Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Router logs am i in trouble? Advise please
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Router logs am i in trouble? Advise please
Router logs am i in trouble? Advise please
17-10-2009 2:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Below are logs from my router I have however removed my ip. Are these alerts something i have to work about. I can see no changes to my network. Has my router kicked them out and are there any changes i need to make.
Regards Podman
Oct 17 02:30:25 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=85.185.157.31 DST=my ip LEN=48 TOS=0x00 PREC=0xA0 TTL=118 ID=6530 DF PROTO=TCP SPT=3537 DPT=53 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 17 02:37:56 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 02:53:38 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=125.230.150.168 DST=my ip LEN=48 TOS=0x00 PREC=0x80 TTL=109 ID=23348 DF PROTO=TCP SPT=4306 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 17 03:06:47 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=190.232.102.73 DST=my ip LEN=60 TOS=0x00 PREC=0x80 TTL=48 ID=49582 DF PROTO=TCP SPT=3577 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
Oct 17 03:07:03 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=8000 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 03:27:46 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=212.135.194.100 DST=my ip LEN=48 TOS=0x00 PREC=0x40 TTL=120 ID=41515 DF PROTO=TCP SPT=1814 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 17 03:29:08 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=212.106.16.207 DST=my ip LEN=64 TOS=0x00 PREC=0x40 TTL=38 ID=44478 DF PROTO=TCP SPT=2224 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
Oct 17 03:36:36 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0xA0 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:06:26 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:06:26 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0xA0 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:06:26 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=8118 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:19:51 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=121.15.245.215 DST=my ip LEN=40 TOS=0x00 PREC=0xA0 TTL=116 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:27:05 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=212.135.194.100 DST=my ip LEN=48 TOS=0x00 PREC=0x40 TTL=120 ID=13705 DF PROTO=TCP SPT=4122 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
Regards Podman
Oct 17 02:30:25 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=85.185.157.31 DST=my ip LEN=48 TOS=0x00 PREC=0xA0 TTL=118 ID=6530 DF PROTO=TCP SPT=3537 DPT=53 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 17 02:37:56 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 02:53:38 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=125.230.150.168 DST=my ip LEN=48 TOS=0x00 PREC=0x80 TTL=109 ID=23348 DF PROTO=TCP SPT=4306 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 17 03:06:47 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=190.232.102.73 DST=my ip LEN=60 TOS=0x00 PREC=0x80 TTL=48 ID=49582 DF PROTO=TCP SPT=3577 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
Oct 17 03:07:03 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=8000 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 03:27:46 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=212.135.194.100 DST=my ip LEN=48 TOS=0x00 PREC=0x40 TTL=120 ID=41515 DF PROTO=TCP SPT=1814 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 17 03:29:08 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=212.106.16.207 DST=my ip LEN=64 TOS=0x00 PREC=0x40 TTL=38 ID=44478 DF PROTO=TCP SPT=2224 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
Oct 17 03:36:36 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0xA0 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:06:26 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:06:26 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0xA0 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:06:26 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=222.45.112.59 DST=my ip LEN=40 TOS=0x00 PREC=0x80 TTL=112 ID=256 DF PROTO=TCP SPT=12200 DPT=8118 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:19:51 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=121.15.245.215 DST=my ip LEN=40 TOS=0x00 PREC=0xA0 TTL=116 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0
Oct 17 04:27:05 alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=212.135.194.100 DST=my ip LEN=48 TOS=0x00 PREC=0x40 TTL=120 ID=13705 DF PROTO=TCP SPT=4122 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
4 REPLIES 4
Re: Router logs am i in trouble? Advise please
18-10-2009 12:51 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It's probably just a log of an attempt to gain access however it depends on the make and model. To put it bluntly if some little chineese person who doesn't understand english terribly well wrote it then intrusion could mean attempted intrusion! On the other hand if its a router made in the west... you're probably in trouble.
Would be a wise idea to post the make and model of router so some of the experts here can look into it for you. Also ensure that you have firewalls installed on all PCs on your network. Most routers do have their own firewalls but thats only one line of defence. If a hacker gets past it you're stuffed!
Would be a wise idea to post the make and model of router so some of the experts here can look into it for you. Also ensure that you have firewalls installed on all PCs on your network. Most routers do have their own firewalls but thats only one line of defence. If a hacker gets past it you're stuffed!
I need a new signature... i'm bored of the old one!
Re: Router logs am i in trouble? Advise please
18-10-2009 11:02 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Belkin G + Nimo
firewall on and firewalls on all connected pcs.
Podman
firewall on and firewalls on all connected pcs.
Podman
Re: Router logs am i in trouble? Advise please
18-10-2009 4:21 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It's nothing - just a few failed attacks over several hours, from different sources.
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: Router logs am i in trouble? Advise please
18-10-2009 5:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I think the fact your router has detected the potential attack and reported it in the log is a sign that its firewall is doing its job.
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Router logs am i in trouble? Advise please