Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 63k members.


    Advertisement

    Results 1 to 10 of 10

    Intrusion ?

    This is a discussion on Intrusion ? within the Sky Router forums, part of the Sky Broadband help category; Getting this in the activity log of my Sagem May 31 17:55:22 (none) user.alert kernel: Intrusion -> IN=atm0 OUT= MAC= ...

    1. #1
      stevep's Avatar
      stevep is offline Sky User Member
      Exchange:
      Broadband ISP: Base
      Router: Sagemcom 2304n
      Sky TV: Sky+HD box
      Join Date
      Mar 2008
      Posts
      29
      Thanks
      4
      Thanked 0 Times in 0 Posts

      Intrusion ?

      Getting this in the activity log of my Sagem

      May 31 17:55:22 (none) user.alert kernel: Intrusion -> IN=atm0 OUT= MAC= "router mac addy" :27:00:07:72:b3:ef:bc:08:00 SRC=212.103.161.117 DST= "my IP addy" LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=2170 DF PROTO=TCP SPT=1190 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000

      ideas ? ?


    2. Advertisement
    3. #2
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Broadband Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      32,122
      Thanks
      50
      Thanked 1,521 Times in 1,482 Posts

      Re: Intrusion ?

      "router mac addy"
      What is this address? If it is not yours there is not much point in concealing it. It could give a clue to who is trying to gain access, usually it is nothing to worry about. How many attempts have been made from the same address.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      Inssider / TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    4. #3
      stevep's Avatar
      stevep is offline Sky User Member
      Exchange:
      Broadband ISP: Base
      Router: Sagemcom 2304n
      Sky TV: Sky+HD box
      Join Date
      Mar 2008
      Posts
      29
      Thanks
      4
      Thanked 0 Times in 0 Posts

      Re: Intrusion ?

      its my routers MAC followed by IP addy

    5. #4
      Exdee's Avatar
      Exdee is offline Sky User Member
      Exchange: LSXXX
      Broadband ISP: Sky Broadband Unlimited
      Router: D-Link DSL-2640S
      Sky TV: Sky+ HD
      Join Date
      Apr 2010
      Posts
      1,556
      Thanks
      22
      Thanked 186 Times in 179 Posts

      Re: Intrusion ?

      If it makes you feel any better. I get one every few minutes.

      May 31 10:58:55 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=46.118.209.76 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=30951 DF PROTO=TCP SPT=51874 DPT=4899 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 11:03:46 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.168.172.142 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=5137 DF PROTO=TCP SPT=38918 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 11:13:00 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.168.172.142 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=4743 DF PROTO=TCP SPT=39743 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 11:37:50 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=87.246.33.46 DST=My Ip Address LEN=64 TOS=0x02 PREC=0x00 TTL=114 ID=57429 DF PROTO=TCP SPT=1066 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 11:37:53 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=87.246.33.46 DST=My Ip Address LEN=64 TOS=0x02 PREC=0x00 TTL=114 ID=60533 DF PROTO=TCP SPT=1066 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 11:47:08 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=85.185.154.35 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=34280 DF PROTO=TCP SPT=1954 DPT=53 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 12:04:38 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=77.232.1.125 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=31254 DF PROTO=TCP SPT=62120 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 12:04:41 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=77.232.1.125 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=465 DF PROTO=TCP SPT=62120 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 12:13:26 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.197.127.89 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=48808 DF PROTO=TCP SPT=36101 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 12:24:38 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.168.172.142 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=6935 DF PROTO=TCP SPT=47003 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 12:33:40 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.197.127.89 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=13524 DF PROTO=TCP SPT=48268 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 12:47:15 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=89.149.225.222 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=57038 DF PROTO=TCP SPT=43613 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 12:55:39 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.197.127.89 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=62358 DF PROTO=TCP SPT=33814 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 13:00:31 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=149.13.32.251 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24316 DF PROTO=TCP SPT=47625 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 13:10:43 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=80.189.51.185 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=57 ID=55088 DF PROTO=TCP SPT=49262 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 13:20:46 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=213.244.170.76 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=4414 DF PROTO=TCP SPT=50328 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 13:35:12 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=149.13.32.248 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=53451 DF PROTO=TCP SPT=35372 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 13:45:12 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=213.146.189.235 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=44076 DF PROTO=TCP SPT=41167 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 13:50:20 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:20 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:22 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:22 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:24 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:24 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:26 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:26 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:28 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:28 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:30 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:30 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:32 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:32 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:34 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:34 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:36 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:36 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:38 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:38 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:40 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:40 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:42 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:42 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:44 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:44 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:46 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:46 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:48 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:48 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:50 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:50 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:52 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:52 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:54 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:54 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:56 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:56 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:58 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 13:50:58 kernel: xt_TCPMSS: bad length (1386 bytes)
      May 31 14:01:18 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=90.150.126.28 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=36 ID=65438 DF PROTO=TCP SPT=10944 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
      May 31 14:01:21 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=90.150.126.28 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=36 ID=1441 DF PROTO=TCP SPT=10944 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
      May 31 14:18:32 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=174.110.179.10 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=5816 DF PROTO=TCP SPT=30033 DPT=35635 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 14:22:44 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=174.110.179.10 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=8031 DF PROTO=TCP SPT=30216 DPT=35635 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 14:30:38 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=174.110.179.10 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=12396 DF PROTO=TCP SPT=30546 DPT=35635 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 14:43:24 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.168.172.142 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=17974 DF PROTO=TCP SPT=62120 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 14:53:52 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=24.118.14.207 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34419 DF PROTO=TCP SPT=49939 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 15:06:37 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=2.109.51.120 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=24122 DF PROTO=TCP SPT=57893 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 15:20:22 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=89.149.201.131 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=14411 DF PROTO=TCP SPT=50610 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 15:20:52 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=83.149.21.224 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=1283 DF PROTO=TCP SPT=15241 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 15:38:42 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=149.13.32.248 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=4527 DF PROTO=TCP SPT=48892 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 15:40:27 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=92.13.239.251 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=12873 DF PROTO=TCP SPT=52725 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 15:51:33 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.85.0.5 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=54 ID=57952 PROTO=TCP SPT=53093 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
      May 31 16:01:23 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=86.12.173.9 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=5780 DF PROTO=TCP SPT=37969 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 16:10:30 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=213.146.189.234 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=8095 DF PROTO=TCP SPT=41739 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 16:26:07 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=93.42.7.83 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=18414 DF PROTO=TCP SPT=45799 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 16:31:59 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=194.20.78.33 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=40487 PROTO=TCP SPT=58023 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 16:41:00 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=41.226.42.153 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=38607 DF PROTO=TCP SPT=2946 DPT=443 WINDOW=32768 RES=0x00 SYN URGP=0
      May 31 16:58:08 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=12.233.226.77 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=47 ID=39101 DF PROTO=TCP SPT=52041 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 17:00:49 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=87.114.122.88 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=29147 DF PROTO=TCP SPT=50015 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 17:16:20 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=213.146.189.238 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=2880 DF PROTO=TCP SPT=57192 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 17:31:51 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=85.127.52.170 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=54 ID=17469 DF PROTO=TCP SPT=61085 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 17:31:52 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=85.127.52.170 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=54 ID=17481 DF PROTO=TCP SPT=61089 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 17:40:46 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=94.11.186.228 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=124 ID=2697 DF PROTO=TCP SPT=52391 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 17:55:40 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=81.141.147.71 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=10905 DF PROTO=TCP SPT=1469 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
      May 31 18:20:09 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=151.82.42.227 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=13581 DF PROTO=TCP SPT=2424 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 18:20:13 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=151.82.42.227 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=14030 DF PROTO=TCP SPT=2424 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 18:21:46 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=221.143.50.212 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=31124 DF PROTO=TCP SPT=54822 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 18:31:59 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=213.139.17.189 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=120 ID=44028 DF PROTO=TCP SPT=1505 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 18:45:07 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=89.240.74.186 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=16911 DF PROTO=TCP SPT=12056 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 18:51:10 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=200.14.209.181 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=60178 DF PROTO=TCP SPT=27956 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
      May 31 19:01:12 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=81.151.46.87 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=32956 DF PROTO=TCP SPT=4111 DPT=19937 WINDOW=16384 RES=0x00 SYN URGP=0
      May 31 19:14:51 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=173.239.182.206 DST=My Ip Address LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=35592 DF PROTO=TCP SPT=48751 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
      May 31 19:28:43 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=80.1.197.207 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=28620 DF PROTO=TCP SPT=60994 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 19:33:47 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=80.1.197.207 DST=My Ip Address LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=4422 DF PROTO=TCP SPT=61279 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 19:41:07 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=90.199.205.100 DST=My Ip Address LEN=52 TOS=0x00 PREC=0x00 TTL=123 ID=3609 DF PROTO=TCP SPT=49418 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
      May 31 19:57:15 kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=62.203.182.27 DST=My Ip Address LEN=64 TOS=0x00 PREC=0x00 TTL=53 ID=803 DF PROTO=TCP SPT=58817 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
      Last edited by Exdee; 31-05-11 at 09:24 PM.

    6. #5
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Broadband Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      32,122
      Thanks
      50
      Thanked 1,521 Times in 1,482 Posts

      Re: Intrusion ?

      Sorry I did not notice you had left the intruders address visible. Someone in Egypt is probing your router, as long as it is not over a long continuous period, there is nothing to worry about. In saying that, the Sagem is not too clear in what it reports saying, 'user.alert kernel: Intrusion' suggests the router has been hacked, but I don't think this is the case. Many routers would report 'user.alert kernel: Intrusion attempt' which would mean it had not been breached. I think this is the case with the Sagem, I think if it had been breached, you would not get any warning in the Log.

      If you have it on, turn off Respond to Ping on Internet WAN. This just serves to tell hackers there is something there to probe.

      If you are getting a lot of hits from the UK it is possible you have an address previously used by a gamer/server host.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      Inssider / TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    7. #6
      Shonk's Avatar
      Shonk is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Fibre Unlimited Pro
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Mar 2010
      Posts
      1,141
      Thanks
      6
      Thanked 93 Times in 91 Posts

      Re: Intrusion ?

      this happens all the time

      usually bots from china and russia

    8. #7
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Broadband Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      32,122
      Thanks
      50
      Thanked 1,521 Times in 1,482 Posts

      Re: Intrusion ?

      @Exdee
      You might want to check your MTU is set correctly

      Your code has mad a mess of the page size

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      Inssider / TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    9. #8
      Exdee's Avatar
      Exdee is offline Sky User Member
      Exchange: LSXXX
      Broadband ISP: Sky Broadband Unlimited
      Router: D-Link DSL-2640S
      Sky TV: Sky+ HD
      Join Date
      Apr 2010
      Posts
      1,556
      Thanks
      22
      Thanked 186 Times in 179 Posts

      Re: Intrusion ?

      MTU is set at 1500.
      Code removed. Sorry

    10. #9
      fuzzy logic's Avatar
      fuzzy logic is offline Sky User Member
      Exchange:
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Sky Basic
      Join Date
      Apr 2008
      Posts
      463
      Thanks
      2
      Thanked 71 Times in 52 Posts

      Re: Intrusion ?

      Quote Originally Posted by Isitme View Post
      In saying that, the Sagem is not too clear in what it reports saying, 'user.alert kernel: Intrusion' suggests the router has been hacked, but I don't think this is the case. Many routers would report 'user.alert kernel: Intrusion attempt' which would mean it had not been breached. I think this is the case with the Sagem, I think if it had been breached, you would not get any warning in the Log.
      "Attempt" would be better, but I would think many routers wouldn't log every attempt to connect.; only when it appears to be someone portscanning your router.

      I'm no linux expert, but I think basically it is just a message from the linux kernel saying hey I've just received and ignored a Syn packet with such and such flags set from so and so IP address/port. (A syn packet is the first packet of a TCP handshake, and is sent when you try to establish a TCP connection to a server.)

    11. #10
      Undecided Adrian's Avatar
      Undecided Adrian is offline Sky User Member
      Exchange: Stevenage
      Broadband ISP: BT
      Router: Non Sky Router
      Sky TV: Sky+ HD
      Join Date
      May 2007
      Posts
      2,539
      Thanks
      1
      Thanked 23 Times in 21 Posts

      Re: Intrusion ?

      it's the script kiddies running port scans looking for IP address to try and "hack"

      As isitme said turn the Respond to ping off and then when somebody pings your IP address they get a time out error message.
      I'm a PC, and Windows 7 Backup saved my sanity when BitDefender imploded !!!

     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2014. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION | SEO by vBSEO