Router logs am i in trouble? Advise please

amcclean · ‎30-07-2007

Below are logs from my router I have however removed my ip. Are these alerts something i have to work about. I can see no changes to my network. Has my router kicked them out and are there any changes i need to make.
Regards Podman
Oct 17 02:30:25 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=85.185.157.31 DST=my ip LEN=48 TOS=0x00 PREC=0xA0 TTL=118 ID=6530 DF PROTO=TCP SPT=3537 DPT=53 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 17 02:37:56 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 02:53:38 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=125.230.150.168 DST=my ip LEN=48 TOS=0x00 PREC=0x80 TTL=109 ID=23348 DF PROTO=TCP SPT=4306 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 17 03:06:47 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=190.232.102.73 DST=my ip LEN=60 TOS=0x00 PREC=0x80 TTL=48 ID=49582 DF PROTO=TCP SPT=3577 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
Oct 17 03:07:03 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=8000 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 03:27:46 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=212.135.194.100 DST=my ip LEN=48 TOS=0x00 PREC=0x40 TTL=120 ID=41515 DF PROTO=TCP SPT=1814 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 17 03:29:08 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=212.106.16.207 DST=my ip LEN=64 TOS=0x00 PREC=0x40 TTL=38 ID=44478 DF PROTO=TCP SPT=2224 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
Oct 17 03:36:36 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0xA0 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:06:26 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:06:26 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0xA0 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:06:26 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=8118 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:19:51 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=121.15.245.215 DST=my ip LEN=40 TOS=0x00 PREC=0xA0 TTL=116 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:27:05 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=212.135.194.100 DST=my ip LEN=48 TOS=0x00 PREC=0x40 TTL=120 ID=13705 DF PROTO=TCP SPT=4122 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0

7up · ‎01-08-2007

It's probably just a log of an attempt to gain access however it depends on the make and model. To put it bluntly if some little chineese person who doesn't understand english terribly well wrote it then intrusion could mean attempted intrusion! On the other hand if its a router made in the west... you're probably in trouble.
Would be a wise idea to post the make and model of router so some of the experts here can look into it for you. Also ensure that you have firewalls installed on all PCs on your network. Most routers do have their own firewalls but thats only one line of defence. If a hacker gets past it you're stuffed!

I need a new signature... i'm bored of the old one!

amcclean · ‎30-07-2007

Belkin G + Nimo
firewall on and firewalls on all connected pcs.
Podman

VileReynard · ‎01-09-2007

It's nothing - just a few failed attacks over several hours, from different sources.

"In The Beginning Was The Word, And The Word Was Aardvark."

Denzil · ‎31-07-2007

I think the fact your router has detected the potential attack and reported it in the log is a sign that its firewall is doing its job.