Router Message

[Danny_vtr]

Hi guys,

I wondered if you could help.

Basically im running a Belkin F5D7633-4 router and it seems to be fine. Runs fine and no disconnections etc.

I have 4 PCs networked (1 been an xbox 360) to it all via ethernet cable and its running fine. The wireless is switched on but is only used when my Dad needs it for his work laptop. The wireless has WPA-PSK security mode enabled, the SSID isnt broadcast a password is required and there is MAC address filtering also.

I basically turned my machiene on at approximately 16:12 and straight away logged onto my router settings via (192.168.2.1) on my browser. I checked the security logs just out of interest and came across this:

Quote:

Date/Time Severity Message
Nov 12 16:15:02 alert klogd: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=83.100.157.125 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=32401 DF PROTO=TCP SPT=3143 DPT=46273 WINDOW=16384 RES=0x00 SYN URGP=0

Could anyone please explain what this is? I noticed that the alert was made, just as i logged into the router setup page at 16:15. Ive tried to google people who have had similar messages and some believe it is just background traffic or it could be caused by a bittorrent port etc? I do believe that a PC was online at the time with bittorrent been used but i did turn it off earlier.

Can anyone help me please? I did a whois search on the "83.100.157.125" and it came back with "KarooADSL" who ive never heard of. My ISP is PlusNet if that helps.

Any help would be greatly appreciated,

Thanks. :)

[Danny_vtr]

Ive just had another:

Quote:

Nov 12 17:18:59 alert klogd: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=220.245.222.48 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x20 TTL=112 ID=3731 DF PROTO=TCP SPT=1318 DPT=46273 WINDOW=65535 RES=0x00 SYN URGP=0

Completely different IP this time so it seems as though its just background noise.

[Danny_vtr]

Ok bit of an update:

I updated the family firewall and the update must of closed off a few ports etc. Since then, touch wood ive not had anymore security logs.

All together before i updated i recieved 5 of them in the space of an hour. A couple were from Australia according to Whois and there were some from the UK. I take it this isnt an attack on me, just an instance of background noise due to the random locations from the IPs?

Thanks.

[Danny_vtr]

Oh and im really sorry about the volume of posts.

Cheers.

[Danny_vtr]

Further update!

It seems after i restarted the family PC and did another check that i was still getting these security messages (well i got 1). The IP seemed to match an american company, pretty blank on the details of the whois search.

Anyway, it soon clicked why i was getting these security alerts. It seems i had forgotten about the virtual server i setup for port forwarding on my utorrent. I had the TCP port 46273 open and on ALL of my logs this came up under "DPT=46273".

So, can anyone explain what happened? Is it because this port was open it therefore attracted background noise and this appeared as a security log? I just want to make sure that noone was purposely attacking me and these are just harmless alerts. I hope this will be the end of it now and it will return to normal.

[Danny_vtr]

Ive just been informed its only port scanning. Thanks. :)