Solved Modem Log ......[DOS]

[jumanji]

Modem Log ......[DOS] [Port Scan]

In my ADSL Modem/router log I very often see entries like the ones in the screenshot below.



What is it and what does it mean?

 

[samuria]

Udp doesnt actually connect to your pc like tcip it just sends a packet and its not replied to you get it if you ping a pc its classed as a denial of service attack unless its relentless its not a problem it can be something scanning or testing pings webcrawlers often do it to find new website so they can be indexed for a search engine. You could look up the ip to see were its from and try opening ip in a browser

 

[Megahertz07]

Source is on Texas, US and destination on Brisbane, AU

 

[jumanji]

....... destination on Brisbane, AU

hehe.... shows how far off you can be 172.192.152.64 my dynamic IP address given by my ISP. So destination is always my PC.

If Source is Texas, then it must be Brink

Jokes apart, today I seem to have more than a fair share of it. Samuria said UDP does not actually connect to my PC. Good and I was happy. But the last two entries in the log below that happened just an hour or so ago are TCP Packets. And the last one is Port Scan . Who or what is scanning my ports? And for what purpose?

 

[Megahertz07]

I use an old version of Zone Alarm (V9.2.106.000) It has a stealth setting to avoid to been seen on the network.
What Firewall do you use?

 

[jumanji]

My router has its own firewall. I had left it at its default settings. ( It says it is for Advanced Administrators only and I am not one )



As for the system ( Win 7, Ultimate 32 bit) Windows firewall is on. I hadn't meddled with it anytime.

I am off to bed now and will be back only after another 8 hours.

 

[Megahertz07]

My cable modem / Router also has a firewall but I don't think i's enough.
ZAlarm reports almost 25 invasion attempts a DAY!!
Window firewall is \ used to be weak.

Z Alarm is very simple to use. I don't like the new versions (best software is the one you know how to use it)
Download ZoneAlarm Free 9.2.106.000 - FileHippo.com

New free version ZoneAlarm Free Firewall - Personal Computer Firewall Software

 

[jumanji]

I was using Zone Alarm for a longtime perhaps with Windows 95, 98, ME and perhaps XP too. A particular update caused many problems, I don't remember exactly when. It was widely reported and rebelled at and at that point of time I jettisoned it. It could have improved later on but I have no intention to go back to it especially after Windows built-in firewall came in.. If you google "problems with ZoneAlarm" you may find many reports dating back as far as ........

Problems With Zone Alarm - Forums - CNET

"At a minimum you should have a firewall/router, local antivirus app and local spyware app for proper protection. Adding a local firewall app is good if you have the technical knowledge to lock it down properly. For most home users, I find them to be a hinderance."

Even now I would believe my modem/ router effectively stonewalls any intrusions reported.( I have immense faith in NetGear ) Samuria gave a convincing reply on the UDP packets.

Now what about the TCP packets? My question is "Who or what is scanning my ports? And for what purpose?"

 

[Megahertz07]

Jumanji, the problem on the link you provided is from 2007.
There were some problems on the version at that time.
The V9.2.106.000 is from 2011 and has no problems. And you have control of the programs that access the internet.

The best free firewall 2018 | TechRadar
ZAlarm is on top of the list.

 

[jumanji]

After a google search, I gathered the followig points.

1. Do not open ports on your router. Do not use default admin password ( On day one itself I had changed the admin password . ) Do not enable WAN Management. Keep your modem/router firmware up-to-date.

2. Use a modem/router with a built-in firewall. (A firewall will be needed only in case of direct cable Internet connection plugged into your system.)

3. There are thousands of hosts that do nothing but scan all possible IP addresses looking for weaknesses. It is a fact of life. That is what a router/firewall is for. ((Only your ISP can filter out those for the range of IPs it dishes out, if it cares.)

4. Those may or may not be genuine attacks.

5. Did you check to see who owns the domains that are "attacking" you? It is a futile exercise. A hacker will keep shifting his IPs and trying from different domains from different locations. As long as the logs are showing the attacks the router ( its firewall) is doing its job. ( This what I felt and told in my post#8 in response to Megahertz07's recommendation of ZoneAlarm . "Even now I would believe my modem/ router effectively stonewalls any intrusions reported.( I have immense faith in NetGear )"

With these comments, I shall mark this thread as solved.

 

[Megahertz07]

To increase security, I set MAC filter to allow, so only the equipment on the MAC list is allowed to connect to my wireless, even with the correct password.

 

[jumanji]

In addition to Wireless MAC filtering, I also use IP address reservation. Unspecified machines/network adapters with unspecified MAC address will not get an IP Address to connect.

( I have erased personally identifiable info on Device Names in the screenshot below and also the MAC address of each device so that nobody can spoof the MAC Address and try to connect )