Router Security Alert Logs

Desmo · 22-08-2007, 14:54

Anything to worry about?

Quote:

Mon, 2007-08-20 14:00:04 - Send E-mail Success!
Mon, 2007-08-20 21:09:18 - UDP Packet - Source:67.159.44.107,5346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,6346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,7346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,8346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,9346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - Send E-mail Success!
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,5346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,6346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,7346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,8346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,9346 Destination:87.127.131.137,12653 - [DOS]

Quote:

TCP Packet - Source:82.11.183.104,34683 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,32832 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35252 Destination:87.127.131.137,49635 - [DOS]
TCP Packet - Source:82.11.183.104,35480 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:65.98.4.114,30335 Destination:87.127.131.137,113 - [DOS]
TCP Packet - Source:82.11.183.104,35104 Destination:87.127.131.137,49634 - [DOS]
TCP Packet - Source:82.11.183.104,35462 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,34683 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,32832 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35252 Destination:87.127.131.137,49635 - [DOS]
TCP Packet - Source:82.11.183.104,35462 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,34683 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,32832 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35252 Destination:87.127.131.137,49635 - [DOS]
TCP Packet - Source:82.11.183.104,35480 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35270 Destination:87.127.131.137,49637 - [DOS]
UDP Packet - Source:67.159.44.107,5346 Destination:87.127.131.137,12653 - [DOS]

Mark · 22-08-2007, 15:02

I don't worry about incoming things unless they're causing damage or disruption (never happened, touch wood). Regularly pick up random password attacks on Linux and Blaster-style attacks on Windows, but none of them get past the logs.

However, if unexpected stuff is outgoing (particularly email), that's a sign of trouble.

Desmo · 22-08-2007, 15:04

All incoming. The outgoing emails are the router emailing me

Daz · 22-08-2007, 15:06

Just the state of the web at the moment - attacks flying around all over the shop. That and spam email.

Desmo · 22-08-2007, 15:24

Just had another email come through...

Quote:

Tue, 2007-08-21 14:00:03 - Send E-mail Success!
Tue, 2007-08-21 17:24:10 - TCP Packet - Source:85.224.102.87,4453 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 17:25:11 - TCP Packet - Source:122.36.131.101,4078 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 19:33:46 - TCP Packet - Source:62.233.185.178,3921 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 20:52:34 - TCP Packet - Source:88.212.7.47,2375 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 21:19:23 - TCP Packet - Source:24.22.236.241,3534 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 22:35:01 - TCP Packet - Source:85.204.123.67,3024 Destination:10.0.0.10,5901 - [VNC12 match]
Wed, 2007-08-22 00:50:28 - TCP Packet - Source:220.122.190.143,2375 Destination:10.0.0.10,5901 - [VNC12 match]
Wed, 2007-08-22 03:16:42 - TCP Packet - Source:24.196.87.242,1236 Destination:10.0.0.10,5901 - [VNC12 match]

Don't have VNC set up on anything right now though so not too worried.

Daz · 22-08-2007, 15:25

Even then it would only be a problem if your router was NAT'ing the standard ports across

Mark · 22-08-2007, 15:29

Yup - VNC is a known exploitable software (if not up-to-date or secured), so it's hardly surprising bots are going after that.

I very rarely even look any more and don't bother emailing logs. There's so much background noise and bots looking for holes that don't exist that it's a waste of my time, but then, I don't have a business to worry about with the potential downtime costs of that.

Daz · 22-08-2007, 15:35

It's the same here Mark. Smaller clients never look at them unless they have reason to suspect something, and larger clients spend a lot of money on monitoring software/services to analyse the data for them.

22-08-2007, 15:04	#3
Desmo The Last Airbender Join Date: Jun 2006 Location: Pigmopad Posts: 11,915	All incoming. The outgoing emails are the router emailing me __________________

22-08-2007, 15:06	#4
Daz The Stig Join Date: Jun 2006 Location: Swad! Posts: 10,713	Just the state of the web at the moment - attacks flying around all over the shop. That and spam email. __________________ apt-get moo

22-08-2007, 15:25	#6
Daz The Stig Join Date: Jun 2006 Location: Swad! Posts: 10,713	Even then it would only be a problem if your router was NAT'ing the standard ports across __________________ apt-get moo

22-08-2007, 15:29	#7
Mark Screaming Orgasm Join Date: Jul 2006 Location: Newbury Posts: 15,194	Yup - VNC is a known exploitable software (if not up-to-date or secured), so it's hardly surprising bots are going after that. I very rarely even look any more and don't bother emailing logs. There's so much background noise and bots looking for holes that don't exist that it's a waste of my time, but then, I don't have a business to worry about with the potential downtime costs of that. Last edited by Mark; 22-08-2007 at 15:32.

22-08-2007, 15:35	#8
Daz The Stig Join Date: Jun 2006 Location: Swad! Posts: 10,713	It's the same here Mark. Smaller clients never look at them unless they have reason to suspect something, and larger clients spend a lot of money on monitoring software/services to analyse the data for them. __________________ apt-get moo

22-08-2007, 15:02	#2
Mark Screaming Orgasm Join Date: Jul 2006 Location: Newbury Posts: 15,194	I don't worry about incoming things unless they're causing damage or disruption (never happened, touch wood). Regularly pick up random password attacks on Linux and Blaster-style attacks on Windows, but none of them get past the logs. However, if unexpected stuff is outgoing (particularly email), that's a sign of trouble.

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode