learn to live with this. Good to know that it is probably harmless.

Dirk