Results 1 to 8 of 8

Thread: Router firewall entries

  1. #1
    Senior Member AledJ's Avatar
    Join Date
    May 2008
    Posts
    1,899
    Thanks
    168
    Thanked
    25 times in 21 posts

    Router firewall entries

    Thanks all.

    Mods you can delete this now
    Last edited by AledJ; 24-10-2010 at 08:26 PM.

  2. #2
    Splash
    Guest

    Re: Router firewall entries

    Been on Facebook much? (the 3 random outbound addresses I nslookup'd were Facebook hosts)

    The inbound ones are indeed most likely scans, don't sweat them too much - if you're connected to the internet then it's going to happen, and is a good reason to not put your machine in a DMZ. As for if the port is open... the screenshot suggests not, but it's probably worth testing with an online portscanner.


    Finally I wouldn't worry too much about posting your LAN ip address - it's not going to give anyone access to your machine unless they're on your LAN

  3. Received thanks from:

    AledJ (23-10-2010)

  4. #3
    Senior Member AledJ's Avatar
    Join Date
    May 2008
    Posts
    1,899
    Thanks
    168
    Thanked
    25 times in 21 posts

    Re: Router firewall entries

    Quote Originally Posted by Splash View Post
    Been on Facebook much? (the 3 random outbound addresses I nslookup'd were Facebook hosts)

    The inbound ones are indeed most likely scans, don't sweat them too much - if you're connected to the internet then it's going to happen, and is a good reason to not put your machine in a DMZ. As for if the port is open... the screenshot suggests not, but it's probably worth testing with an online portscanner.


    Finally I wouldn't worry too much about posting your LAN ip address - it's not going to give anyone access to your machine unless they're on your LAN
    Thanks a lot Splash The outbound ones are my sister- and yeah she is on FB a lot, where as I just check it once a day.

    Cheers again.

  5. #4
    I'm just looking Tifosi's Avatar
    Join Date
    Feb 2004
    Location
    127.0.0.1
    Posts
    843
    Thanks
    8
    Thanked
    5 times in 4 posts
    • Tifosi's system
      • Motherboard:
      • DFI LanParty UT nF4 SLI-DR
      • CPU:
      • AMD64 Venice 3200 s939
      • Memory:
      • 2x 1GB DDR400 Corsair XMS
      • Storage:
      • OCZ Vertex 2.5" 64GB SSD
      • Graphics card(s):
      • Geforce G210T / Geforce 7800GT
      • PSU:
      • ?
      • Case:
      • Lian Li PC-V1110
      • Operating System:
      • Ubuntu 12.04
      • Monitor(s):
      • Dell 2405FPW
      • Internet:
      • VM

    Re: Router firewall entries

    the outbound ones are someone on your network browsing websites... i.e. 69.63.190.22 is facebook

    the inbound ones look like scans. You don't really need to hash out your 192 IP's since they're private.

    Doesn't your router support NAT & uPnP for the Xbox?

  6. #5
    Splash
    Guest

    Re: Router firewall entries

    Out of interest why the rules for inbound DNS?

  7. #6
    Senior Member
    Join Date
    Feb 2008
    Posts
    925
    Thanks
    4
    Thanked
    161 times in 148 posts
    • smargh's system
      • Motherboard:
      • Gigabyte GA-EP45-UD3P
      • CPU:
      • Xeon E5450 with 775-to-771 Mod
      • Memory:
      • 16GB Crucial
      • Storage:
      • Intel X25-M G2 80GB/Adaptec 3405 4x 2TB Ultrastar RAID1 / 1x 6TB Hitachi He6 / Dying 2TB Samsung
      • Graphics card(s):
      • GTX 750 Ti
      • PSU:
      • Seasonic X-560
      • Case:
      • Lian-Li PC-A71
      • Operating System:
      • Windows 7 Ultimate 64bit
      • Monitor(s):
      • BenQ G2400WD
      • Internet:
      • Really Crap ADSL2 <3Mbit

    Re: Router firewall entries

    The translation of the logs is: "your sister is doing a lot of facebooking. go to sleep."

    If you to post to hexus to query every "hack attack" or warning that your router shows, then you will die of either old age, a heart attack, blood loss from bleeding fingers after 24/7/365 typing, or malnutrition.

    http://www.canyouseeme.org/

    The "FIN scans" are probably all false positives as a result of you browsing sites and closing lots of TCP connections. Most scans nowadays are straightforward connect attempts.
    Last edited by smargh; 23-10-2010 at 11:22 PM.

  8. #7
    Senior Member oolon's Avatar
    Join Date
    Mar 2007
    Location
    London
    Posts
    2,294
    Thanks
    150
    Thanked
    302 times in 248 posts
    • oolon's system
      • Motherboard:
      • Asus P6T6
      • CPU:
      • Xeon w3680
      • Memory:
      • 3*4GB Kingston ECC
      • Storage:
      • 160GB Intel G2 SSD
      • Graphics card(s):
      • XFX HD6970 2GB
      • PSU:
      • Corsair HX850
      • Case:
      • Antec P183
      • Operating System:
      • Windows 7 Ultimate and Centos 5
      • Monitor(s):
      • Dell 2408WFP
      • Internet:
      • Be* Unlimied 6 down/1.2 up

    Re: Router firewall entries

    Ok, why exactly did you redacte all the private ip addresses? a 192.168.0.0/16 address is not addressable from the internet (which is kind of the point of them).
    (\__/) All I wanted in the end was world domination and a whole lot of money to spend. - NMA
    (='.*=)
    (")_(*)

  9. #8
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Router firewall entries

    Been pretty much covered - yor NAT firewall is blocking all inbund connections - and passing all outbound one from your private 192.168.xxx.yyy addresses. My guess is that xxx is 0 or 1 (like 95% of all LANS). These are not addressable externally, and are not routable by internet routers.

    All ADSL/Internet connections are scanned. I have port 22 open for remote secure login - on a good day I get less than 500 attempts to connect to the server - on a bad day, it can be 50,000 or more. Hence if you DO open any ports (the most common being 80, for http traffic) it is essential that you have other security measures in place to protect the server from malicious attack,and that you pay particular attention to the server application configuration.

    But to sum up - sleep easy (apart from wondering exactly what your sister is doing on FB! )
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. VPN Firewall router for Virgin Broadband
    By analogueaddict in forum Networking and Broadband
    Replies: 7
    Last Post: 14-04-2007, 10:40 AM
  2. 3Com OfficeConnect 54G ADSL Router (Wireless) Firewall Issues
    By Vini in forum PC Hardware and Components
    Replies: 2
    Last Post: 29-06-2005, 09:08 AM
  3. Replies: 20
    Last Post: 04-04-2005, 12:00 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •