Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Broadband Security Log Question

  • 25-03-2004 8:46pm
    #1
    Silent Assasin
    Registered Users Posts: 108 ✭✭


    Not sure if this is the correct forum...plz move if im wrong.

    I have a Belkin Wireless Router connected to irishbroadband...
    and my security log in the router has these entries does anyone know what they mean ??

    2004/03/03 19:42:54 ** TCP SYN Flooding ** <IP/TCP> 192.168.132.19:3219 ->> 64.255.163.200:80
    2004/03/03 19:42:55 ** TCP SYN Flooding ** <IP/TCP> 64.255.163.200:80 ->> 62.231.34.147:59521
    2004/03/03 19:43:29 ** TCP SYN Flooding ** <IP/TCP> 64.255.163.200:80 ->> 62.231.34.147:53004
    2004/03/07 15:08:39 ** TCP SYN Flooding ** <IP/TCP> 66.28.207.229:80 ->> 62.231.34.147:52381

    Then further down it has this....
    24 02:58:47 ** Unauthorized HTTP Access ** <IP/TCP> 62.118.128.238:61630 ->> 62.231.34.147:88
    2004/03/25 19:05:42 ** TCP SYN Flooding ** <IP/TCP> 192.168.132.16:1765 ->> 213.233.129.155:443


    Now the 192.168 Adresses are on my local network and are assigned by the belkin router...and the 62.231.34.147 is my default gateway assigned by Irishbroadband.
    The other's I havent a Notion...
    Has anyone a clue what this means ?

    I have Norton firewall and Anti Virus !

    Cheers


Comments

  • #2
    tomk
    Registered Users, Registered Users 2 Posts: 1,067 ✭✭✭tomk


    Read all about TCP SYN Flooding here.

    Check your router's manual - as long as these attacks have been blocked i.e. by a firewall, and not just detected i.e. by an Intrusion Detection System, you're alright.
    62.231.34.147 is my default gateway assigned by Irishbroadband.
    Do you mean that this is the public address that your router uses? If so, you really shouldn't go around posting it in public forums........


  • #3
    Ryaner
    Registered Users, Registered Users 2 Posts: 1,714 ✭✭✭Ryaner


    part I'm wondering about is

    24 02:58:47 ** Unauthorized HTTP Access ** <IP/TCP> 62.118.128.238:61630 ->> 62.231.34.147:88

    Also, 192.168.132.16:1765 ->> 213.233.129.155:443 seems to show that your systems has the bug maybe. (I think this can be put into a virus)

    If it doesnt appear often then forget about it. It could simply be routed traffic of your router that getting picked up wrong. My software firewall always goes crazy for first few seconds I connect to my wireless network at home.

    I only got a new router today that actually has logs in it so I dont know in that respect. I've seen some pretty weird entries showing up before tho for things such as dns router traffic tho. Prob best not too worry too much unless u see it alot.


  • #4
    cheradenine
    Closed Accounts Posts: 88 ✭✭cheradenine


    Heh, according to http://www.ripe.net/ripencc/pub-services/db/whois/whois.html , the ip from the unauthorized http access is a Russian one, i'm guessing it was just an automated scan accross an ip range looking for an unprotected connection, if it was specificly an attempt to get past your router i'd imagine there'd be a whole series of unauthorized access attempts.


  • #5
    Silent Assasin
    Registered Users Posts: 108 ✭✭Silent Assasin


    Cheers for the Answers Lad,

    And tomk thats not my IP Address its my default gateway...

    Ill keep an eye on the log and see what happens ?


Advertisement