Sponsor for PC Pals Forum

Author Topic: router logs  (Read 5860 times)

Offline Baz

  • Established Member
  • ****
  • Posts: 765
router logs
« on: January 02, 2010, 20:08 »
have been getting a lot of logs about DOS attacks from the router.I have been well informed by Rik that its ok and the router is doing its job but it seems strange to me as I never used to get any,honest.After i get the reports sent by email i try to look in the router settings and it wont log in.

The only thing i can think of is its something to do with my son playing on line on his PS3 but he has done this for ages and we never got any bother.Why and how are these getting in to the router

Any ideas

Offline Simon

  • Administrator
  • *****
  • Posts: 77918
  • First to score 7/7 in Quiz of The Week's News 2017
Re: router logs
« Reply #1 on: January 02, 2010, 21:07 »
I would never dispute the word of the all-knowing one on routers and ADSL, Baz.  ;)  I do believe the router firewall is just doing it's job, but I guess there comes a point where one has to ask if it's being asked to work too hard for any reason.  Can you post some of the logs, without revealing any personal info, so that we can have a look for you?
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Baz

  • Established Member
  • ****
  • Posts: 765
Re: router logs
« Reply #2 on: January 03, 2010, 08:51 »
dont get me wrong Simon,theres no way too that I would or am disputing what Ive been told hope Rik or you dont think I am,just trying to find out why its happening all of a sudden.

latest logs from yesterday.I have some from 28dec, others i have deleted

Sat, 2010-01-02 22:00:44 - UDP Packet - Source:174.27.18.1,3074 Destination:************* - [DOS]
Sat, 2010-01-02 22:05:44 - Administrator login successful - IP:*************
Sat, 2010-01-02 22:05:44 - UDP Packet - Source:86.162.95.144,3074 Destination:************* - [DOS]
Sat, 2010-01-02 22:10:44 - Administrator login successful - IP:*************
Sat, 2010-01-02 22:10:44 - UDP Packet - Source:77.229.97.224,3074 Destination:************* - [DOS]
Sat, 2010-01-02 22:15:44 - UDP Packet - Source:82.237.102.228,3074 Destination:*************- [DOS]
Sat, 2010-01-02 22:20:44 - UDP Packet - Source:207.134.184.29,3074 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:44 - UDP Packet - Source:88.17.189.60,3074 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - UDP Packet - Source:98.192.207.244,3074 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - UDP Packet - Source:75.159.216.203,3078 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - UDP Packet - Source:84.123.179.199,13101 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - UDP Packet - Source:82.13.160.190,19103 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - UDP Packet - Source:174.117.235.109,61537 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - UDP Packet - Source:87.220.30.133,3074 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - UDP Packet - Source:173.55.164.67,3074 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - UDP Packet - Source:81.100.83.233,55013 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - UDP Packet - Source:90.23.73.156,3081 Destination:************* - [DOS]
Sat, 2010-01-02 22:25:45 - Send E-mail Success!
Sun, 2010-01-03 01:40:48 - Send out NTP request to 158.43.192.66
Sun, 2010-01-03 01:40:48 - Receive NTP Reply from 158.43.192.66


 

Offline Rik

  • Former Admin
  • *****
  • Posts: 26506
  • Ceud mille failte
Re: router logs
« Reply #3 on: January 03, 2010, 10:03 »
Someone has probably visited a site where the IP address has been picked up, Baz. As we have static IPs, once they become known, we get attacks. The router log just shows the firewall at work.
Slainthe!

Rik

Offline sam

  • Administrator
  • *****
  • Posts: 19977
Re: router logs
« Reply #4 on: January 03, 2010, 10:08 »
or has someone just started using torrents?
- sam | @starrydude --

Offline Baz

  • Established Member
  • ****
  • Posts: 765
Re: router logs
« Reply #5 on: January 03, 2010, 10:40 »
torrents as in what Sam.dont know enough about them   :dunno:

Offline Baz

  • Established Member
  • ****
  • Posts: 765
Re: router logs
« Reply #6 on: January 03, 2010, 10:44 »
Someone has probably visited a site where the IP address has been picked up, Baz. As we have static IPs, once they become known, we get attacks. The router log just shows the firewall at work.

do you get the same IP address every time. if you reboot will you get a different one

Offline Simon

  • Administrator
  • *****
  • Posts: 77918
  • First to score 7/7 in Quiz of The Week's News 2017
Re: router logs
« Reply #7 on: January 03, 2010, 11:00 »
With IDNet, you keep the same IP address, Baz.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Baz

  • Established Member
  • ****
  • Posts: 765
Re: router logs
« Reply #8 on: January 03, 2010, 11:39 »
thanks Simon

Offline sam

  • Administrator
  • *****
  • Posts: 19977
Re: router logs
« Reply #9 on: January 04, 2010, 09:46 »
torrents as in what Sam.dont know enough about them   :dunno:

says it all, just wondered if you or anyone else in your house was using them - could cause increased traffic like that.
- sam | @starrydude --

Offline Simon

  • Administrator
  • *****
  • Posts: 77918
  • First to score 7/7 in Quiz of The Week's News 2017
Re: router logs
« Reply #10 on: January 04, 2010, 10:13 »
Also, P2P applications like Limewire can cause it.  :)
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Baz

  • Established Member
  • ****
  • Posts: 765
Re: router logs
« Reply #11 on: January 04, 2010, 20:31 »
says it all, just wondered if you or anyone else in your house was using them - could cause increased traffic like that.

well like I say Sam, as in what.I really dont know anything about torrents thats why I asked, then I could ask the rest of the family if they have used them

Offline Simon

  • Administrator
  • *****
  • Posts: 77918
  • First to score 7/7 in Quiz of The Week's News 2017
Re: router logs
« Reply #12 on: January 04, 2010, 22:29 »
I think Sam was saying that if you don't know anything about torrents, it's unlikely that you would be using them, Baz, but basically, torrents are just another way to engage in file sharing on the internet, a bit like traditional P2P such as LimeWire, only with torrents, the files are 'split', and you are downloading from (and uploading to) many multiples of users at any one time, which, technically, makes the downloading faster.  There are various BitTorrent 'clients' (programs), and possibly the most common is 'uTorrent', so if anyone has that on their PC, it's likely that they are engaging in torrent activity.

Despite most torrent activity being illegal, it could be argued that it's safer than traditional P2P, as you have more control over what files are being shared from your computer - usually, you are simultaneously uploading a copy of the file you are downloading at the time.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline topquark

  • Regular Member
  • **
  • Posts: 49
Re: router logs
« Reply #13 on: January 05, 2010, 10:38 »
It would be useful to know what the destination port number was (not the IP address) if it's shown.  In your source information it's shown after the comma in the source IP address info.  As already said, doesn't look like anything to worry about, probably just someone thinks you're running a website (port 80) that they want to hinder access to (very sad!).

You could always do a port scan and check that you have no ports open, there are plenty of sites on the web you can use to do that.

Edit:  If you are worried that someone may be getting in (unlikely) you can always use something like: http://www.snort.org/ on your PC('s).
« Last Edit: January 05, 2010, 10:50 by topquark »
Reverse the polarity, it'll be fine !

Offline Baz

  • Established Member
  • ****
  • Posts: 765
Re: router logs
« Reply #14 on: January 05, 2010, 17:59 »
the destination port number you ask about is the same in all the logs do you mean its the one after the comma too in the destination address.is it ok to post it here.


Show unread posts since last visit.
Sponsor for PC Pals Forum