Re: [Other] Linksys Incoming Log Table - What does it MEAN

Author	All Replies
RationalRabb join:2009-07-04 Coeur D Alene, ID	reply to tschmidt Re: [Other] Linksys Incoming Log Table - What does it MEAN Nope - no port forwarding. The BEFSR41 has a very simple, temporary log list. It shows an IP address and the "destination" port. I label most of the addresses as "intruders" or "potential intruders" as the IPs, which usually resolve to a standard cable ISP block, are not from areas or sites I have any interrelation with. The reason this is critical to me is that there are entities with good reason to want to hack into my computer. Three of these addresses appear to fit other criteria to make them suspect, and these are the three that appear most frequently. So it is imperative that I understand if these denote successful access or not. I have blocked the port they most frequently seem to try to access, and the port number still appears on the list, so I assume that, as you say, they are being dropped. But I can't afford to assume. Thanks
	to forum · permalink · · 2009-07-04 22:33:34 ·
tschmidt Premium,MVM join:2000-11-12 Milford, NH ·Hollis Hosting ·Verizon Online DSL ·Fairpoint Communic..	said by RationalRabb : I have blocked the port they most frequently seem to try to access, and the port number still appears on the list, When you say you have blocked ports I assume you mean using PC firewall. That really doesn't matter because router will not forward packet so it never gets to the PC. /tom
	to forum · permalink · · 2009-07-05 10:05:24 ·
RationalRabb join:2009-07-04 Coeur D Alene, ID	The router software allows for "Port filtering" ranges, but, as I look again, it states "Filters enable you to prevent certain PCs on your network from accessing your Internet connection", so it rather sounds like it's non-effective for what I was trying to achieve. "That really doesn't matter because router will not forward packet so it never gets to the PC." If you'll bear with me , I am still not fully understanding. Let's see if this makes sense: There are legitimate incoming IPs as well - such as my server when I access my e-mail or, I would assume, when a site sets a cookie. So I am assuming what you are telling me is that an IP address on that list is meaningless as far as someone hacking into my computer - that I should look to my firewall or other means to determine if that is actually happening. thanks for you help, Tom
	to forum · permalink · · 2009-07-05 11:15:46 ·
tschmidt Premium,MVM join:2000-11-12 Milford, NH ·Hollis Hosting ·Verizon Online DSL ·Fairpoint Communic..	said by RationalRabb : There are legitimate incoming IPs as well - such as my server when I access my e-mail or, I would assume, when a site sets a cookie. Not sure what you mean by "incoming IP." When you connect to your email server (assuming you are not running one on your own network) your PC connects to port 25 (send mail) or 110 (retrieve mail) Ports 25 and 110 are called the well known ports. If server accepts connection request different ports are selected to actually exchange data, one on your PC and one on the server. Think of the well known port as a door bell, letting server know someone wants to connect. If local PC is attempting to connect to a remote server that is an outgoing connection. If remote PC is attempting to connect to local server that is an incoming connection. In both cases data travels in both directions. What is important is who initiates the request. /tom
	to forum · permalink · · 2009-07-05 11:33:43 ·
More Fiber Premium,MVM join:2005-09-26 West Chester, PA ·Bay Area Internet ..	reply to RationalRabb said by RationalRabb : The router software allows for "Port filtering" ranges Port filtering prevents undesired outbound connections. That should only concern you if you think you might have a trojan that is opening an outbound connection (such as a spam bot). said by RationalRabb : There are legitimate incoming IPs as well - such as my server when I access my e-mail or, I would assume, when a site sets a cookie. Unless you are running a server (mail, web, ftp, etc), or file sharing software (torrents), you would not normally have any inbound ports open. When you connect to a mail server, or a web server, all requests are outbound. Most routers do Stateful Packet Inspection (SPI) meaning they only allow an inbound response to an outbound request. Cookies are stored by script code in the HTTP page retrieved by your browser. They are not the result of an inbound connection. You router is logging unsuccessful inbound connection attempts. Since your WAN IP address is public, it can be found by any script kidde in the world that runs an IP address scan and find your IP address. Be sure you have ICMP responses disabled in your router. This won't prevent port scans, but will make your router less visible by not responding to pings or trace route requests.
	to forum · permalink · · 2009-07-05 11:42:59 ·
RationalRabb join:2009-07-04 Coeur D Alene, ID	Thanks to both of you. You've pretty well answered my questions and quelled my fears.
	to forum · permalink · · 2009-07-05 12:01:44 ·


Saturday, 28-Nov 16:29:52	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF