Kitz Forum

Broadband Related => Broadband Hardware => Topic started by: dizzy4528 on February 21, 2009, 01:34:00 PM

Title: Netgear router log. Info on log entries
Post by: dizzy4528 on February 21, 2009, 01:34:00 PM

Quick question guys, on the log page of my Netgear DG834gt it has the following entries .  :hmm:   Any ideas?



Sat, 2009-02-21 12:38:55 - UDP Packet - Source:92.244.32.3,7474 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:55 - UDP Packet - Source:87.80.180.110,21468 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:55 - UDP Packet - Source:203.218.125.249,20727 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:92.244.32.3,7474 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:203.218.125.249,20727 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:58.107.164.227,35141 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:203.218.125.249,20727 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:87.80.180.110,21468 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:58.107.164.227,35141 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:87.80.180.110,21468 Destination:192.168.0.2,48117 - [DOS]

Title: Re: Netgear router log. Info on log entries
Post by: mr_chris on February 21, 2009, 01:52:25 PM

Are you using P2P software (BitTorrent, Limewire, Emule etc) or playing online games at all? As these are from all over the world, I'd say it looks like P2P myself.

The router thinks this is a DOS (denial of service) attack, but often these are genuine data packets.

I wouldn't worry too much, like I say looks like P2P getting mistakenly identified as an attack and getting blocked by the router.

Title: Re: Netgear router log. Info on log entries
Post by: toulouse on February 21, 2009, 01:56:18 PM

I sometimes get similar type messages when I first start up in the morning. I had assumed that it was because whoever had been using the IP address that I get assigned when I log in to Plusnet, i.e. at system startup, must have been using that connection for P2P or similar.
Failing that it is a genuine Denial of Service attempt, and the router blocks it, I  think.

TTFN

toulouse

Title: Re: Netgear router log. Info on log entries
Post by: dizzy4528 on February 21, 2009, 01:57:14 PM

No  P2P  ,  but i do play COD online sometimes but not in the last few days .
.

Title: Re: Netgear router log. Info on log entries
Post by: mr_chris on February 21, 2009, 01:57:20 PM

Yeah, if it's reported in the logs, it's been blocked by the router.

Title: Re: Netgear router log. Info on log entries
Post by: dizzy4528 on February 21, 2009, 01:57:59 PM

Nothing to worry about then.

Title: Re: Netgear router log. Info on log entries
Post by: mr_chris on February 21, 2009, 01:58:43 PM

Quote from: dizzy4528 on February 21, 2009, 01:57:14 PM

No  P2P  ,  but i do play COD online sometimes but not in the last few days .
.

Dunno then.. I wouldn't worry too much unless they get excessive, then it looks like some distributed DoS attack, but it's a funny port number to try it on...

Title: Re: Netgear router log. Info on log entries
Post by: BritBrat on February 22, 2009, 06:05:37 AM

Run a spyware check, seems an odd port to keep trying.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

See if that port is open:
https://www.grc.com/x/ne.dll?bh0bkyd2

You reminded me to test the Netgear834GT for ports that used to be open by default on the DG834Gv2.

40000-41000
5566
5190
4443
1863
1864

The good news is they all all steathed on the lastest DGteam firmware.

Title: Re: Netgear router log. Info on log entries
Post by: dizzy4528 on February 22, 2009, 08:56:49 AM

I run both  spybot and spyware terminator and all seems clear on my PC ,and i have the latest DGTeam firmware on the router.
So hopefully the DOS attacks  aint doing me any harm.  :fingers: :fingers: