Results 1 to 3 of 3
D LInk Router Logs Question
This is a discussion on D LInk Router Logs Question within the Sky Router forums, part of the Sky Broadband help category; Hi Been with Sky BB for nearly 3 years. Originally had a DG934 but after recent issues, Sky have provided ...
- 11-09-10, 09:05 AM #1
D LInk Router Logs Question
Hi
Been with Sky BB for nearly 3 years. Originally had a DG934 but after recent issues, Sky have provided a shiny new D Link 2640.
My question is when viewing the logs, there are regular messages of
kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=41.237.100.199 DST=XXX.XXX.XXX.XXX LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=36393 DF PROTO=TCP SPT=2629 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
XXX being my Internet address. The source IP differs each time, but they are all hitting my IP address over port 23(telnet). Can someone tell me whether the log is simply saying this Source has tried to Telnet or has actually managed to breach the firewall. At least on the Netgear it told you if it was blocked and what time it happened.
As I say the logging doesn't specify times so its hard to determine when it has happened.
Doing an nslookup on this particular address shows the host name is originating from Egypt
Anyone any ideas
Advertisement- 11-09-10, 11:47 AM #2
Re: D LInk Router Logs Question
I am pretty sure it has been blocked. If it had got through the router I don't think you would see anything in the log at all. To be on the safe side, change the router admin password to something unique to you and turn off Respond to Ping. Responding to ping just lets hackers know that something is at the address they are pinging.
TomD
Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.
Useful Utilites
https://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket
Note - When downloading always select the Custom install or you will end up with stuff you don't want.
- 11-09-10, 05:58 PM #3
Re: D LInk Router Logs Question
I agree - 1st thing I did was change the password and switch ping off. With the netgear, it would say "rule match" or something like that. It may just be the wording of it as I dont have this port opened or any for that matter. The logging could be better and clearer in what it is logging on.