Looking at our security logs from the weekend, there were 173 port scan attempts on Saturday, 112 Sunday and 87 so far today.

Sheesh!!!

WTH

Some virus outbreak over the weekend probably.

I'm gonna check my router logs.

**** me

Same here!


06/30/2008 11:07:51 192.168.2.3 login success
06/30/2008 07:09:33 **UDP Flood Stop** (from WAN Outbound)
06/30/2008 07:09:32 **UDP flood** 76.126.57.8, 41870->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:31 **UDP flood** 85.176.107.95, 35213->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:30 **UDP flood** 203.115.69.98, 1043->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 68.80.142.128, 30431 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 172.132.67.219, 34550 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 67.80.239.113, 26938 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 12.216.77.128, 36851 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 83.226.129.184, 12538 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 72.10.148.68, 3142 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 207.216.6.186, 14608 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 24.13.138.154, 9934 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 99.153.133.244, 31031 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 24.78.164.157, 23298 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 70.68.20.91, 13698 (from WAN Outbound)
06/30/2008 07:09:29 **UDP flood** 192.168.2.3, 41028->> 68.8.214.179, 13015 (from WAN Outbound)
06/30/2008 07:09:27 **UDP flood** 60.47.1.47, 40758->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:27 **UDP flood** 76.126.57.8, 41870->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:27 **UDP flood** 68.2.68.240, 51719->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:25 **UDP flood** 77.202.223.42, 62990->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:25 **UDP flood** 192.168.2.3, 41028->> 24.0.211.64, 29560 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 24.184.252.36, 30168 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 207.199.203.173, 6346 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 72.138.36.15, 44256 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 207.253.88.197, 17219 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 71.245.98.105, 43366 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 69.255.124.191, 22001 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 66.65.248.90, 10558 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 69.124.151.163, 7824 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 24.68.249.94, 15622 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 70.65.159.194, 9140 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 65.32.144.166, 42425 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 75.61.105.135, 23433 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 192.168.2.3, 41028->> 72.138.90.32, 13455 (from WAN Outbound)
06/30/2008 07:09:24 **UDP flood** 92.1.38.66, 35520->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:23 **UDP flood** 58.161.178.223, 60330->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:23 **UDP flood** 201.153.114.181, 63120->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:22 **UDP flood** 70.104.205.241, 6881->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:22 **UDP flood** 68.189.34.180, 33446->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:21 **UDP flood** 69.231.63.172, 56692->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:21 **UDP flood** 192.168.2.3, 41028->> 220.240.93.17, 6519 (from WAN Outbound)
06/30/2008 07:09:20 **UDP flood** 200.103.242.215, 50403->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:19 **UDP flood** 192.168.2.3, 41028->> 192.168.254.1, 60332 (from WAN Outbound)
06/30/2008 07:09:18 **UDP flood** 62.78.138.220, 57894->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:18 **UDP flood** 124.178.77.106, 59340->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:17 **UDP flood** 192.168.2.3, 41028->> 10.0.210.167, 16719 (from WAN Outbound)
06/30/2008 07:09:16 **UDP flood** 217.120.200.115, 46299->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:15 **UDP flood** 217.159.178.213, 50100->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:14 **UDP flood** 192.168.2.3, 41028->> 1.1.1.1, 6346 (from WAN Outbound)
06/30/2008 07:09:14 **UDP flood** 70.156.120.211, 44538->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 71.61.74.196, 31037 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 74.129.92.218, 24299 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 74.131.101.215, 24554 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 98.199.36.241, 8602 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 71.117.230.234, 6346 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 98.140.214.180, 51559 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 69.252.165.108, 41257 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 71.65.57.233, 4513 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 70.113.209.8, 17505 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 76.190.235.56, 16439 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 72.136.132.84, 10575 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 76.84.17.230, 32312 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 24.221.112.18, 31205 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 72.196.121.76, 26386 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 98.204.13.34, 46419 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 207.32.60.186, 8054 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 75.83.40.76, 51252 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 208.117.8.70, 42872 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 68.56.79.9, 12542 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 96.28.121.122, 7909 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 92.18.111.70, 35104 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 80.57.244.242, 31688 (from WAN Outbound)
06/30/2008 07:09:13 **UDP flood** 192.168.2.3, 41028->> 84.198.104.193, 3464 (from WAN Outbound)
06/30/2008 07:09:12 **UDP flood** 192.168.2.3, 41028->> 70.115.189.55, 14325 (from WAN Outbound)
06/30/2008 07:09:12 **UDP flood** 192.168.2.3, 41028->> 24.193.203.181, 20421 (from WAN Outbound)
06/30/2008 07:09:12 **UDP flood** 192.168.2.3, 41028->> 71.92.203.119, 22990 (from WAN Outbound)
06/30/2008 07:09:12 **UDP flood** 192.168.2.3, 41028->> 63.23.192.39, 2151 (from WAN Outbound)
06/30/2008 07:09:12 **UDP flood** 192.168.2.3, 41028->> 24.14.23.23, 17739 (from WAN Outbound)
06/30/2008 07:09:12 **UDP flood** 192.168.2.3, 41028->> 66.74.157.27, 31535 (from WAN Outbound)
06/30/2008 07:09:12 **UDP flood** 192.168.2.3, 41028->> 70.176.15.121, 43511 (from WAN Outbound)
06/30/2008 07:09:12 **UDP flood** 192.168.2.3, 41028->> 69.62.181.27, 10657 (from WAN Outbound)
06/30/2008 07:09:12 **UDP flood** 74.14.25.146, 8080->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:11 **UDP flood** 192.168.2.3, 41028->> 76.124.100.30, 37468 (from WAN Outbound)
06/30/2008 07:09:11 **UDP flood** 192.168.2.3, 41028->> 192.168.1.64, 9668 (from WAN Outbound)
06/30/2008 07:09:11 **UDP flood** 62.249.186.147, 39618->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:10 **UDP flood** 62.10.115.24, 22762->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:10 **UDP flood** 97.87.102.88, 32006->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 216.105.179.176, 2068 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 122.53.241.165, 42882 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 24.14.194.246, 30459 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 65.39.210.219, 3585 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 75.15.241.203, 13661 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 130.13.220.230, 9555 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 206.255.134.168, 31328 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 76.122.20.194, 47375 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 68.2.68.126, 20192 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 68.202.9.11, 15157 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 64.146.159.36, 51456 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 209.102.160.242, 40090 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 75.65.105.183, 8810 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 71.156.44.113, 5400 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 72.199.177.14, 38137 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 67.11.235.132, 12001 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 75.216.74.158, 38147 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 76.124.100.30, 37468 (from WAN Outbound)
06/30/2008 07:09:09 **UDP flood** 192.168.2.3, 41028->> 85.96.88.191, 30403 (from WAN Outbound)
06/30/2008 07:09:08 **UDP flood** 75.37.62.54, 33148->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:07 **UDP flood** 70.18.194.185, 50486->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:07 **UDP flood** 81.65.3.176, 22311->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:07 **UDP flood** 192.168.2.3, 41028->> 69.22.111.248, 6348 (from WAN Outbound)
06/30/2008 07:09:07 **UDP flood** 192.168.2.3, 41028->> 24.89.226.104, 6348 (from WAN Outbound)
06/30/2008 07:09:05 **UDP flood** 213.226.73.100, 30574->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:05 **UDP flood** 82.99.207.169, 8081->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:04 **UDP flood** 84.0.162.138, 51354->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:04 **UDP flood** 24.202.74.149, 11137->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:01 **UDP flood** 68.2.68.240, 51719->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:01 **UDP flood** 78.48.171.192, 11784->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:09:01 **UDP flood** 192.168.2.3, 41028->> 86.12.240.8, 35017 (from WAN Outbound)
06/30/2008 07:09:01 **UDP flood** 201.245.251.98, 55561->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:08:58 **UDP flood** 209.133.122.211, 6882->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:08:57 **UDP flood** 78.52.28.17, 43464->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:08:57 **UDP flood** 192.168.2.3, 41028->> 12.156.149.123, 37401 (from WAN Outbound)
06/30/2008 07:08:57 **UDP flood** 192.168.2.3, 41028->> 65.24.202.7, 28455 (from WAN Outbound)
06/30/2008 07:08:57 **UDP flood** 192.168.2.3, 41028->> 75.22.37.227, 36701 (from WAN Outbound)
06/30/2008 07:08:56 **UDP flood** 68.2.68.240, 51719->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:08:55 **UDP flood** 192.168.2.3, 41028->> 79.66.17.100, 46140 (from WAN Outbound)
06/30/2008 07:08:55 **UDP flood** 192.168.2.3, 41028->> 82.34.82.244, 45877 (from WAN Outbound)
06/30/2008 07:08:54 **UDP flood** 81.48.234.18, 31805->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:08:53 **UDP flood** 213.151.151.237, 62868->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:08:53 **UDP flood** 85.200.84.67, 45237->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:08:53 **UDP flood** 192.168.2.3, 41028->> 75.148.134.209, 35843 (from WAN Outbound)
06/30/2008 07:08:52 **UDP flood** 209.133.122.211, 6882->> 192.168.2.3, 15223 (from WAN Inbound)
06/30/2008 07:08:51 **UDP flood** 66.165.201.26, 63360->> 192.168.2.3, 41028 (from WAN Inbound)
06/30/2008 07:08:51 **UDP flood** 65.24.202.7, 60070->> 192.168.2.3, 41028 (from WAN Inbound)
06/30/2008 07:08:51 **UDP flood** 12.156.149.123, 60007->> 192.168.2.3, 41028 (from WAN Inbound)
06/30/2008 07:08:51 **UDP flood** 192.168.2.3, 41028->> 12.195.62.115, 22270 (from WAN Outbound)
06/30/2008 07:08:51 **UDP flood** 192.168.2.3, 41028->> 12.203.76.215, 8592 (from WAN Outbound)
06/30/2008 05:49:04 sending ACK to 192.168.2.3
06/30/2008 05:48:43 NTP Date/Time updated.
06/30/2008 01:38:24 DHCP Client: Receive Ack from 62.252.64.22, 'Lease time'=604800
06/30/2008 01:38:24 DHCP Client: Send Request, Request IP=86.11.14.91
06/29/2008 23:48:36 NTP Date/Time updated.
06/29/2008 21:57:01 sending ACK to 192.168.2.5
06/29/2008 21:57:01 sending OFFER to 192.168.2.5
06/29/2008 21:50:49 **TCP FIN Scan** 192.168.2.5, 49130->> 89.234.32.202, 80 (from WAN Outbound)
06/29/2008 19:09:15 **UDP Flood Stop**
06/29/2008 19:08:57 **UDP flood** 192.168.2.3, 28960->> 63.146.124.21, 20800 (from WAN Outbound)
06/29/2008 19:07:24 **UDP flood** 192.168.2.3, 28960->> 89.43.71.38, 28960 (from WAN Outbound)
06/29/2008 19:07:24 **UDP flood** 192.168.2.3, 28960->> 89.25.33.123, 28960 (from WAN Outbound)
06/29/2008 19:07:24 **UDP flood** 192.168.2.3, 28960->> 89.2.169.175, 28960 (from WAN Outbound)
06/29/2008 19:07:24 **UDP flood** 192.168.2.3, 28960->> 88.184.152.120, 28960 (from WAN Outbound)
06/29/2008 19:04:54 sending ACK to 192.168.2.3
06/29/2008 19:03:52 sending ACK to 192.168.2.5
06/29/2008 17:48:16 NTP Date/Time updated.
06/29/2008 11:48:01 NTP Date/Time updated.
06/29/2008 05:47:53 NTP Date/Time updated.
06/29/2008 05:21:57 sending ACK to 192.168.2.3
06/28/2008 23:47:46 NTP Date/Time updated.
06/28/2008 21:57:47 sending ACK to 192.168.2.3

Scary huh? Just wait. Two weeks from now Symantec will issue a RED SECURITY alert telling us all about another trojan that has turned another 1,000,000 pc's into a bot-net :(

How often do people check logs? At work I get a daily report, which, has to be said, I usually scan through.

Just caught your post guys. What security logs are you speaking of? Are they on your Linux PC's? If so, where do I look to find them on mine?

Just caught your post guys. What security logs are you speaking of? Are they on your Linux PC's? If so, where do I look to find them on mine?

Our reports are not from Linux as such, but from a variety of routers, proxy servers, LAN & WAN network monitoring tools.

I would have a look at your routers reports. Most most routers have a local web page you can view the status of the network etc as well as attacks.

I would have a look at your routers reports. Most most routers have a local web page you can view the status of the network etc as well as attacks.
How do you go about accessing that?

How do you go about accessing that?

What router do you have?

Scary huh? Just wait. Two weeks from now Symantec will issue a RED SECURITY alert telling us all about another trojan that has turned another 1,000,000 pc's into a bot-net :(

How often do people check logs? At work I get a daily report, which, has to be said, I usually scan through.

Not often. I myself only check them once a week :o


I might make my checks a bit more regular.

How do you go about accessing that?

Check here for your router.

http://portforward.com/routers.htm

I believe it's a Linksys WRT54G.

I believe it's a Linksys WRT54G.

Open firefox and in the url bar type:


192.168.1.1

You should then enter your router config (a username and password will be needed). Then find your security logs ;)

This page will give you the detaill

http://portforward.com/english/routers/port_forwarding/Linksys/WRT54G/HTTP.htm

Oooo, I'm going to have to check my logs later on today.

Do you think it will affect Linux users? And doesn't your isp shut you down if you do a port scan?

Be nice to get rid of all this crud blocking up the net!
Wonder what speed we could expect if all this wasn't going on?

My logs show nothing unusual (besides the normal things)

I saw your posting the other day, and was wondering where I could look for my router logs, I eventually found them. Should I be concerned about the list below?


Sat Jun 28 11:24:35 2008 1 Blocked by DoS protection 192.168.2.2
Sat Jun 28 15:13:39 2008 1 Blocked by DoS protection 192.168.2.2
Sat Jun 28 15:14:04 2008 1 Blocked by DoS protection 192.168.2.2
Sat Jun 28 22:59:03 2008 1 Blocked by DoS protection 192.168.2.2
Sat Jun 28 23:41:45 2008 1 Blocked by DoS protection 192.168.2.2
Sun Jun 29 03:01:33 2008 1 Blocked by DoS protection 87.74.8.32
Sun Jun 29 07:37:48 2008 1 Blocked by DoS protection 86.1.155.13
Sun Jun 29 12:28:46 2008 1 Blocked by DoS protection 192.168.0.3
Mon Jun 30 03:36:00 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:42:06 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:45:07 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:47:49 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:51:12 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:52:30 2008 1 Blocked by DoS protection 86.136.197.255
Mon Jun 30 03:58:21 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:01:17 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:15:40 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:33:24 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:43:25 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:47:22 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:50:51 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 10:40:02 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 10:44:39 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:03:30 2008 1 Blocked by DoS protection 83.53.158.247
Mon Jun 30 11:30:35 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:42:04 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:45:44 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:45:45 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:56:18 2008 1 Blocked by DoS protection 90.11.29.205
Tues Jul 1 16:15:17 2008 1 Blocked by DoS protection 209.222.129.171
Tues Jul 1 16:16:55 2008 1 Blocked by DoS protection 209.222.129.169
Tues Jul 1 16:17:52 2008 1 Blocked by DoS protection 209.222.129.172
Tues Jul 1 16:18:50 2008 1 Blocked by DoS protection 209.222.129.173
Tues Jul 1 21:49:36 2008 1 Blocked by DoS protection 62.104.83.6
Wed Jul 2 03:46:32 2008 1 Blocked by DoS protection 213.106.168.78
Wed Jul 2 03:52:33 2008 1 Blocked by DoS protection 213.106.168.78
Wed Jul 2 05:56:14 2008 1 Blocked by DoS protection 192.168.2.2

I saw your posting the other day, and was wondering where I could look for my router logs, I eventually found them. Should I be concerned about the list below?


Sat Jun 28 11:24:35 2008 1 Blocked by DoS protection 192.168.2.2
Sat Jun 28 15:13:39 2008 1 Blocked by DoS protection 192.168.2.2
Sat Jun 28 15:14:04 2008 1 Blocked by DoS protection 192.168.2.2
Sat Jun 28 22:59:03 2008 1 Blocked by DoS protection 192.168.2.2
Sat Jun 28 23:41:45 2008 1 Blocked by DoS protection 192.168.2.2
Sun Jun 29 03:01:33 2008 1 Blocked by DoS protection 87.74.8.32
Sun Jun 29 07:37:48 2008 1 Blocked by DoS protection 86.1.155.13
Sun Jun 29 12:28:46 2008 1 Blocked by DoS protection 192.168.0.3
Mon Jun 30 03:36:00 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:42:06 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:45:07 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:47:49 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:51:12 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 03:52:30 2008 1 Blocked by DoS protection 86.136.197.255
Mon Jun 30 03:58:21 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:01:17 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:15:40 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:33:24 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:43:25 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:47:22 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 04:50:51 2008 1 Blocked by DoS protection 80.203.55.217
Mon Jun 30 10:40:02 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 10:44:39 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:03:30 2008 1 Blocked by DoS protection 83.53.158.247
Mon Jun 30 11:30:35 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:42:04 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:45:44 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:45:45 2008 1 Blocked by DoS protection 90.11.29.205
Mon Jun 30 11:56:18 2008 1 Blocked by DoS protection 90.11.29.205
Tues Jul 1 16:15:17 2008 1 Blocked by DoS protection 209.222.129.171
Tues Jul 1 16:16:55 2008 1 Blocked by DoS protection 209.222.129.169
Tues Jul 1 16:17:52 2008 1 Blocked by DoS protection 209.222.129.172
Tues Jul 1 16:18:50 2008 1 Blocked by DoS protection 209.222.129.173
Tues Jul 1 21:49:36 2008 1 Blocked by DoS protection 62.104.83.6
Wed Jul 2 03:46:32 2008 1 Blocked by DoS protection 213.106.168.78
Wed Jul 2 03:52:33 2008 1 Blocked by DoS protection 213.106.168.78
Wed Jul 2 05:56:14 2008 1 Blocked by DoS protection 192.168.2.2

Nope.

Your router is doing everything it should and those logs are quite normal.

Shocking isn't it.

Oooo, I'm going to have to check my logs later on today.

Do you think it will affect Linux users? And doesn't your isp shut you down if you do a port scan?

If you have services running on a computer with an externally-accessible IP, then *of course* it can affect you running Linux. All they have to do is use an Apache or sshd exploit if they've got a zero-day.

And no. First off, you being port-scanned means nothing to the ISP. You'd be the "victim." Second, while port-scanning is considered hacking in some areas, I'd be pretty surprised if your ISP could automatically see that that's what you were doing. Third, they'd then have to somehow know it was actually you and not just some worm you picked up by going out on the internet unprotected.

Scary huh? Just wait. Two weeks from now Symantec will issue a RED SECURITY alert telling us all about another trojan that has turned another 1,000,000 pc's into a bot-net :(

It's scary how ignorant your average user is about security. I'm not a computer expert by any means, but I'm super paranoid about security. I've got my firewall with all ports closed/stealth and all ICMP packets blocked/dropped silently. I use an SSL connection to check my gmail and other important things. I have SELinux and ClamAV installed. And I still run tiger and rkhunter and a few other things on occasion.

And that's just for my home desktop, not a server.

Then my inbox gets 300 spam messages a day because millions of other people have their computers compromised. And when Windows comes to a grinding halt, they just buy a new computer.

It's scary how ignorant your average user is about security. I'm not a computer expert by any means, but I'm super paranoid about security. I've got my firewall with all ports closed/stealth and all ICMP packets blocked/dropped silently. I use an SSL connection to check my gmail and other important things. I have SELinux and ClamAV installed. And I still run tiger and rkhunter and a few other things on occasion.

And that's just for my home desktop, not a server.

Then my inbox gets 300 spam messages a day because millions of other people have their computers compromised. And when Windows comes to a grinding halt, they just buy a new computer.

Ignorance is bliss :)

I
Then my inbox gets 300 spam messages a day because millions of other people have their computers compromised. .
Sounds like I've got it good with only about 30-40 spams per day....It still takes a while to report them, however!

With spam, I have all my emails on POP3/IMAP in Thunderbird, when I see that a spam message has appeared in my Thunderbird inbox I just go to the email website and mark the message as spam, thus reducing an influx of crap.

I used to be extremely cautious about security in Windows, but since changing to Ubuntu I've read that there are none or hardly no viruses for Linux in the wild, which set my mind at rest, then I read this article.

I really like using Ubuntu and will start looking for security and how to best practice it. This thread really has helped me.

300 may be overstating it. Maybe 150. Still a lot though.

Watching that spam counter tick along was getting to my OCD tendencies and I'd have to clear the spam folder several times a day. However, the spam has become managable ever since I set a filter for "in:spam" to automatically delete it.