Check this router log

Mapmaking? Modeling? Discuss all that stuff that's too complicated for most mere mortals here.
Post Reply
joeblow
1337 Haxor
Posts: 635
Joined: Mon Jan 02, 2006 12:00 am

[INFO] Mon Nov 19 01:08:30 2007 Log viewed by IP address
[INFO] Mon Nov 19 01:08:27 2007 Allowed configuration authentication by IP address
[INFO] Mon Nov 19 01:06:22 2007 Blocked incoming TCP packet from 202.91.241.12:80 to 71.203.223.155:8204 as SYN:ACK received but there is no active connection
[INFO] Mon Nov 19 01:03:41 2007 Blocked incoming UDP packet from 142.166.45.211:60871 to 71.203.223.155:21089
[INFO] Mon Nov 19 01:03:41 2007 Previous message repeated 2 times
[INFO] Mon Nov 19 01:02:28 2007 Blocked incoming TCP connection request from 142.166.45.211:60626 to 71.203.223.155:21089
[INFO] Mon Nov 19 01:01:42 2007 Blocked incoming UDP packet from 142.166.45.211:60501 to 71.203.223.155:21089
[INFO] Mon Nov 19 01:00:57 2007 Blocked incoming UDP packet from 24.64.50.109:22401 to 71.203.223.155:1028
[INFO] Mon Nov 19 01:00:57 2007 Blocked incoming UDP packet from 24.64.50.109:22401 to 71.203.223.155:1027
[INFO] Mon Nov 19 01:00:57 2007 Blocked incoming UDP packet from 24.64.50.109:22401 to 71.203.223.155:1026
[INFO] Mon Nov 19 01:00:57 2007 Previous message repeated 2 times
[INFO] Mon Nov 19 01:00:06 2007 Blocked incoming TCP connection request from 142.166.45.211:60390 to 71.203.223.155:21089
[INFO] Mon Nov 19 00:59:05 2007 Administrator logout
[INFO] Mon Nov 19 00:57:30 2007 Blocked incoming UDP packet from 142.166.45.211:61905 to 71.203.223.155:21089
[INFO] Mon Nov 19 00:57:11 2007 Blocked incoming UDP packet from 222.161.2.24:43270 to 71.203.223.155:1026
[INFO] Mon Nov 19 00:57:11 2007 Blocked incoming UDP packet from 222.161.2.24:43280 to 71.203.223.155:1027
[INFO] Mon Nov 19 00:57:11 2007 Previous message repeated 2 times
[INFO] Mon Nov 19 00:55:53 2007 Blocked incoming TCP connection request from 142.166.45.211:61684 to 71.203.223.155:21089
[INFO] Mon Nov 19 00:55:33 2007 Blocked incoming UDP packet from 24.64.242.216:18132 to 71.203.223.155:1028
[INFO] Mon Nov 19 00:55:33 2007 Blocked incoming UDP packet from 24.64.242.216:18132 to 71.203.223.155:1027
[INFO] Mon Nov 19 00:55:33 2007 Blocked incoming UDP packet from 24.64.242.216:18132 to 71.203.223.155:1026
[INFO] Mon Nov 19 00:55:27 2007 Blocked incoming UDP packet from 142.166.45.211:61563 to 71.203.223.155:21089
[INFO] Mon Nov 19 00:55:27 2007 Previous message repeated 1 time
[INFO] Mon Nov 19 00:55:27 2007 Previous message repeated 1 time
[INFO] Mon Nov 19 00:54:43 2007 Blocked incoming TCP connection request from 142.166.45.211:61433 to 71.203.223.155:21089
[INFO] Mon Nov 19 00:53:23 2007 Blocked incoming UDP packet from 142.166.45.211:61188 to 71.203.223.155:21089
[INFO] Mon Nov 19 00:53:23 2007 Previous message repeated 2 times
[INFO] Mon Nov 19 00:51:01 2007 Blocked incoming TCP connection request from 71.53.32.105:34715 to 71.203.223.155:2968
[INFO] Mon Nov 19 00:46:02 2007 Blocked incoming UDP packet from 24.64.60.12:25892 to 71.203.223.155:1028
[INFO] Mon Nov 19 00:46:02 2007 Blocked incoming UDP packet from 24.64.60.12:25892 to 71.203.223.155:1027
[INFO] Mon Nov 19 00:46:02 2007 Blocked incoming UDP packet from 24.64.60.12:25892 to 71.203.223.155:1026
[INFO] Mon Nov 19 00:45:35 2007 Blocked incoming UDP packet from 142.166.45.211:60259 to 71.203.223.155:210


I talked with Jdub about this last week and it seems Im getting some packet flooding from some areas. Is this something I should be concerned about? I have a few Chinese ip's blocked is all atm.

wp
joblow@bellsouth.net game contact email.
kaeolian
1337 Haxor
Posts: 661
Joined: Thu Dec 29, 2005 12:00 am
Location: U.K.
Contact:

I wouldnt worry about that to be honest, it doesnt look too bad, itsthe stuff that may be getting through you should be looking at.
Aih PittaH TeH F00l !!!1!11


Image
Chavez
Pro but Noob
Posts: 126
Joined: Wed Aug 08, 2007 11:00 pm
Location: Netherlands
Contact:

I have that weekly. A bit of a router would block it without getting all hot about it. Don't worry too much. When you start noticing it (router crash, slow connection) then you can do a WhoIs on the IP adress and email the designated ISP about it. That usually works for me.
Image
joeblow
1337 Haxor
Posts: 635
Joined: Mon Jan 02, 2006 12:00 am

24.64.3.190
Record Type: IP Address


OrgName: Shaw Communications Inc.
OrgID: SHAWC
Address: Suite 800
Address: 630 - 3rd Ave. SW
City: Calgary
StateProv: AB
PostalCode: T2P-4L4
Country: CA

Yeah I sent them an E mail to see what they can do about it. The IP keeps changing as I block them. We'll see how it goes.






wp
joblow@bellsouth.net game contact email.
kaeolian
1337 Haxor
Posts: 661
Joined: Thu Dec 29, 2005 12:00 am
Location: U.K.
Contact:

If I were you mate, id send an email to YOUR service provider with this companys details and get them to block everything from them !
Aih PittaH TeH F00l !!!1!11


Image
joeblow
1337 Haxor
Posts: 635
Joined: Mon Jan 02, 2006 12:00 am

This is from Shaw. I guess I'll block there whole IP range and go from there. its just an annoyance more or less.



Hello,



Thank you for your report of abuse but in this case there are some details you should be aware of.



The “attacks” you are seeing on your system are not attacks per se. Although we cannot say definitively without seeing the logs of your firewall, we have seen dozens of similar reports over the past few months with exactly the same symptoms.



You have reported the IP 24.64.3.190. This IP address is not currently in use nor has even been assigned to any device in the past 90+ days. You are likely also seeing probes from many other random IPs within the 24.64.X.X range. All of these probes will be UDP. All of the probes will be directed at ports 1026, 1027 & 1028 on your computer. All of them are spoofing their origin.



What is actually happening is that there is a virus variant in the wild which is spoofing Shaw IP addresses in the 24.64.0.0/16 range and is trying to send messenger pop-ups to computers. Basically, these are just viruses sending you pop-up ads. It has been quite a thorn in our side because it is falsely indicating Shaw customers at are fault.



Your security software is smart enough to deflect these probes but not smart enough to know what is really going on. Each probe it sees is interpreted as an attack on your system and you are notified accordingly. Understandably, this can be quite alarming but, in this case, is actually nothing to be concerned with. In the future, any UDP probes you see from 24.64.X.X IPs on ports 1026, 1027 & 1028 can be ignored. Please do keep us apprised of ANY other attacks you may see from Shaw IP addresses.



If you have any further questions or comments please do not hesitate to contact us.



Regards,
joblow@bellsouth.net game contact email.
kaeolian
1337 Haxor
Posts: 661
Joined: Thu Dec 29, 2005 12:00 am
Location: U.K.
Contact:

hmmm well thats all you can do really mate just get that range blocked.
Aih PittaH TeH F00l !!!1!11


Image
Post Reply