Router Intrusion.

Secret_Society

Secret_Society

Solid State Member
Messages
18
Location
Finland
Hello! i have noticed some strange activity on my router log lately, but i can't really tell if it its an actual attack :mad:

The log doesn't really tell me much except that following ''intrusion'' has been blocked (i hope).. I can't really see a loss of Internet at any point though which is just wonderful.

udp_rate_limiting (121) count. (don't really know what it means is it a flood attack?)

tcp_syn_scan (1) count. This one i assume is just an normal port scan?

Might be just paranoid, but i don't like the idea of a possible intrusion. :Deskflip:
 
UDP rate limiting just means that you're getting UDP packets that are going over the threshold setting in your router. Any UDP packets going over the limit are getting dropped. Depending on what you are doing, getting a ton of UDP packets from a single source may be suspicious (possibly a DOS attack), but it doesn't mean anything in and of itself.

Yes, that would be a port scan.

Are you running a server?
 
sounds like some1 is using the bootable operating system back track to hack your network. make sure your fire wall is up and use mac address filtering.
 
I am not running a server. It is just for own use and i host LAN for some people (which i trust and know) I also have my firewall up and i am using peerblock, Spybot SND, Avast and Hitmanpro for regular scans which usually turn out negative.
 
Also i have UPnP disabled at all times then i have the regular router firewalls on which allows all outgoing connections and blocks all incoming traffic, but the important thing is that i have no Internet loss so far and 0 viruses so to speak nor tracking cookies.
 
It sounds like you're pretty careful, so you should be okay. It's pretty standard to come across random attacks from the internet so that, in itself is no cause for alarm. As long as you're following best practices and everything is patched and updated you won't have much to worry about. If you want more details about the kind of traffic you are receiving, wireshark is a great tool for looking at the actual packets.

A standalone firewall appliance should provide more detailed logs, as well. They can be pretty expensive, but you can make your own using an old computer with multiple NICs and an open source firewall OS like pfsense.
 
Yes i do have Wireshark and i am learning how to read the data, but its something totally new for me, but yeah i haven't gotten any more intrusions anymore so i think thats that.

Thank you for your answers.
 
You must log in or register to reply here.

Similar threads

H
My battle with WPSpamAIBot1gpt
Replies
3
Views
778
hamsheena
H
S
Would it benefit me joining Discord chat groups?
Replies
0
Views
890
Scissorman
S
R
Suddenly there is no display on the computer
Replies
8
Views
910
Flowace
Flowace
R
Configuring a second router on the same network for ethernet use
Replies
7
Views
1K
petergroft29
P
J
Wifi issues
Replies
1
Views
757
Trotter
Trotter
Back
Top Bottom