cancel
Showing results for 
Search instead for 
Did you mean: 

windows windows..

Community Veteran
Posts: 2,286
Thanks: 109
Fixes: 4
Registered: ‎18-02-2013

windows windows..

13 REPLIES
Community Veteran
Posts: 6,773
Thanks: 258
Fixes: 21
Registered: ‎16-02-2009

Re: windows windows..

Cheesy Crazy
Community Veteran
Posts: 2,286
Thanks: 109
Fixes: 4
Registered: ‎18-02-2013

Re: windows windows..

I's like trying to catch an eel with a bar of soap.
VileReynard
All Star
Posts: 11,193
Thanks: 307
Fixes: 11
Registered: ‎01-09-2007

Re: windows windows..

That's interesting.
However my router says:
Quote
jeremy@HECTOR:~$ sudo nmap -sS 192.168.1.1
Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-24 22:12 BST
Nmap scan report for ROUTER (192.168.1.1)
Host is up (0.0036s latency).
Not shown: 996 closed ports
PORT    STATE SERVICE
23/tcp  open  telnet
53/tcp  open  domain
80/tcp  open  http
5000/tcp open  upnp
MAC Address: A0:21:B7:87:56:18 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

So although I have extra ports open locally (SAMBA, nfs etc) I feel relatively safe.

Community Veteran
Posts: 2,286
Thanks: 109
Fixes: 4
Registered: ‎18-02-2013

Re: windows windows..

I'm sure you do feel safe, Now then, i smell an hamanchi install.
anybody like to enlighten me on which hammer i need to select ?
VileReynard
All Star
Posts: 11,193
Thanks: 307
Fixes: 11
Registered: ‎01-09-2007

Re: windows windows..

I'd never heard of such a beast as a "hamanchi" program.
It claims to act as a kind of limited VPN, but says that its very hard to share files over the internet (securely).
I think it may be Windows based.
It is easy to share files if you can use ssh, especially with nfs.

Community Veteran
Posts: 2,286
Thanks: 109
Fixes: 4
Registered: ‎18-02-2013

Re: windows windows..

Info Jul 25 11:34:19 LOGIN User admin logged in on [HTTP] (from 192.168.1.40)

Warning Jul 25 11:29:58 IDS scan parser : tcp port scan: 173.194.113.72 scanned at least 10 ports at XXX (1 of 1) : 173.194.113.72 XXX 0040 TCP 443->59762 [...R..] seq 2547249433 win 0

Error Jul 25 11:28:30 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 86.143.228.43 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Error Jul 25 11:27:13 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 86.163.1.225 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Error Jul 25 11:23:28 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 176.250.206.162 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Warning Jul 25 11:22:27 SNTP Unable to contact server: 212.159.6.10 FIREWALL HIGH!

Info Jul 25 11:21:51 LOGIN User admin logged in on [HTTP] (from 192.168.0.20)

Error Jul 25 11:16:58 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 86.163.1.225 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Error Jul 25 11:13:28 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 176.250.206.162 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Info Jul 25 11:06:47 LOGIN User admin logged in on [HTTP] (from 192.168.1.40)

Error Jul 25 11:06:43 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 86.163.1.225 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Error Jul 25 11:03:23 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 176.250.206.162 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Error Jul 25 10:56:28 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 86.163.1.225 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Error Jul 25 10:53:48 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 176.250.206.162 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Info Jul 25 10:53:14 CONFIGURATION mbus igd sync successfull

Info Jul 25 10:53:11 CONFIGURATION mbus atomic sync successful

Info Jul 25 10:52:05 FIREWALL event (1 of 2): modified rules

Info Jul 25 10:50:06 CONFIGURATION mbus igd sync successfull

Info Jul 25 10:50:03 CONFIGURATION mbus atomic sync successful

Info Jul 25 10:48:57 FIREWALL event (1 of 2): modified rules

Info Jul 25 10:47:26 CONFIGURATION mbus igd sync successfull

Info Jul 25 10:47:23 CONFIGURATION mbus atomic sync successful

Info Jul 25 10:46:17 FIREWALL event (1 of 1): modified rules

Error Jul 25 10:46:13 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 86.163.1.225 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable

Info Jul 25 10:45:39 CONFIGURATION mbus igd sync successfull

Info Jul 25 10:45:36 CONFIGURATION mbus atomic sync successful

Info Jul 25 10:44:30 FIREWALL event (1 of 1): created rules

Error Jul 25 10:43:33 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 176.250.206.162 Dst ip: XXX Type: Destination Unreachable Code: Host Unreacheable
Community Veteran
Posts: 5,225
Thanks: 494
Fixes: 22
Registered: ‎10-06-2010

Re: windows windows..

What's your point with these posts?
What was labelled as a port scan from the google IP is obviously a large number of connection reset packets coming from a HTTPS server.
If port 80 is open, just open a web browser, go to the IP, and see what you get.
VileReynard
All Star
Posts: 11,193
Thanks: 307
Fixes: 11
Registered: ‎01-09-2007

Re: windows windows..

Or try port 443 for https.

Community Veteran
Posts: 2,286
Thanks: 109
Fixes: 4
Registered: ‎18-02-2013

Re: windows windows..

ejs how do i block log me in,
why do these errors only happen from 1 computer on my network, which is the best way to see what is causing the errors from a lan perspective, ie what program would i need. how do i see what out going ports/protocols are being used from 1 specific computer on my lan from the router? why only one group of ip's all the time ? Yes i do get quite a few scans from google thats not my issue.
Community Veteran
Posts: 2,286
Thanks: 109
Fixes: 4
Registered: ‎18-02-2013

Re: windows windows..

Quote from: vilefoxdemonofdoom
Or try port 443 for https.

I closed it for testing, and it still is.
VileReynard
All Star
Posts: 11,193
Thanks: 307
Fixes: 11
Registered: ‎01-09-2007

Re: windows windows..

See https://www.grc.com/port_443.htm
You should block incoming traffic on 443, but allow outgoing traffic on 443 - unless you are running a web server!
If you totally block it, then you can only make unencrypted web connections.
Which is probably silly.

Community Veteran
Posts: 2,286
Thanks: 109
Fixes: 4
Registered: ‎18-02-2013

Re: windows windows..

Oh gawd no  Grin just  for for 1 lan ip
Community Veteran
Posts: 5,225
Thanks: 494
Fixes: 22
Registered: ‎10-06-2010

Re: windows windows..

If you want to see the data from the computer you would either need to capture all the wifi traffic, or for a wired connection set up ethernet port mirroring and use wireshark.
There's probably some telnet command for technicolor routers to show all current TCP/IP connections but I don't know what it is.
With the plusnet firewall set to high, you won't be receiving incoming connections to port 80, 443, nor any other ports anyway.