November 12th, 2007, 10:38 PM
I've a wireless router on which I've switched security logs on.
I've got this log today.
TCP Packet - Source:126.96.36.199,1362 Destination:188.8.131.52,18908 - [DOS]
TCP Packet - Source:184.108.40.206,1363 Destination:220.127.116.11,4438 - [DOS]
TCP Packet - Source:18.104.22.168,1366 Destination:22.214.171.124,7934 - [DOS]
TCP Packet - Source:126.96.36.199,1373 Destination:188.8.131.52,14968 - [DOS]
TCP Packet - Source:184.108.40.206,1374 Destination:220.127.116.11,466 - [DOS]
TCP Packet - Source:18.104.22.168 Destination:22.214.171.124 - [PORT SCAN]
TCP Packet - Source:126.96.36.199,2392 Destination:188.8.131.52,24467 - [DOS]
Well, none of this IP is mine, so I don't know whether my router is doing something funny.
Can someone please explain me the big picture.
The more one comes to know a man the more one admires a dog.
November 13th, 2007, 12:56 AM
The source seems to be something using Sony Network Taiwan and the destination appears to be something using NTL United Kingdom. They both look like residential addresses.
Did your firewall let the packets through?
I would recommend looking at your router manual to see what the logs mean. "DOS" seems to imply denial of service?
Are there a lot of those entries or is that the lot?
November 15th, 2007, 10:33 PM
What kind of router are you running?
November 15th, 2007, 11:38 PM
Any P2P traffic on your network?
Only trust Pipe-smoking Penguins.
By n00bius in forum The Security Tutorials Forum
Last Post: July 24th, 2007, 03:48 PM
By KuiXing-2005 in forum Network Security Discussions
Last Post: April 4th, 2005, 04:44 PM
By thehorse13 in forum Network Security Discussions
Last Post: June 8th, 2004, 08:19 AM
By Simo in forum Miscellaneous Security Discussions
Last Post: October 28th, 2003, 02:47 PM
By NUKEM6 in forum Non-Security Archives
Last Post: February 3rd, 2002, 10:28 PM