Security Basics mailing list archives
RE: Home firewall Hits
From: "Preston, Tony" <Tony.Preston () acs-inc com>
Date: Thu, 6 Nov 2003 16:19:08 -0500
Actually, I found that I had turned on the logging feature on the Linksys router and it was sending me the messages, not a port scan. It is interesting to use WallWatcher to see what it going on on my home network... I can see where my son is surfing ...:) It did look like a port scan to me which was why I asked my questions. BTW... I do have a firewall on my Win/ME system. As for the 67/68 hits, I guess I may have misconfigured my firewall to block those, my question was What did the hit mean: 31/Oct/2003 00:00:02] Rule 'Packet to unopened port received': Blocked: In UDP, 0.0.0.0:68->localhost:67, Owner: no owner I think I know now from doing a bit of research that one of my firewall rules was blocking something that maybe I should let through... I am tempted to leave it blocked since it doesn't seem to be needed. Everyone was pretty helpful... thanks again. Tony Preston Systems Engineer, AS&T Inc. Division of L3 Corporation (609) 485-0205 x 181 -----Original Message----- From: me null [mailto:me_null () hotmail com] Sent: Thursday, November 06, 2003 3:27 PM To: Tony.Preston () acs-inc com; security-basics () securityfocus com Subject: Re: Home firewall Hits hello, i havent read through the replys you have got but ill chime in non the less. i would amagine some have sayed part of what i will. 1 im not sure what u ment here bout it sounds like a port scan ">From reading the firewall log, I would think that my router is continuously
hitting Port 162 with a UDP message. The odd thing is that it is doing this by using an incrementing port from 192.168.1.1, I see many of these every day, it is continuous."
2 these are DHCP ports 67 / 68 UDP a DHCP server would tell DHCP clients where thay are and info regarding you network. 3 is this is EXACTLY your setup ... " [cable modem] <----> [ Linksys Wireless Router] ~~~ [ Windows ME W/
firewall ]"
than theres nothing blocking access from the internet to your router. witch means some 1 can (if thay havent yet) crack you routers password. you would be amased at how easy this can be like a user name of "admin" and a password of "admin" and BAM thay have CONTROL of your router. either put a fire wall between your router and the internet or ATLEAST change you login credintals for your router hope this helps and wasnt too redundant --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Home firewall Hits Preston, Tony (Nov 03)
- RE: Home firewall Hits Omar Khawaja (Nov 03)
- Re: Home firewall Hits Tijl DULLERS (Nov 04)
- RE: Home firewall Hits Andreas Freyvogel (Nov 05)
- <Possible follow-ups>
- Re: Home firewall Hits rjemckay (Nov 04)
- RE: Home firewall Hits Preston, Tony (Nov 04)
- hopster bypass that firewall! K a r l i @ Y a h o o ! (Nov 05)
- Re: Home firewall Hits me null (Nov 06)
- RE: Home firewall Hits Preston, Tony (Nov 07)