PDA

View Full Version : Am I Under Attack?


Neko McGrover
12-03-2004, 06:24 PM
For the past couple days I've been getting the following kind of reports in my wireless log. Am I under attack or being used to mount an attack.[Note my own IP has been blanked out in this posting in the interests of greater security.] If so, what can I do to stop this misuse. It looks like they aren't getting through but I'm not sure what is going on.

Dec/03/2004 14:57:22 Drop TCP packet from WAN 193.216.221.42:1560 206.xxx.xxx.xxx:6346 Rule: Default deny
Dec/03/2004 14:57:18 Drop UDP packet from WAN 67.174.168.106:2226 206.xxx.xxx.xxx:6346 Rule: Default deny
Dec/03/2004 14:57:16 Drop TCP packet from WAN 193.216.221.42:1560 206.xxx.xxx.xxx:6346 Rule: Default deny
Dec/03/2004 14:57:16 Drop TCP packet from WAN 80.186.213.159:3392 206.xxx.xxx.xxx:6346 Rule: Default deny
Dec/03/2004 14:57:13 Drop TCP packet from WAN 193.216.221.42:1560 206.xxx.xxx.xxx:6346 Rule: Default deny
Dec/03/2004 14:57:10 Drop TCP packet from WAN 80.186.213.159:3392 206.xxx.xxx.xxx:6346 Rule: Default deny
Dec/03/2004 14:57:08 Drop TCP packet from WAN 80.186.213.159:3392 206.xxx.xxx.xxx:6346 Rule: Default deny
Dec/03/2004 14:56:51 Drop TCP packet from WAN 24.54.201.200:2438 206.xxx.xxx.xxx:6346 Rule: Default deny
Dec/03/2004 14:56:46 Drop UDP packet from WAN 68.43.19.84:6346 206.xxx.xxx.xxx:6346 Rule: Default deny
Dec/03/2004 14:56:45 Drop TCP packet from WAN 24.54.201.200:2438 206.xxx.xxx.xxx:6346 Rule: Default deny
Budfred
12-04-2004, 12:13 AM
Most of us are under attack most of the time.... If you go online without a good firewall, you are likely to be infected within minutes... Assuming you have a good firewall, you are probably okay, but you could certainly run a series of scans to be sure... It is a good idea to do that regularly anyway...
Neko McGrover
12-05-2004, 02:05 PM
I managed to figure out the problem. My wife was downloading music and those "attacks" were simply others on the P2P network trying to connect. The port numbers are indicative of which app was involved.

I have both a hardware and a software firewall in place, SSID is not broadcast, only specific MAC addresses can connect and a few other surprises.