cancel
Showing results for 
Search instead for 
Did you mean: 

router logs

N/A

router logs

Hi, i am just starting to get my head around the basics of this router and noticed the log page. can anyone explain briefly what the following means.

TCP packet-source:80.229.***.***,4771 Destination:80.229.***.***,6129-[DOS]

am i right in thinking that the source ip has acarried out a dinial of service on my ip, from their port 4771 to my port 6129.

TCP packet - source:206.204.10.209 Destination:80.229.***.*** - [PORT SCAN]

does this mean that the ssource IP has caried out a port scan on my router.
if this is the case is this normal, and how frequently does it occur. since 25/8/04 and today i have had 26 DOS and 3 PORT SCANS.
any info will be greatly recieved
8 REPLIES
Superuser
Superuser
Posts: 2,517
Thanks: 219
Fixes: 5
Registered: 06-04-2007

router logs

I'm not expert on this, but from memory you are correct in what you have said, but this is perfectly normal backgroup internet noise. You only need to star worrying about this if you are getting thousands per hour.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

router logs

You can safely ignore both of those considering the number you have had.

[DOS] (or Dos) is Denial of Service and involves hundreds and thousands of connection attempts - in effect flooding your connection - to stop you or anyone else using your connection, hence the Denial of Service description. Having only 3 is nothing to worry about (and is not a DoS).

The [PORT SCAN] is just a normal connection attempt on a well know port used by viruses by a PC that is infected with a virus.

In both cases what you are seeing is normal 'internet noise' from infected systems and you can ignore them as your firewall is doing what it was designed for - protecting your system from outside systems.
N/A

router logs

many thanks for the reply. it appears that some of these dos's are from plusnet IP address is there anyway that these addresses can be sent to plusnet so that they can be followed up and the person notifed that they may have a virus they don't know about.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

router logs

There are ways to report abuse of this kind but to be honest 29 connections is extreamly low activity and really not worth the time or effort by you or the very overworked PlusNet abuse team - who get 100s of reportes each day of much higher number of port scans.

Just ignore it as I said earlier, it is nothing to worry about.
N/A

router logs

Ok. what was we talking about
N/A

router logs

Ok,
I know its a little late to join in here but:

I have just had 35 such messages in the last 40 mins is that worth reporting or worrying about, and its a plusnet ip address its all coming from. Evil

Donald
Community Veteran
Posts: 14,469
Registered: 30-07-2007

router logs

No.

100s or 1000s of messages in a short time, but averaging 1 every minute is notiong to concern anyone about.
N/A

router logs

You should turn off ICMP if you can. This stops your router from replying to pings on the internet, which in turn makes it almost totally invisible to hackers.

More sophisticated DOS tools which sweep through subnet ranges will still find you, but it deters the less intelligent ones.