•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Network Security section within the Tech Talk category of DaniWeb, a massive community of 363,823 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 4,529 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Network Security advertiser:
Views: 608 | Replies: 0
 |
•
•
Join Date: May 2008
Posts: 1
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Hi:
I have a netgear router which has a public AP (hotspot) connected to it. On some days, one particular user regularly causes my router log to look like the one posted below. Can anyone tell me what he is doing to cause this sort of response from the router?
Thanks!
Robert
-------router log excerpt starts here-----
Mon, 05/05/2008 09:51:24 - TCP connection dropped - Source:69.28.158.49, 80, WAN - Destination:192.168.3.2, 18553, LAN - 'Suspicious TCP Data'
Thur, 05/08/2008 07:25:39 - UDP packet dropped - Source:192.168.3.3, 137, WAN - Destination:192.168.3.2, 137, LAN - 'Possible Port Scan'
Thur, 05/08/2008 07:25:51 - TCP connection dropped - Source:192.168.3.3, 49186, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 07:26:31 - TCP connection dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 8080, LAN - 'WEB proxy'
Thur, 05/08/2008 07:26:35 - TCP connection dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 139, LAN - 'Possible Port Scan'
Thur, 05/08/2008 07:49:45 - TCP connection dropped - Source:192.168.3.3, 49509, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 07:50:05 - UDP packet dropped - Source:192.168.3.3, 61185, WAN - Destination:192.168.3.2, 161, LAN - 'Possible Port Scan'
Thur, 05/08/2008 07:50:33 - TCP connection dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 445, LAN - 'SMB'
Thur, 05/08/2008 08:13:27 - TCP connection dropped - Source:192.168.3.3, 49610, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 08:14:19 - UDP packet dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 137, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 08:37:09 - TCP connection dropped - Source:192.168.3.3, 49735, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 08:38:05 - UDP packet dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 138, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 09:00:51 - TCP connection dropped - Source:192.168.3.3, 49837, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 09:01:51 - UDP packet dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 10421, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 09:49:49 - TCP connection dropped - Source:192.168.3.3, 49184, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 09:50:09 - UDP packet dropped - Source:192.168.3.3, 52896, WAN - Destination:192.168.3.2, 161, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 10:13:33 - TCP connection dropped - Source:192.168.3.3, 50059, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 10:14:39 - UDP packet dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 10426, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 10:37:17 - TCP connection dropped - Source:192.168.3.3, 51005, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 11:00:57 - TCP connection dropped - Source:192.168.3.3, 52051, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 11:24:39 - TCP connection dropped - Source:192.168.3.3, 52148, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 13:13:30 - TCP connection dropped - Source:192.168.3.3, 49195, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 13:13:52 - UDP packet dropped - Source:192.168.3.3, 55704, WAN - Destination:192.168.3.2, 161, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 13:37:12 - TCP connection dropped - Source:192.168.3.3, 49271, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
End of Log ----------
I have a netgear router which has a public AP (hotspot) connected to it. On some days, one particular user regularly causes my router log to look like the one posted below. Can anyone tell me what he is doing to cause this sort of response from the router?
Thanks!
Robert
-------router log excerpt starts here-----
Mon, 05/05/2008 09:51:24 - TCP connection dropped - Source:69.28.158.49, 80, WAN - Destination:192.168.3.2, 18553, LAN - 'Suspicious TCP Data'
Thur, 05/08/2008 07:25:39 - UDP packet dropped - Source:192.168.3.3, 137, WAN - Destination:192.168.3.2, 137, LAN - 'Possible Port Scan'
Thur, 05/08/2008 07:25:51 - TCP connection dropped - Source:192.168.3.3, 49186, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 07:26:31 - TCP connection dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 8080, LAN - 'WEB proxy'
Thur, 05/08/2008 07:26:35 - TCP connection dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 139, LAN - 'Possible Port Scan'
Thur, 05/08/2008 07:49:45 - TCP connection dropped - Source:192.168.3.3, 49509, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 07:50:05 - UDP packet dropped - Source:192.168.3.3, 61185, WAN - Destination:192.168.3.2, 161, LAN - 'Possible Port Scan'
Thur, 05/08/2008 07:50:33 - TCP connection dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 445, LAN - 'SMB'
Thur, 05/08/2008 08:13:27 - TCP connection dropped - Source:192.168.3.3, 49610, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 08:14:19 - UDP packet dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 137, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 08:37:09 - TCP connection dropped - Source:192.168.3.3, 49735, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 08:38:05 - UDP packet dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 138, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 09:00:51 - TCP connection dropped - Source:192.168.3.3, 49837, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 09:01:51 - UDP packet dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 10421, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 09:49:49 - TCP connection dropped - Source:192.168.3.3, 49184, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 09:50:09 - UDP packet dropped - Source:192.168.3.3, 52896, WAN - Destination:192.168.3.2, 161, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 10:13:33 - TCP connection dropped - Source:192.168.3.3, 50059, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 10:14:39 - UDP packet dropped - Source:192.168.3.3, 5000, WAN - Destination:192.168.3.2, 10426, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 10:37:17 - TCP connection dropped - Source:192.168.3.3, 51005, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 11:00:57 - TCP connection dropped - Source:192.168.3.3, 52051, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 11:24:39 - TCP connection dropped - Source:192.168.3.3, 52148, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 13:13:30 - TCP connection dropped - Source:192.168.3.3, 49195, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
Thur, 05/08/2008 13:13:52 - UDP packet dropped - Source:192.168.3.3, 55704, WAN - Destination:192.168.3.2, 161, LAN - 'Suspicious UDP Data'
Thur, 05/08/2008 13:37:12 - TCP connection dropped - Source:192.168.3.3, 49271, WAN - Destination:192.168.3.2, 80, LAN - 'WEB'
End of Log ----------
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb Network Security Marketplace
Linear Mode
Other Threads in the Network Security Forum
- Previous Thread: PROTECTION @ WiFi HOTSPOTS
- Next Thread: scanning machines for viruses remotely
