router security log

Discussion in 'Computer Security' started by p escobar, Jun 24, 2009.

  1. p escobar

    p escobar Guest

    hi

    i'm not particularly versed on the subject of network security, so
    forgive me if this is a naive question.

    my router's security log is constantly logging access attempts from
    other ip's. for example:

    2009/06/24 16:27:23 : Blocked access attempt from 80.101.213.247
    2009/06/24 16:27:12 : Blocked access attempt from 80.101.213.247
    2009/06/24 16:26:49 : Blocked access attempt from 86.136.178.26
    2009/06/24 16:26:04 : Blocked access attempt from 80.101.213.247
    2009/06/24 16:26:03 : Blocked access attempt from 86.136.178.26
    2009/06/24 16:25:57 : Blocked access attempt from 80.101.213.247
    2009/06/24 16:25:57 : Blocked access attempt from 86.136.178.26
    2009/06/24 16:25:54 : Blocked access attempt from 80.101.213.247
    2009/06/24 16:25:54 : Blocked access attempt from 86.136.178.26
    2009/06/24 16:25:53 : Blocked access attempt from 80.101.213.247
    2009/06/24 16:25:08 : Blocked access attempt from 86.136.178.26
    2009/06/24 16:25:04 : Blocked access attempt from 70.91.84.41
    2009/06/24 16:25:02 : Blocked access attempt from 86.136.178.26

    i've checked some of these out with nmap, and most appear to be regular
    users, not web servers. i assume this because a web server would have
    some typical ports available like ftp, ssh, http etc. example:

    sudo nmap -v -PN -O 80.101.213.247

    Starting Nmap 4.85BETA8 ( http://nmap.org ) at 2009-06-24 17:31 CEST
    NSE: Loaded 0 scripts for scanning.
    Initiating Parallel DNS resolution of 1 host. at 17:31
    Completed Parallel DNS resolution of 1 host. at 17:31, 0.03s elapsed
    Initiating SYN Stealth Scan at 17:31
    Scanning a80-101-213-247.adsl.xs4all.nl (80.101.213.247) [1000 ports]
    Discovered open port 5060/tcp on 80.101.213.247
    Completed SYN Stealth Scan at 17:32, 27.02s elapsed (1000 total ports)
    Initiating OS detection (try #1) against a80-101-213-247.adsl.xs4all.nl
    (80.101.213.247)
    Retrying OS detection (try #2) against a80-101-213-247.adsl.xs4all.nl
    (80.101.213.247)
    WARNING: OS didn't match until try #2Host
    a80-101-213-247.adsl.xs4all.nl (80.101.213.247) is up (0.030s latency).
    Interesting ports on a80-101-213-247.adsl.xs4all.nl (80.101.213.247):
    Not shown: 998 filtered ports
    PORT STATE SERVICE
    5060/tcp open sip
    8089/tcp closed unknown
    Device type: general purpose
    Running: Linux 2.6.X
    OS details: Linux 2.6.5 - 2.6.19

    Read data files from: /usr/local/share/nmap
    OS detection performed. Please report any incorrect results at
    http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 31.07 seconds
    Raw packets sent: 2051 (94.096KB) | Rcvd: 36 (1984B)


    is this something i should worry about?

    thanks

    pablo
     
    p escobar, Jun 24, 2009
    #1
    1. Advertising

  2. p escobar

    Todd H. Guest

    p escobar <> writes:
    > hi
    >
    > i'm not particularly versed on the subject of network security, so
    > forgive me if this is a naive question.
    >
    > my router's security log is constantly logging access attempts from
    > other ip's. for example:
    >
    > 2009/06/24 16:27:23 : Blocked access attempt from 80.101.213.247
    > 2009/06/24 16:27:12 : Blocked access attempt from 80.101.213.247
    > 2009/06/24 16:26:49 : Blocked access attempt from 86.136.178.26
    > 2009/06/24 16:26:04 : Blocked access attempt from 80.101.213.247
    > 2009/06/24 16:26:03 : Blocked access attempt from 86.136.178.26
    > 2009/06/24 16:25:57 : Blocked access attempt from 80.101.213.247
    > 2009/06/24 16:25:57 : Blocked access attempt from 86.136.178.26
    > 2009/06/24 16:25:54 : Blocked access attempt from 80.101.213.247
    > 2009/06/24 16:25:54 : Blocked access attempt from 86.136.178.26
    > 2009/06/24 16:25:53 : Blocked access attempt from 80.101.213.247
    > 2009/06/24 16:25:08 : Blocked access attempt from 86.136.178.26
    > 2009/06/24 16:25:04 : Blocked access attempt from 70.91.84.41
    > 2009/06/24 16:25:02 : Blocked access attempt from 86.136.178.26
    >
    > i've checked some of these out with nmap,


    FYI: Scanning IP's you don't own can be legally tenuous.

    > and most appear to be regular users, not web servers. i assume this
    > because a web server would have some typical ports available like
    > ftp, ssh, http


    http or https, yes are normal for what would be web servers, but, not
    necessarily others though.

    And if you have adsl lines that you're looking at (as suggested by the
    hostnames of what you were looking at), it's likely that the traffic
    hiting you is because these poor folk are infected with bots or other
    nastyware. I agree with your conclusion that the sample you provided
    was mostl likely a regular end user.

    > is this something i should worry about?


    By virtue of being on the internet, you will get scanned and scanned a
    LOT. That your router is blocking these should be considered
    reassuring and exceedingly normal.


    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Jun 24, 2009
    #2
    1. Advertising

  3. p escobar

    p escobar Guest

    Leonard Agoado wrote:

    > Pablo,
    >
    > The question isn't what ports they have available, but what ports
    > you have available.


    none that are immediately detectable, afaik.

    >> is this something i should worry about?

    >
    > Possibly. Are you protecting a network, home computer, or what?
    > What protection do you have in place? What ports are they attempting to
    > connect to? Are they succeeding?


    sadly, my router's firewall doesn't give me any more information.
    apparently they are not succeeding.

    would you say these connection attempts are intentional or are they
    possibly random and insignificant?

    pablo
     
    p escobar, Jun 24, 2009
    #3
  4. p escobar

    p escobar Guest

    Todd H. wrote:

    > FYI: Scanning IP's you don't own can be legally tenuous.


    i'm aware of that. given that my intentions aren't malicious or harmful
    i'm not worried about that. and to be fair: they started it! hehe.

    > By virtue of being on the internet, you will get scanned and scanned a
    > LOT. That your router is blocking these should be considered
    > reassuring and exceedingly normal.


    thanks for the info, todd

    pablo
     
    p escobar, Jun 24, 2009
    #4
  5. p escobar

    p escobar Guest

    Leonard Agoado wrote:

    > They are probably intentional, very common, and very frequent. How
    > insignificant they are depends on how well protected you are.


    and there i thought nowadays hackers rely on nifty buffer overflow
    exploits and social engineering scams instead of trying to force their
    way in through the front door with an axe. that is not very ladylike.

    if one of the wankers does get in and somehow manages to compromise my
    web banking account i'd love to see the look of disappointment on his
    face when he sees my balance.

    pablo
     
    p escobar, Jun 25, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?TWljaGFlbEo=?=

    Cannot log into my Router

    =?Utf-8?B?TWljaGFlbEo=?=, May 9, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    17,261
    Fred Marshall
    May 10, 2005
  2. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    658
    COMSOLIT Messmer
    Sep 5, 2003
  3. Mary Helen
    Replies:
    2
    Views:
    6,251
    Juan Pérez
    Feb 9, 2004
  4. Jerry G.

    Log On Screen Changed. No More Auto-Log On.

    Jerry G., Oct 22, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    587
    Locke Nash Cole
    Oct 22, 2004
  5. djc
    Replies:
    0
    Views:
    332
Loading...

Share This Page