Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 60k members.


    Advertisement

    Page 1 of 3 123 LastLast
    Results 1 to 10 of 28

    Router Intrusion?

    This is a discussion on Router Intrusion? within the Sky Router forums, part of the Sky Broadband help category; I was looking through my router logs (as I got disconnected) and I found this. Does anyone know what it ...

    1. #1
      doom's Avatar
      doom is offline Sky User Member
      Exchange: Aberdeen/Kinkorth
      Broadband ISP: Sky Max/Unlimited
      Router: Sagem F@ST 2504
      Sky TV: Other
      Join Date
      Dec 2007
      Posts
      58
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Router Intrusion?

      I was looking through my router logs (as I got disconnected) and I found this. Does anyone know what it means? Looking further down it says something about an Intrusion and this is what concerns me.

      Feb 12 19:44:30 (none) user.crit kernel: ADSL link down

      Feb 12 19:44:32 (none) user.crit kernel: ADSL G.994 training

      Feb 12 19:44:32 (none) daemon.crit pppd[615]: Clear IP addresses. Connection DOWN.

      Feb 12 19:44:32 (none) daemon.crit pppd[615]: Clear IP addresses. PPP connection DOWN.

      Feb 12 19:44:41 (none) user.crit kernel: ADSL G.992 started

      Feb 12 19:44:45 (none) user.crit kernel: ADSL G.992 channel analysis

      Feb 12 19:44:51 (none) user.crit kernel: ADSL G.992 message exchange

      Feb 12 19:44:51 (none) user.crit kernel: ADSL link up, interleaved, us=765, ds=16379

      Feb 12 19:45:08 (none) daemon.crit pppd[615]: PPP LCP UP.

      Feb 12 19:45:08 (none) daemon.crit pppd[615]: Received valid IP address from server. Connection UP.

      Feb 12 19:47:25 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=90.183.114.150 DST=90.211.6.22 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=48648 DF PROTO=TCP SPT=3237 DPT=139 WINDOW=64240 RES=0x00 SYN URGP=0

      Feb 12 19:47:28 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=90.183.114.150 DST=90.211.6.22 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=48964 DF PROTO=TCP SPT=3237 DPT=139 WINDOW=64240 RES=0x00 SYN URGP=0

      Feb 12 19:47:34 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=90.183.114.150 DST=90.211.6.22 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=49632 DF PROTO=TCP SPT=3237 DPT=139 WINDOW=64240 RES=0x00 SYN URGP=0

      Feb 12 19:48:04 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=200.183.38.1 DST=90.211.6.22 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=47046 DF PROTO=TCP SPT=63107 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0


    2. Advertisement
    3. #2
      eyemdee's Avatar
      eyemdee is offline Sky User Member
      Exchange: EMMNSFI
      Broadband ISP: Sky Max/Unlimited
      Router: Netgear V1 DG834GT
      Sky TV: Sky+HD box
      Join Date
      May 2007
      Posts
      694
      Thanks
      3
      Thanked 1 Time in 1 Post

      Re: Router Intrusion?

      Doesn't look like a Sky router so unfamiliar output, but looks to me like you have perhaps acquired a IP address whose previous owner allowed file sharing and remote access to his PC.

      Just ensure that incoming ports 139 and 4899 are blocked on your router and these will just remain alerts IMHO.

    4. #3
      doom's Avatar
      doom is offline Sky User Member
      Exchange: Aberdeen/Kinkorth
      Broadband ISP: Sky Max/Unlimited
      Router: Sagem F@ST 2504
      Sky TV: Other
      Join Date
      Dec 2007
      Posts
      58
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Router Intrusion?

      Quote Originally Posted by eyemdee View Post
      Doesn't look like a Sky router so unfamiliar output, but looks to me like you have perhaps acquired a IP address whose previous owner allowed file sharing and remote access to his PC.

      Just ensure that incoming ports 139 and 4899 are blocked on your router and these will just remain alerts IMHO.
      It is a sky router it's the segam one. It's set on factory defaults accept the wireless channel, encryption code and router password.

    5. #4
      eyemdee's Avatar
      eyemdee is offline Sky User Member
      Exchange: EMMNSFI
      Broadband ISP: Sky Max/Unlimited
      Router: Netgear V1 DG834GT
      Sky TV: Sky+HD box
      Join Date
      May 2007
      Posts
      694
      Thanks
      3
      Thanked 1 Time in 1 Post

      Re: Router Intrusion?

      ^^^ Apologies, didn't recognise the output! As long as all incoming ports are blocked you should be OK.

    6. #5
      James67's Avatar
      James67 is offline Sky User Member
      Exchange:
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Freesat
      Join Date
      Sep 2007
      Posts
      1,789
      Thanks
      0
      Thanked 2 Times in 2 Posts
      Blog Entries
      3

      Re: Router Intrusion?

      The log messages are a bit misleading. They're not indicating an "intrusion", they're indicating that an intrusion was attempted, but didn't succeed. Nothing to be alarmed about really.

    7. #6
      doom's Avatar
      doom is offline Sky User Member
      Exchange: Aberdeen/Kinkorth
      Broadband ISP: Sky Max/Unlimited
      Router: Sagem F@ST 2504
      Sky TV: Other
      Join Date
      Dec 2007
      Posts
      58
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Router Intrusion?

      Quote Originally Posted by James67 View Post
      The log messages are a bit misleading. They're not indicating an "intrusion", they're indicating that an intrusion was attempted, but didn't succeed. Nothing to be alarmed about really.
      Cheers bud. I was thinking of going back to my old netgear one thinking there might be a problem with this one. God I love this forum. Much better than adslguide (thinkbroadband). You don't get this kind of help on there anymore.

    8. #7
      Mvrck's Avatar
      Mvrck is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Max
      Router: Sagem F@ST 2504
      Sky TV: Sky Basic
      Join Date
      May 2009
      Posts
      3
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Router Intrusion?

      Does anyone know why these intrusion attempts happen? I've been getting these constantly now for a couple of weeks. Maybe longer however I've only just noticed them. It doesn't matter how long I leave my router off, whether it be an hour or a day so that i get a new ip, once the router connects within 15 mins I get the same intrusion messages. I've tried resetting my router to default settings, closed port forwarding ports and yet they keep on appearing.

      Has anyone got any thoughts?

    9. #8
      Isitme's Avatar
      Isitme is online now Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Broadband Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      31,346
      Thanks
      48
      Thanked 1,446 Times in 1,418 Posts

      Re: Router Intrusion?

      As James said above, these are just attempts at intrusion. The router has done its job and stopped them. Unfortunately the world is full of people who try to hack into others PCs and have programs which constantly search for open connections. There is not much you can do about it except trust your router to do its job and ensure you do not leave any ports open. Read the info and do the checks at https://www.grc.com/x/ne.dll?bh0bkyd2 if you are worried.

    10. #9
      Mvrck's Avatar
      Mvrck is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Max
      Router: Sagem F@ST 2504
      Sky TV: Sky Basic
      Join Date
      May 2009
      Posts
      3
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Router Intrusion?

      Thanks for your response. I checked that site and it gave me a thumbs up. I kind of see what your saying about nothing really to worry about. Only thing i'm concerned about is why they keep on trying to get in as soon as my router is turned on. I'm not even doing any internet browsing or xbox live and with a new IP just seems really strange.

      Is everyone else getting these intrusion attempts?

    11. #10
      1-Eye's Avatar
      1-Eye is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Max
      Router: Netgear V2 DG934G
      Sky TV: Sky+
      Join Date
      May 2009
      Posts
      2
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Router Intrusion?

      Do you have a nintendo wii set to connect or something else set for firmare update ps3 etc could be that trying to connect to get updates etc

     

     
    Page 1 of 3 123 LastLast

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2012. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION | SEO by vBSEO