Intrusion noticed in log

[QMayberry]

I was looking at the system logs as I had noticed the wireless and internet lights flashing on our sagem router when nothing was apparently accessing it. I found the following, can anyone please tell me what does it mean? I also don't know what type of sagem router we have as it doesn't mention any of the types listed on the skyuser registration details ( I selected one which was the F@ST 2504 , couldn't tell you if it is correct)!

Dec 29 17:30:16 (none) user.alert kernel: Intrusion -> IN=nas_0_40 OUT= MAC=00:25:69:15:06:de:00:07:72:99:e9:9c:08:00 SRC=186.148.243.167 DST=94.3.28.120 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=52311 DF PROTO=TCP SPT=4844 DPT=445 WINDOW=65535 RES=0x00


Dec 29 17:38:36 (none) user.alert kernel: Intrusion -> IN=nas_0_40 OUT= MAC=00:25:69:15:06:de:00:07:72:99:e9:9c:08:00 SRC=59.67.107.53 DST=94.3.28.120 LEN=44 TOS=0x00 PREC=0x00 TTL=97 ID=256 PROTO=TCP SPT=6000 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP


Dec 29 17:40:33 (none) user.alert kernel: Intrusion -> IN=nas_0_40 OUT= MAC=00:25:69:15:06:de:00:07:72:99:e9:9c:08:00 SRC=87.97.83.95 DST=94.3.28.120 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=30449 DF PROTO=TCP SPT=10164 DPT=445 WINDOW=65535 RES=0x00 SYN


Dec 29 17:42:44 (none) user.alert kernel: Intrusion -> IN=nas_0_40 OUT= MAC=00:25:69:15:06:de:00:07:72:99:e9:9c:08:00 SRC=89.38.144.184 DST=94.3.28.120 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=11928 DF PROTO=TCP SPT=9352 DPT=445 WINDOW=65535 RES=0x00 SY

[Isitme]

It is just your router doing its job, nothing to worry about. You may find the intrusions decrease or disappear if you turn off 'Respond to Ping' on the WAN. Then do a power cycle with the router, which may get you a new IP address.

[QMayberry]

Thanks for that, I turned off the ping, don't know why it was on in the first place! I also did the power cycle, but it came back with the same ip address.

So was this from something trying to get into our network or some software trying to get out of our network?

[Isitme]

The 'intrusions' are from other routers probing yours to attempt to get access. The attempts shown in the log you posted were from machines in countries ranging from China to Argentina. There are individuals all over the world who like to try to hack others networks, sometimes for nefarious reasons and sometime just for the fun and challenge of doing it. It may also be possible they are requests coming from P2P networks or maybe even gaming networks. If the P2P client or game is closed when the request is made, the router will reject it. It is one of the big advantages of using a firewall router, if you were not using a router you would be depending on a software firewall to protect you, these are not nearly so effective.