cancel
Showing results for 
Search instead for 
Did you mean: 

Technicolor router log

Marksfish
Aspiring Pro
Posts: 471
Thanks: 35
Fixes: 3
Registered: ‎22-11-2014

Technicolor router log

Me again. Been having hassles since fitting my new router. I have sorted the brute force attacks at port 22, thanks to community members. My firewall is now filled up red with the following:
Quote
#Jan 2 17:13:32 LOGIN User Administrator logged in on [HTTP] (from 192.168.1.64)

Error Jan 2 17:08:51 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 88.83.242.96 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Info Jan 2 17:08:39 SNTP Synchronised again with server 132.163.4.103

Error Jan 2 16:43:00 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 38.75.197.225 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 16:38:24 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 190.229.163.101 Dst ip: ****** Type: Destination Unreachable Code: Host Unreacheable

Error Jan 2 16:20:18 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 72.43.124.30 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Info Jan 2 16:08:39 SNTP Synchronised again with server 24.56.178.140

Error Jan 2 15:16:44 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 42.80.187.226 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Info Jan 2 15:08:39 SNTP Synchronised again with server 128.138.141.172

Error Jan 2 14:28:20 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 201.159.17.177 Dst ip:****** Type: Destination Unreachable Code: Port Unreacheable

Info Jan 2 14:10:33 LOGIN User Administrator logged in on [HTTP] (from 192.168.1.64)

Info Jan 2 14:08:38 SNTP Synchronised again with server 24.56.178.140

Error Jan 2 13:47:31 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 146.185.43.89 Dst ip: ****** Type: Echo Reply Code: 0

Error Jan 2 13:43:37 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 87.193.233.107 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 13:39:14 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 117.34.140.200 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 13:33:35 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 176.97.89.110 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Info Jan 2 13:08:38 SNTP Synchronised again with server 66.219.116.140

Error Jan 2 13:01:54 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 184.7.64.99 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 12:48:06 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 114.143.34.48 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 12:26:39 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 190.110.211.22 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Info Jan 2 12:08:38 SNTP Synchronised again with server 216.229.0.179

Warning Jan 2 11:18:18 IDS proto parser : tcp null port (1 of Cool : 113.108.21.16 ****** 48 TCP 12211->0 [S.....] seq 1138780849 ack 0 win 8192

Info Jan 2 11:08:37 SNTP Synchronised again with server 128.138.141.172

Error Jan 2 10:37:33 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 80.77.174.218 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 10:27:44 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 67.69.235.3 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Not sure how long it has been going on for as the log only holds 50 entries.
I have Googled this and seen CS say on a number of replies that you will see "some" activity on your log and that the router is doing its job. Too many and it could be indicative of something else. We don't do any gaming, no P2P Another answer was to disconnect and get a new ip address, which I don't really want to do, chances are it will continue on a different address.
I'm all stealthed up on my ports according to Shields Up. I do  have a Samknows box in case that is maybe causing some of it and the ping is activated for the TBB graphing. PN firewall is also active.
Is the amount to worry about, or just ignore it?
Thanks
Mark
5 REPLIES
Marksfish
Aspiring Pro
Posts: 471
Thanks: 35
Fixes: 3
Registered: ‎22-11-2014

Re: Technicolor router log

As you can see, they are coming in thick and fast. The paranoia is setting in!!
Quote
#Jan 2 17:49:29 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 154.54.30.189 Dst ip: ****** Type: Time Exceeded Code: Time to Live exceeded in Transit

Error Jan 2 17:48:15 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 216.197.101.132 Dst ip:****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 17:08:51 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 88.83.242.96 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 16:43:00 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 38.75.197.225 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 16:38:24 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 190.229.163.101 Dst ip: ****** Type: Destination Unreachable Code: Host Unreacheable

Error Jan 2 16:20:18 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 72.43.124.30 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 15:16:44 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 42.80.187.226 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 14:28:20 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 201.159.17.177 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 13:47:31 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 146.185.43.89 Dst ip: ****** Type: Echo Reply Code: 0

Error Jan 2 13:43:37 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 87.193.233.107 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 13:39:14 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 117.34.140.200 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 13:33:35 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 176.97.89.110 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 13:01:54 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 184.7.64.99 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 12:48:06 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 114.143.34.48 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Error Jan 2 12:26:39 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 190.110.211.22 Dst ip: ****** Type: Destination Unreachable Code: Port Unreacheable

Community Veteran
Posts: 1,624
Thanks: 24
Registered: ‎29-06-2010

Re: Technicolor router log

(A) The firewall is doing its job.
(B) A lot of that sort of thing is caused by Bit Torrent clients on other computers looking for stuff that was being uploaded by someone who previously had your IP address. That's probably why it was suggested you disconnect/reconnect, as (unless you have a static IP address) yours will change, and if it hasn't been used by a Bit Torrent user, then these firewall entries should stop. However, the firewall is just logging successful blocks, and it should not be a cause for concern.
Community Veteran
Posts: 5,226
Thanks: 494
Fixes: 22
Registered: ‎10-06-2010

Re: Technicolor router log

Those particular icmp check firewall log entries seem common with Technicolor routers, I don't think your log has a large enough number of them to be concerned about.
The Technicolor firewall doesn't log every single packet it blocks. I'm not using a Technicolor router and I don't see as many of these ICMP Destination Unreachable packets logged as everyone using Technicolor routers seem to get, but my firewall logging doesn't quite log everything either, and I doubt that has any significance.
Community Gaffer
Community Gaffer
Posts: 17,682
Thanks: 665
Fixes: 167
Registered: ‎05-04-2007

Re: Technicolor router log

If you look at the timestamps they aren't all at once, they're spread out. Normally if someone is trying to do something nefarious they wouldn't stop after one attempt and then try again later.
If this post resolved your issue please click the 'This fixed my problem' button
 Chris Parr
 Plusnet Staff
Marksfish
Aspiring Pro
Posts: 471
Thanks: 35
Fixes: 3
Registered: ‎22-11-2014

Re: Technicolor router log

Thank you everyone for reassurance. Just makes you wonder when you see a sea of red exclamation marks.
Mark