[HELP] Router Value Check & weird Security LOG

Get help and discuss anything related to tweaking your internet connection, as well as the different tools and registry patches on the site. TCP Optimizer settings and Analyzer results should be posted here.
Post Reply
User avatar
st1cky
Member
Posts: 78
Joined: Mon Feb 05, 2018 8:53 am

[HELP] Router Value Check & weird Security LOG

Post by st1cky »

Hello Speedguide,

I promised a friend i open a Topic for him, so he has weird Hit-Reg Problems and bullets flying through.
He has some Proofs he was recording, so maybe he will Post it here later.

His Line Details ( My Thought was his Line attenuation for Upload was to low 2.3 dB? ):

Image

Code: Select all

2018-10-11 13:49:23	Security	[color="#FF0000"]Warning	?Intrusion [/color]-> SRC=5.188.206.14 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=29014 PROTO=TCP SPT=57949 DPT=3397 WINDOW=102?
2018-10-11 13:39:29	Security	Warning	?Intrusion -> SRC=46.2.82.54 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=65245 DFPROTO=TCP SPT=37552 DPT=8291 WINDOW=146?
2018-10-11 13:29:53	Security	Warning	?Intrusion -> SRC=46.2.247.253 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20032 DFPROTO=TCP SPT=10751 DPT=7547 WINDOW=1?
2018-10-11 13:19:21	Security	Warning	?Intrusion -> SRC=198.199.110.157 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2948 PROTO=TCP SPT=50190 DPT=62500 WINDOW=?
2018-10-11 13:13:00	Security	Warning	?DROP FTP Request?
2018-10-11 13:09:44	Security	Warning	?Intrusion -> SRC=80.142.98.220 DST=*.*.*.* LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=46542 PROTO=TCP SPT=10528 DPT=88 WINDOW=8668 ?
2018-10-11 12:59:40	Security	Warning	?Intrusion -> SRC=5.101.40.212 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21736 PROTO=TCP SPT=49296 DPT=4062 WINDOW=102?
2018-10-11 12:49:58	Security	Warning	?Intrusion -> SRC=46.2.254.57 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=4942 DFPROTO=TCP SPT=64211 DPT=8291 WINDOW=146?
2018-10-11 12:49:45	Security	Warning	?DROP TCP SAMBA Request?
2018-10-11 12:41:11	Security	Warning	?Intrusion -> SRC=121.225.246.103 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=197 ID=36503 PROTO=TCP SPT=9033 DPT=8080 WINDOW=4?
2018-10-11 12:40:40	Security	Warning	?Intrusion -> SRC=46.2.111.224 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49826 DFPROTO=TCP SPT=20562 DPT=8291 WINDOW=1?
2018-10-11 12:40:14	Security	Warning	?Intrusion -> SRC=46.2.122.213 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22893 DFPROTO=TCP SPT=4333 DPT=8291 WINDOW=14?
2018-10-11 12:40:13	Security	Warning	?Intrusion -> SRC=109.248.9.244 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=10501 PROTO=TCP SPT=49376 DPT=12368 WINDOW=1?
2018-10-11 12:39:22	Security	Warning	?Intrusion -> SRC=37.152.174.182 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=38689 DFPROTO=TCP SPT=5870 DPT=8080 WINDOW=?
2018-10-11 12:39:06	Security	Warning	?DROP SSH Request?
2018-10-11 12:38:35	Security	Warning	[color="#FF0000"]?Detect UDP port scan attack, scan packet from 192.168.1.3.?[/color]
2018-10-11 12:37:04	Security	Warning	?Intrusion -> SRC=5.188.40.100 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18983 PROTO=TCP SPT=60000 DPT=5872 WINDO?
2018-10-11 12:27:00	Security	Warning	?Intrusion -> SRC=176.218.48.86 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42783 DFPROTO=TCP SPT=22777 DPT=7547 WI?
2018-10-11 12:17:08	Security	Warning	?Intrusion -> SRC=176.218.23.5 DST=*.*.*.* LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=63496 DFPROTO=TCP SPT=13554 DPT=7547 WIN?
2018-10-11 12:13:33	Security	Warning	?DROP SSH Request?
Greetings St1cky
Top
User avatar
Philip
SG VIP
Posts: 11758
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

What is the device at 192.168.1.3 ? Is it his gaming PC?

Is that a log from his DSL gateway? Seems like it is considering all the UDP traffic from 192.168.1.3 to be an attack, rather than game streaming data, is there a way to turn down that protection?


The 5.188.206.14 and some other "intrusions" may be the game server or another gamer, you may have to guess by the destination ports and the IPs, but some traffic is today's "normal". If you are curious about the ports use, we have a very comprehensive ports database on the main site too.

Low attenuation is good. There is some info on the DSL levels here: https://www.speedguide.net/faq/what-is- ... in-snr-355
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits), even though my tin foil hat is regularly audited for potential supply chain tampering. I also eat whatever crayons are put in front of me.
๑۩۞۩๑
Top
User avatar
st1cky
Member
Posts: 78
Joined: Mon Feb 05, 2018 8:53 am

Post by st1cky »

Philip wrote:What is the device at 192.168.1.3 ? Is it his gaming PC?

Is that a log from his DSL gateway? Seems like it is considering all the UDP traffic from 192.168.1.3 to be an attack, rather than game streaming data, is there a way to turn down that protection?


The 5.188.206.14 and some other "intrusions" may be the game server or another gamer, you may have to guess by the destination ports and the IPs, but some traffic is today's "normal". If you are curious about the ports use, we have a very comprehensive ports database on the main site too.

Low attenuation is good. There is some info on the DSL levels here: https://www.speedguide.net/faq/what-is- ... in-snr-355
Yes, 192.168.1.3 is his Gaming PC.

I think he has some Protection Settings, like DDOS Protection and PortScan Protections, i will check it out.

Yes the Logfile is from his Modem/Router. I will ask him to provide more Information.

Thanks Phil.
Top
User avatar
Philip
SG VIP
Posts: 11758
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

No problem, yeah he should probably turn off that DDoS/Firewall protection in the modem if possible.
Top
Post Reply

Return to “Broadband Tweaks Help”