Results 1 to 4 of 4

Thread: [HELP] Router Value Check & weird Security LOG

  1. #1
    Junior Member st1cky's Avatar
    Join Date
    Feb 2018
    Posts
    44

    [HELP] Router Value Check & weird Security LOG

    Hello Speedguide,

    I promised a friend i open a Topic for him, so he has weird Hit-Reg Problems and bullets flying through.
    He has some Proofs he was recording, so maybe he will Post it here later.

    His Line Details ( My Thought was his Line attenuation for Upload was to low 2.3 dB? ):



    Code:
    2018-10-11 13:49:23	Security	Warning	?Intrusion -> SRC=5.188.206.14 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=29014 PROTO=TCP SPT=57949 DPT=3397 WINDOW=102?
    2018-10-11 13:39:29	Security	Warning	?Intrusion -> SRC=46.2.82.54 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=65245 DFPROTO=TCP SPT=37552 DPT=8291 WINDOW=146?
    2018-10-11 13:29:53	Security	Warning	?Intrusion -> SRC=46.2.247.253 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20032 DFPROTO=TCP SPT=10751 DPT=7547 WINDOW=1?
    2018-10-11 13:19:21	Security	Warning	?Intrusion -> SRC=198.199.110.157 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2948 PROTO=TCP SPT=50190 DPT=62500 WINDOW=?
    2018-10-11 13:13:00	Security	Warning	?DROP FTP Request?
    2018-10-11 13:09:44	Security	Warning	?Intrusion -> SRC=80.142.98.220 DST=*.*.*.* LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=46542 PROTO=TCP SPT=10528 DPT=88 WINDOW=8668 ?
    2018-10-11 12:59:40	Security	Warning	?Intrusion -> SRC=5.101.40.212 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21736 PROTO=TCP SPT=49296 DPT=4062 WINDOW=102?
    2018-10-11 12:49:58	Security	Warning	?Intrusion -> SRC=46.2.254.57 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=4942 DFPROTO=TCP SPT=64211 DPT=8291 WINDOW=146?
    2018-10-11 12:49:45	Security	Warning	?DROP TCP SAMBA Request?
    2018-10-11 12:41:11	Security	Warning	?Intrusion -> SRC=121.225.246.103 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=197 ID=36503 PROTO=TCP SPT=9033 DPT=8080 WINDOW=4?
    2018-10-11 12:40:40	Security	Warning	?Intrusion -> SRC=46.2.111.224 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49826 DFPROTO=TCP SPT=20562 DPT=8291 WINDOW=1?
    2018-10-11 12:40:14	Security	Warning	?Intrusion -> SRC=46.2.122.213 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22893 DFPROTO=TCP SPT=4333 DPT=8291 WINDOW=14?
    2018-10-11 12:40:13	Security	Warning	?Intrusion -> SRC=109.248.9.244 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=10501 PROTO=TCP SPT=49376 DPT=12368 WINDOW=1?
    2018-10-11 12:39:22	Security	Warning	?Intrusion -> SRC=37.152.174.182 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=38689 DFPROTO=TCP SPT=5870 DPT=8080 WINDOW=?
    2018-10-11 12:39:06	Security	Warning	?DROP SSH Request?
    2018-10-11 12:38:35	Security	Warning	?Detect UDP port scan attack, scan packet from 192.168.1.3.?
    2018-10-11 12:37:04	Security	Warning	?Intrusion -> SRC=5.188.40.100 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18983 PROTO=TCP SPT=60000 DPT=5872 WINDO?
    2018-10-11 12:27:00	Security	Warning	?Intrusion -> SRC=176.218.48.86 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42783 DFPROTO=TCP SPT=22777 DPT=7547 WI?
    2018-10-11 12:17:08	Security	Warning	?Intrusion -> SRC=176.218.23.5 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=63496 DFPROTO=TCP SPT=13554 DPT=7547 WIN?
    2018-10-11 12:13:33	Security	Warning	?DROP SSH Request?
    Greetings St1cky
    Last edited by st1cky; 10-13-18 at 09:40 AM.

  2. #2
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,051
    Blog Entries
    6
    What is the device at 192.168.1.3 ? Is it his gaming PC?

    Is that a log from his DSL gateway? Seems like it is considering all the UDP traffic from 192.168.1.3 to be an attack, rather than game streaming data, is there a way to turn down that protection?


    The 5.188.206.14 and some other "intrusions" may be the game server or another gamer, you may have to guess by the destination ports and the IPs, but some traffic is today's "normal". If you are curious about the ports use, we have a very comprehensive ports database on the main site too.

    Low attenuation is good. There is some info on the DSL levels here: https://www.speedguide.net/faq/what-...margin-snr-355
    Linux is user friendly, it's just picky about its friends...
    Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits).
    ๑۩۞۩๑

  3. #3
    Junior Member st1cky's Avatar
    Join Date
    Feb 2018
    Posts
    44
    Quote Originally Posted by Philip View Post
    What is the device at 192.168.1.3 ? Is it his gaming PC?

    Is that a log from his DSL gateway? Seems like it is considering all the UDP traffic from 192.168.1.3 to be an attack, rather than game streaming data, is there a way to turn down that protection?


    The 5.188.206.14 and some other "intrusions" may be the game server or another gamer, you may have to guess by the destination ports and the IPs, but some traffic is today's "normal". If you are curious about the ports use, we have a very comprehensive ports database on the main site too.

    Low attenuation is good. There is some info on the DSL levels here: https://www.speedguide.net/faq/what-...margin-snr-355
    Yes, 192.168.1.3 is his Gaming PC.

    I think he has some Protection Settings, like DDOS Protection and PortScan Protections, i will check it out.

    Yes the Logfile is from his Modem/Router. I will ask him to provide more Information.

    Thanks Phil.

  4. #4
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,051
    Blog Entries
    6
    No problem, yeah he should probably turn off that DDoS/Firewall protection in the modem if possible.

Similar Threads

  1. Your Social Security Check Is Being Cut!
    By Prey521 in forum General Discussion Board
    Replies: 1
    Last Post: 07-03-06, 06:30 PM
  2. Check this weird error out
    By biiqdan530 in forum General Discussion Board
    Replies: 4
    Last Post: 06-20-04, 10:20 PM
  3. another security check.
    By crazyman in forum Network Security
    Replies: 6
    Last Post: 03-03-01, 10:15 AM
  4. Security Check
    By BlueJetta in forum Networking Forum
    Replies: 0
    Last Post: 10-28-00, 10:50 AM
  5. Security Check....
    By Jagators in forum Network Security
    Replies: 4
    Last Post: 03-10-00, 06:49 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •