cancel
Showing results for 
Search instead for 
Did you mean: 

2700HG-B Gateway & Excessive Sessions Warning MSG

markrach
Grafter
Posts: 311
Registered: 22-10-2008

2700HG-B Gateway & Excessive Sessions Warning MSG

Hi
Need some help here.
I have been having problems with a billion 5200s modem and running my debian server (quakeworld server + 1 psybnc) routing and firewall so i switched to my 2Wire 2700 and set the server to DMZplus so its visable on the internet Smiley . Since useing the 2Wire i have been constantly been getting the above warning msg when opening up firefox or i.e . I'm not to sure what the warning means as it says i may have malware / adware / virus  Cry scans show nothing thou .
Now my XP box internal ip is 192.168.1.100 and the debian box shows my external ip , all these warning are coming to my XP box . log below shows this and this is only a 10th of the log , any help would be fantastic
Quote
sess[3125]: bkt 236, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1324, f: 208.43.48.106:80, n: 81.174.134.41:1324
  lnd: (51,0), fnd: (0,0)
  last used 14137, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 4198922094, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 1182938589, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2342]: bkt 238, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:2848, f: 208.43.48.109:80, n: 81.174.134.41:2848
  lnd: (51,0), fnd: (0,0)
  last used 12223, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 2242100105, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 168809015, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[3127]: bkt 238, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1326, f: 208.43.48.108:80, n: 81.174.134.41:1326
  lnd: (51,0), fnd: (0,0)
  last used 14138, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 4204340949, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 3757449878, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2343]: bkt 239, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:2849, f: 208.43.48.109:80, n: 81.174.134.41:2849
  lnd: (51,0), fnd: (0,0)
  last used 12223, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 2244133218, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 1731373152, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[3128]: bkt 239, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1327, f: 208.43.48.108:80, n: 81.174.134.41:1327
  lnd: (51,0), fnd: (0,0)
  last used 14137, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 4199126612, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 2958525402, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[3129]: bkt 240, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1328, f: 208.43.48.108:80, n: 81.174.134.41:1328
  lnd: (51,0), fnd: (0,0)
  last used 14138, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 4212918649, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 3683464074, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2186]: bkt 241, flags: 0x000001a1, proto: 6, cnt: 5
  l: 192.168.1.100:2707, f: 72.30.186.249:80, n: 81.174.134.41:2707
  lnd: (51,0), fnd: (0,0)
  last used 11397, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 1441115581, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 1894803082, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2191]: bkt 241, flags: 0x000001a1, proto: 6, cnt: 2
  l: 192.168.1.100:2712, f: 72.21.202.132:80, n: 81.174.134.41:2712
  lnd: (51,0), fnd: (0,0)
  last used 11376, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 1383312683, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 3166704817, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[3130]: bkt 241, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1329, f: 208.43.48.108:80, n: 81.174.134.41:1329
  lnd: (51,0), fnd: (0,0)
  last used 14138, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 4197866594, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 1056988922, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2376]: bkt 242, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:2876, f: 208.43.48.108:80, n: 81.174.134.41:2876
  lnd: (51,0), fnd: (0,0)
  last used 12534, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 2495797803, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 2125541132, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2377]: bkt 243, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:2877, f: 208.43.48.108:80, n: 81.174.134.41:2877
  lnd: (51,0), fnd: (0,0)
  last used 12536, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 2506252073, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 1076335376, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2877]: bkt 244, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1077, f: 208.43.48.108:80, n: 81.174.134.41:1077
  lnd: (51,0), fnd: (0,0)
  last used 13632, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 3667643475, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 4255543819, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2876]: bkt 245, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1076, f: 208.43.48.108:80, n: 81.174.134.41:1076
  lnd: (51,0), fnd: (0,0)
  last used 13632, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 3672101843, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 985078385, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2879]: bkt 246, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1079, f: 208.43.48.108:80, n: 81.174.134.41:1079
  lnd: (51,0), fnd: (0,0)
  last used 13634, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 3673760693, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 1346542419, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[2878]: bkt 247, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1078, f: 208.43.48.108:80, n: 81.174.134.41:1078
  lnd: (51,0), fnd: (0,0)
  last used 13632, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 3667843304, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 3344493576, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[3138]: bkt 249, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1337, f: 208.43.48.108:80, n: 81.174.134.41:1337
  lnd: (51,0), fnd: (0,0)
  last used 14140, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 4206746048, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 386505665, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[3139]: bkt 250, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1338, f: 208.43.48.108:80, n: 81.174.134.41:1338
  lnd: (51,0), fnd: (0,0)
  last used 14139, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 4201020248, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 3310186677, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[3140]: bkt 251, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1339, f: 208.43.48.108:80, n: 81.174.134.41:1339
  lnd: (51,0), fnd: (0,0)
  last used 14138, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 4211853734, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 4080574662, sent: 1, unack'd 0, mss 0, windows_scale 0
sess[3141]: bkt 252, flags: 0x000001a1, proto: 6, cnt: 4
  l: 192.168.1.100:1340, f: 208.43.48.108:80, n: 81.174.134.41:1340
  lnd: (51,0), fnd: (0,0)
  last used 14138, max_idle: 86400
  TCP state ESTABLISHED
  TCP IN: is: 4200553616, sent: 1, unack'd 1, mss 0, windows_scale 0
  TCP OUT: is: 3863878504, sent: 1, unack'd 0, mss 0, windows_scale 0
9 REPLIES
AndyBa
Grafter
Posts: 38
Registered: 25-10-2008

Re: 2700HG-B Gateway & Excessive Sessions Warning MSG

I remember that I had this once on a 2700. It ran for about two days, and then stopped.
Unfortunatly I never found out the cause, so not much help.
Is there any reason why you have gone for DMZ as opposed to only forwarding the required ports?
ian007jen
Rising Star
Posts: 392
Thanks: 4
Fixes: 2
Registered: 06-09-2007

Re: 2700HG-B Gateway & Excessive Sessions Warning MSG

Hi
P-T-P and torrents can cause this error message, it may be nothing to do with your DMZ, server.
When I used this make router I disabled this warning message.
Look at this page http://www.broadbandreports.com/forum/r19522349-2Wire-2700HGE-modem-Excessive-Sessions-Warning-Torre...
Ian
amir852
Grafter
Posts: 98
Registered: 13-02-2009

Re: 2700HG-B Gateway & Excessive Sessions Warning MSG

look up on google and see what it says and how to solve/remove that let me check for you aswell let me no what you get
markrach
Grafter
Posts: 311
Registered: 22-10-2008

Re: 2700HG-B Gateway & Excessive Sessions Warning MSG

Seems all i can find is that its torrents , but i have no torrents running (hardly ever use as well) , i have found this fix
Quote
1) Open your browser and type the following numbers into your Address Bar; 192.168.1.254 then hit the Enter button on your keyboard.
2) Click on the FIREWALL (padlock) tab at the top of the menu bar.
3) Now click on the (blue) 'Advanced Settings' link towards the top of the page.
If you have previously configured a password for your 2Wire, you will most likely be asked to enter that password.
If you have not previously configured a password for your 2Wire, you may be asked if you would like to set one up.
4) You should now be in the 'Edit Advanced Firewall Settings' section. In the section that says 'Attack Detection', remove the checkmark in the box beside 'Excessive Session Detection'.
5) Now click on the red SAVE button below and close out of your browser.

The thing i' worried about is that all these hits are on my XP box and not my debian server , if i yurn the server off these attacks stop ! .

I have tried port forwarding route and found that all is ok for clients to connect to the server but i am not able to even with internal ip , external and my host name .
Could these be attacks comming through the server , hackers useing the server as a route to my pc ?
I'm getting a little worried now Sad
ian007jen
Rising Star
Posts: 392
Thanks: 4
Fixes: 2
Registered: 06-09-2007

Re: 2700HG-B Gateway & Excessive Sessions Warning MSG

Looking at your log file,
have you anything to do with address 208.43.48.108? as a there is a Snap CMS web server on this IP. http://208.43.48.108
Your plus net external ip is 81.174.134.41,
We need to find out the format of the 2wire log file ie. what do l: f: and n: mean

ian
markrach
Grafter
Posts: 311
Registered: 22-10-2008

Re: 2700HG-B Gateway & Excessive Sessions Warning MSG

No nothing at all! thats very strange as the rest of the log has this ip too ? , how do i find out what l: f: and n: mean
what is Snap CMS anyway ?
jim:quote
markrach
Grafter
Posts: 311
Registered: 22-10-2008

Re: 2700HG-B Gateway & Excessive Sessions Warning MSG

Just to clear something i missed out was this log was from my firewall log under pin-holes as it says i have external pin-holes (192 available). "NAT SESSIONS"
ian007jen
Rising Star
Posts: 392
Thanks: 4
Fixes: 2
Registered: 06-09-2007

Re: 2700HG-B Gateway & Excessive Sessions Warning MSG

Try resyncing your router to change your +net ip address if you are not on a static one, then recheck your ip address and your log.
Snap cms more info http://www.freecause.com/snapcms
Ian
markrach
Grafter
Posts: 311
Registered: 22-10-2008

Re: 2700HG-B Gateway & Excessive Sessions Warning MSG

Found it , mob wars toolbar for firefox .