Router Intrusion?

[doom]

I was looking through my router logs (as I got disconnected) and I found this. Does anyone know what it means? Looking further down it says something about an Intrusion and this is what concerns me.

Feb 12 19:44:30 (none) user.crit kernel: ADSL link down

Feb 12 19:44:32 (none) user.crit kernel: ADSL G.994 training

Feb 12 19:44:32 (none) daemon.crit pppd[615]: Clear IP addresses. Connection DOWN.

Feb 12 19:44:32 (none) daemon.crit pppd[615]: Clear IP addresses. PPP connection DOWN.

Feb 12 19:44:41 (none) user.crit kernel: ADSL G.992 started

Feb 12 19:44:45 (none) user.crit kernel: ADSL G.992 channel analysis

Feb 12 19:44:51 (none) user.crit kernel: ADSL G.992 message exchange

Feb 12 19:44:51 (none) user.crit kernel: ADSL link up, interleaved, us=765, ds=16379

Feb 12 19:45:08 (none) daemon.crit pppd[615]: PPP LCP UP.

Feb 12 19:45:08 (none) daemon.crit pppd[615]: Received valid IP address from server. Connection UP.

Feb 12 19:47:25 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=90.183.114.150 DST=90.211.6.22 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=48648 DF PROTO=TCP SPT=3237 DPT=139 WINDOW=64240 RES=0x00 SYN URGP=0

Feb 12 19:47:28 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=90.183.114.150 DST=90.211.6.22 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=48964 DF PROTO=TCP SPT=3237 DPT=139 WINDOW=64240 RES=0x00 SYN URGP=0

Feb 12 19:47:34 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=90.183.114.150 DST=90.211.6.22 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=49632 DF PROTO=TCP SPT=3237 DPT=139 WINDOW=64240 RES=0x00 SYN URGP=0

Feb 12 19:48:04 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=200.183.38.1 DST=90.211.6.22 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=47046 DF PROTO=TCP SPT=63107 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0

[eyemdee]

Doesn't look like a Sky router so unfamiliar output, but looks to me like you have perhaps acquired a IP address whose previous owner allowed file sharing and remote access to his PC.

Just ensure that incoming ports 139 and 4899 are blocked on your router and these will just remain alerts IMHO.

[doom]

Doesn't look like a Sky router so unfamiliar output, but looks to me like you have perhaps acquired a IP address whose previous owner allowed file sharing and remote access to his PC.

Just ensure that incoming ports 139 and 4899 are blocked on your router and these will just remain alerts IMHO.

It is a sky router it's the segam one. It's set on factory defaults accept the wireless channel, encryption code and router password.

[eyemdee]

^^^ Apologies, didn't recognise the output! As long as all incoming ports are blocked you should be OK.

[James67]

The log messages are a bit misleading. They're not indicating an "intrusion", they're indicating that an intrusion was attempted, but didn't succeed. Nothing to be alarmed about really.

[doom]

The log messages are a bit misleading. They're not indicating an "intrusion", they're indicating that an intrusion was attempted, but didn't succeed. Nothing to be alarmed about really.

Cheers bud. I was thinking of going back to my old netgear one thinking there might be a problem with this one. God I love this forum. Much better than adslguide (thinkbroadband). You don't get this kind of help on there anymore.

[Mvrck]

Does anyone know why these intrusion attempts happen? I've been getting these constantly now for a couple of weeks. Maybe longer however I've only just noticed them. It doesn't matter how long I leave my router off, whether it be an hour or a day so that i get a new ip, once the router connects within 15 mins I get the same intrusion messages. I've tried resetting my router to default settings, closed port forwarding ports and yet they keep on appearing.

Has anyone got any thoughts?

[Isitme]

As James said above, these are just attempts at intrusion. The router has done its job and stopped them. Unfortunately the world is full of people who try to hack into others PCs and have programs which constantly search for open connections. There is not much you can do about it except trust your router to do its job and ensure you do not leave any ports open. Read the info and do the checks at https://www.grc.com/x/ne.dll?bh0bkyd2 if you are worried.

[Mvrck]

Thanks for your response. I checked that site and it gave me a thumbs up. I kind of see what your saying about nothing really to worry about. Only thing i'm concerned about is why they keep on trying to get in as soon as my router is turned on. I'm not even doing any internet browsing or xbox live and with a new IP just seems really strange.

Is everyone else getting these intrusion attempts?

[1-Eye]

Do you have a nintendo wii set to connect or something else set for firmare update ps3 etc could be that trying to connect to get updates etc