Botnets!

Confused2

Registered Senior Member
Log from my router...
Intrusion attempts every 10 minutes 24/7 from (apparently) random IPs - the ones I've looked at (whois) have been Asian. Presumable trying a random login until they succeed.
Is anyone else (everyone?) seeing the same thing?

Dec 4 12:49:54 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=124.123.184.107 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42355 PROTO=TCP SPT=1174 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
Dec 4 12:59:58 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.154.181.110 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=18524 PROTO=TCP SPT=53954 DPT=6773 WINDOW=1024 RES=0x00 SYN URGP=0
Dec 4 13:11:07 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.154.181.110 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=59994 PROTO=TCP SPT=53954 DPT=5556 WINDOW=1024 RES=0x00 SYN URGP=0
Dec 4 13:19:54 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.154.181.110 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=9265 PROTO=TCP SPT=53954 DPT=5472 WINDOW=1024 RES=0x00 SYN URGP=0
Dec 4 13:29:27 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=195.154.181.110 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=9440 PROTO=TCP SPT=53954 DPT=9169 WINDOW=1024 RES=0x00 SYN URGP=0
Dec 4 13:40:14 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=211.117.167.155 DST=3.127.56.90 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=55420 PROTO=TCP SPT=52343 DPT=23 WINDOW=56935 RES=0x00 SYN URGP=0
 
Do you use any torrent software like bittorrent? I would open up a browser and go to your router's setup page and close any open ports, disable remote admin login, and disable reply to ping. Also reset the admin password to something like this:

 
Do you use any torrent software like bittorrent? I would open up a browser and go to your router's setup page and close any open ports, disable remote admin login, and disable reply to ping. Also reset the admin password to something like this:
No torrent software - all ports closed - password (fairly) good. Possible ping.

I'm interested to know if (probably) every IP on the planet is pinged like this every 10 minutes - a considerable waste of bandwidth if it is.
I'm in the UK and would be interested in security logs from other regions.
 
My knowledge is limited on the subject. Hopefully someone with more knowledge will come along. You might consider installing something like ZoneAlarm for added protection.
 
My site has been probed by bots heavily for the last couple of days as well.

It comes and goes: One week nothing, the next, every five minutes... :rolleyes:
 
Back
Top