cancel
Showing results for 
Search instead for 
Did you mean: 

firewall security alerts

N/A

firewall security alerts

I hope someone out there can help me with some basic security advice. My firewall (comes with the Netgear DG834 router) has been sending me hundreds of security alerts over the last few days. The only problem is, I don't understand what they mean. And I don't know what I should do about it.
Here's a small sample:

Sun, 2004-03-14 21:58:54 - TCP Packet - Source:80.229.23.238,2426 Destination:80.229.23.224,1025 - [DOS]
Sun, 2004-03-14 21:59:57 - TCP Packet - Source:80.229.23.238,2077 Destination:80.229.23.224,1025 - [DOS]
Sun, 2004-03-14 22:01:00 - TCP Packet - Source:80.229.23.238,2078 Destination:80.229.23.224,445 - [DOS]
Sun, 2004-03-14 22:02:03 - TCP Packet - Source:80.229.23.238,2079 Destination:80.229.23.224,3127 - [DOS]
Sun, 2004-03-14 22:03:06 - TCP Packet - Source:80.229.23.238,2080 Destination:80.229.23.224,6129 - [DOS]

Is this something I can ignore? Can anyone suggest what action I should take?
I'm a home user, so I know little or nothing about Internet security. I'm protected by the router's firewall, as well as Intego Netbarrier and the inbuilt firewall in my OS (Mac OS X).
Thanks for your help. Simon
13 REPLIES
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

firewall security alerts

N/A

security alerts

I'm getting similar traces, mostly from similar IP addresses to mine so I'm guessing the origin is within +net. I have the same router.

At present I'm getting ~30/day. Should I be worried?

At what point should I be reporting these to "Abuse"?

The number is rising steadily though (only 3-4/day when I joined in Jan04).

Increasing virus penetration or something else?

Any experienced advice welcome please.
Cheers, MAtt->
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

firewall security alerts

If you are seeing the same IP address as the first poster then yes these are coming from a PlusNet customer.
I have advised archipeligo to raise a link:Contact us to report this to customer support as I suspect that the sender has a virus infection they are not aware of.
You should do the same.

Can you also please resize your Avatar image so that it falls within the 80 x 80 pixel limit for these forums.
N/A

security alerts

Thanks, although not the same IP, I do get increased (~40 in a day) [DOS] events from 7 different IP's 80.229.*.*, all intruding multiple times.

I have about half that number from outside +net.

I will notify the support channel of these.

a) If these are viruses then will I expect a constant rain of these?
b) since I have a hardware firewall do I sit back and not worry, unless I get 1000's of attacks?

Cheers,
Matt->
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

firewall security alerts

If your firewall is reporting them then it's doing it job and stopping anything nasty reaching your machine so thats the good news. :lol:

The bad news is that it wont tell you if anything did get through because it won't know about it, so it's also important that as well as the firewall you have good anti virus protection running in the background.

If you have both then you can be fairly (but never 100%) confident that your are safe. :?

Thanks by the way for bringing your Avatar within the forum limits Cool
N/A

firewall security alerts

I have a DG834 router and never get any communications from it. Do I have to set up the Firewall in some way or is it set automatically?

Can anyone point me to any info on using this router?
N/A

firewall security alerts

You can download a full (143 page) manual in PDF format from the netgear website.
You configure your router by using a browser. I believe the default address is: http://192.168.0.1/.
Here you can view logs. You can also set the firewall to alert you to intrusion attempts or send you a log at specific intervals. It does this by sending you an email. You obviously need to enter your email address before it can do this.
To warn you though, it's one thing to look at the logs, quite another to know what they mean.
it's a bit of an arcane science - and I can't help you there.
N/A

firewall security alerts

Thanks for the advice.

Hopefully I can make a start on understanding something about the router firewall.
N/A

firewall security alerts

The firewall is set up to reject all but correctly routed traffic by default, so there is nothing to set up unless you want to run a server or remote access.

A couple of hundred TCP pings a day is nothing to worry about in the short term unless they grow to such a high level that they slow your connection.
In general, if your ports are showing "stealthed" and the pings come from a "scanner", they will eventually stop.

On 6th March I had someone from Russia run a DOS attack on me which only lasted for 1 minute but resulted in 58 reports in the log. Somebody chhosing an IP at random, playing, and then moving on. Some people need to get a life.
N/A

firewall security alerts

Quote
I have a DG834 router and never get any communications from it. Do I have to set up the Firewall in some way or is it set automatically?

Can anyone point me to any info on using this router?


As a previous poster has stated there is nothing really to set up since it denies all incoming packets by default. If you need to modify this go to the "firewall rules" page.

Log in to the router, then go to the Logs page. Here you can set the option to manage the logs and e-mail security alerts.

As somebody here has stated a few pings a day are probably nothing to worry about but I do get worried when numbers of them seem to originate from within "the camp" i.e. plus net. I have been told that some inbound activity is normal (apparently something to do with DNS), but I'm still suspicious as having done a reverse look up on the addresses concerned their names look like subscribers'.
N/A

firewall security alerts

So the firewall is automatically installed on the Netgear DG834? You don't have to install it from the accompanying CD? This CD contains a security software suite of Freedom items, some apparently free, some that have to be paid for (in dollars) - firewall, pop-up manager, etc. Is this a totally different, and probably unneccessary set of software?

kayemm
N/A

firewall security alerts

The Firewall is built in to the DG834, both NAT and SPI. These will stop incoming attacks/hacks but will not stop outgoing comms. You do not need to do anything to have this incoming protection.

However, if you get infected with a virus that sends data from your PC, this will pass through the DG834 firewall as it is an outgoing communication.
A virus scanner should detect the virus but is not foolproof. A software firewall will also stop outgoing as well as double checking any incoming that may sneak through the DG834.
There are lots of free Antivirus and Firewall products available. You do not need to use the ones on the Netgear CD.
I would seriously suggest you have a virus scanner with up to date definition files. A software firewall is not so important.
Try AVG Antivirus and Zone Alarm (free version) for the software firewall.
N/A

firewall security alerts

thanks for the advice - I was becoming more and more confused. I have Kaspersky Lite Anti-virus installed at the moment, but the licence expires in April, so I'll take your advice then and install AVG.

I did have Zone Alarm installed, but was having trouble setting up my home network. Since I disabled it everything has worked like a dream, so I have availed myself of the apparently free one from the Netgear CD, and so far it is OK.

kayemm