PDA

View Full Version : Router Security Alert Logs

Desmo
22-08-2007, 14:54
Anything to worry about?


Mon, 2007-08-20 14:00:04 - Send E-mail Success!
Mon, 2007-08-20 21:09:18 - UDP Packet - Source:67.159.44.107,5346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,6346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,7346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,8346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,9346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - Send E-mail Success!
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,5346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,6346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,7346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,8346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,9346 Destination:87.127.131.137,12653 - [DOS]




TCP Packet - Source:82.11.183.104,34683 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,32832 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35252 Destination:87.127.131.137,49635 - [DOS]
TCP Packet - Source:82.11.183.104,35480 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:65.98.4.114,30335 Destination:87.127.131.137,113 - [DOS]
TCP Packet - Source:82.11.183.104,35104 Destination:87.127.131.137,49634 - [DOS]
TCP Packet - Source:82.11.183.104,35462 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,34683 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,32832 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35252 Destination:87.127.131.137,49635 - [DOS]
TCP Packet - Source:82.11.183.104,35462 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,34683 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,32832 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35252 Destination:87.127.131.137,49635 - [DOS]
TCP Packet - Source:82.11.183.104,35480 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35270 Destination:87.127.131.137,49637 - [DOS]
UDP Packet - Source:67.159.44.107,5346 Destination:87.127.131.137,12653 - [DOS]
Mark
22-08-2007, 15:02
I don't worry about incoming things unless they're causing damage or disruption (never happened, touch wood). Regularly pick up random password attacks on Linux and Blaster-style attacks on Windows, but none of them get past the logs.

However, if unexpected stuff is outgoing (particularly email), that's a sign of trouble.
Desmo
22-08-2007, 15:04
All incoming. The outgoing emails are the router emailing me :)
Daz
22-08-2007, 15:06
Just the state of the web at the moment - attacks flying around all over the shop. That and spam email.
Desmo
22-08-2007, 15:24
Just had another email come through...


Tue, 2007-08-21 14:00:03 - Send E-mail Success!
Tue, 2007-08-21 17:24:10 - TCP Packet - Source:85.224.102.87,4453 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 17:25:11 - TCP Packet - Source:122.36.131.101,4078 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 19:33:46 - TCP Packet - Source:62.233.185.178,3921 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 20:52:34 - TCP Packet - Source:88.212.7.47,2375 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 21:19:23 - TCP Packet - Source:24.22.236.241,3534 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 22:35:01 - TCP Packet - Source:85.204.123.67,3024 Destination:10.0.0.10,5901 - [VNC12 match]
Wed, 2007-08-22 00:50:28 - TCP Packet - Source:220.122.190.143,2375 Destination:10.0.0.10,5901 - [VNC12 match]
Wed, 2007-08-22 03:16:42 - TCP Packet - Source:24.196.87.242,1236 Destination:10.0.0.10,5901 - [VNC12 match]


Don't have VNC set up on anything right now though so not too worried.
Daz
22-08-2007, 15:25
Even then it would only be a problem if your router was NAT'ing the standard ports across :)
Mark
22-08-2007, 15:29
Yup - VNC is a known exploitable software (if not up-to-date or secured), so it's hardly surprising bots are going after that.

I very rarely even look any more and don't bother emailing logs. There's so much background noise and bots looking for holes that don't exist that it's a waste of my time, but then, I don't have a business to worry about with the potential downtime costs of that.
Daz
22-08-2007, 15:35
It's the same here Mark. Smaller clients never look at them unless they have reason to suspect something, and larger clients spend a lot of money on monitoring software/services to analyse the data for them.