Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Netgear router log. Info on log entries  (Read 3375 times)

dizzy4528

  • Member
  • **
  • Posts: 54
Netgear router log. Info on log entries
« on: February 21, 2009, 01:34:00 PM »

Quick question guys, on the log page of my Netgear DG834gt it has the following entries .  :hmm:   Any ideas?



Sat, 2009-02-21 12:38:55 - UDP Packet - Source:92.244.32.3,7474 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:55 - UDP Packet - Source:87.80.180.110,21468 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:55 - UDP Packet - Source:203.218.125.249,20727 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:92.244.32.3,7474 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:203.218.125.249,20727 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:58.107.164.227,35141 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:203.218.125.249,20727 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:87.80.180.110,21468 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:58.107.164.227,35141 Destination:192.168.0.2,48117 - [DOS]
Sat, 2009-02-21 12:38:56 - UDP Packet - Source:87.80.180.110,21468 Destination:192.168.0.2,48117 - [DOS]
Logged

mr_chris

  • Kitizen
  • ****
  • Posts: 3774
Re: Netgear router log. Info on log entries
« Reply #1 on: February 21, 2009, 01:52:25 PM »

Are you using P2P software (BitTorrent, Limewire, Emule etc) or playing online games at all? As these are from all over the world, I'd say it looks like P2P myself.

The router thinks this is a DOS (denial of service) attack, but often these are genuine data packets.

I wouldn't worry too much, like I say looks like P2P getting mistakenly identified as an attack and getting blocked by the router.
Logged
Chris

toulouse

  • Reg Member
  • ***
  • Posts: 581
  • I like cheesecake !!!
Re: Netgear router log. Info on log entries
« Reply #2 on: February 21, 2009, 01:56:18 PM »

I sometimes get similar type messages when I first start up in the morning. I had assumed that it was because whoever had been using the IP address that I get assigned when I log in to Plusnet, i.e. at system startup, must have been using that connection for P2P or similar.
Failing that it is a genuine Denial of Service attempt, and the router blocks it, I  think.

TTFN

toulouse
Logged
Utility Warehouse (via TalkTalk)
FTTC 40/10
ZyXEL VMG8924-B10A
ECI (approx 750 metres)

People tell me that I ought to get out more. But in the words of the great Homer J Simpson, "Yeah, but what ya gonna do ?"

dizzy4528

  • Member
  • **
  • Posts: 54
Re: Netgear router log. Info on log entries
« Reply #3 on: February 21, 2009, 01:57:14 PM »

No  P2P  ,  but i do play COD online sometimes but not in the last few days .
.
Logged

mr_chris

  • Kitizen
  • ****
  • Posts: 3774
Re: Netgear router log. Info on log entries
« Reply #4 on: February 21, 2009, 01:57:20 PM »

Yeah, if it's reported in the logs, it's been blocked by the router.
Logged
Chris

dizzy4528

  • Member
  • **
  • Posts: 54
Re: Netgear router log. Info on log entries
« Reply #5 on: February 21, 2009, 01:57:59 PM »

Nothing to worry about then.
Logged

mr_chris

  • Kitizen
  • ****
  • Posts: 3774
Re: Netgear router log. Info on log entries
« Reply #6 on: February 21, 2009, 01:58:43 PM »

No  P2P  ,  but i do play COD online sometimes but not in the last few days .
.

Dunno then.. I wouldn't worry too much unless they get excessive, then it looks like some distributed DoS attack, but it's a funny port number to try it on...
Logged
Chris

BritBrat

  • Kitizen
  • ****
  • Posts: 1356
Re: Netgear router log. Info on log entries
« Reply #7 on: February 22, 2009, 06:05:37 AM »

Run a spyware check, seems an odd port to keep trying.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

See if that port is open:
https://www.grc.com/x/ne.dll?bh0bkyd2

You reminded me to test the Netgear834GT for ports that used to be open by default on the DG834Gv2.

40000-41000
5566
5190
4443
1863
1864

The good news is they all all steathed on the lastest DGteam firmware.
« Last Edit: February 22, 2009, 06:28:34 AM by BritBrat »
Logged

dizzy4528

  • Member
  • **
  • Posts: 54
Re: Netgear router log. Info on log entries
« Reply #8 on: February 22, 2009, 08:56:49 AM »

I run both  spybot and spyware terminator and all seems clear on my PC ,and i have the latest DGTeam firmware on the router.
So hopefully the DOS attacks  aint doing me any harm.  :fingers: :fingers:
Logged
 

anything