D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-625 => Topic started by: jjackson on April 10, 2008, 09:08:18 AM

Title: Very unexpected outgoing log entries. Virus, FW bug, or something else?
Post by: jjackson on April 10, 2008, 09:08:18 AM

Hi,

  I'm getting the following log entries fairly often:

Blocked outgoing TCP packet from XX.XX.XX.XX:80 to ZZ.ZZ.ZZ.ZZ:YYYY

  Where XX.XX.XX.XX is NOT no my LAN (not even on the same subnet...for example, 12...., 74...., 4....).  ZZ.ZZ.ZZ.ZZ is always the WAN side IP of the router, and YYYY varies.

  Anybody have any thoughts as to WHY?  Very concerned here.  Thanks in advance!!

jjackson

Title: Re: Very unexpected outgoing log entries. Virus, FW bug, or something else?
Post by: Qev on April 10, 2008, 09:54:50 PM

I'd bet it's something to do with a bittorrent client running on one of your network's computers.  I see those occasionally, too, and they're always trying to talk to an opened bittorrent port in the firewall.

Title: Re: Very unexpected outgoing log entries. Virus, FW bug, or something else?
Post by: jjackson on April 12, 2008, 11:05:21 AM

Thank you, Qev.  Dang.  Why would a bittorent client (or any client for that matter) be spoofing IP addresses???  The only reasons I can think of for bogus IP addresses being generated are malicious in nature (since any return traffic would never find its way back to my network, obviously).

Any thoughts on debugging this, anyone?  I do online banking and other such sensitive activities from home, and I thought I was locked down pretty tight, but this one has me quite concerned!  I realize that this is veering away from the purpose of this forum if this is not in fact a router anomaly, but maybe someone out there has some useful ideas...

FWIW, I don't run ANY peer to peer apps, or at least I thought I didn't!

Title: Re: Very unexpected outgoing log entries. Virus, FW bug, or something else?
Post by: Qev on April 29, 2008, 11:32:29 AM

Hmm, well, if you're not running bittorrent on any of your LAN computers, it's probably not bittorrent doing it.  Do the logs say why the packets are being blocked?

Title: Re: Very unexpected outgoing log entries. Virus, FW bug, or something else?
Post by: jjackson on May 02, 2008, 07:01:02 PM

All the packet drops were because of bad sequence numbers (I assume the log meant TCP sequence numbers).

In any case, my network was slowly becoming unusable because of the dreaded 'received deauthentication" disconnect mentioned in this forum and elsewhere.  I gave up on pre-N and switched to G mode only and now have a rock solid connection.  No disconnects and none of the bogus outgoing packet messages.  Too bad I paid for N performance, because it just doesn't work (for me and apparently many others, it seems).

Title: Re: Very unexpected outgoing log entries. Virus, FW bug, or something else?
Post by: smlunatick on July 17, 2008, 11:34:28 AM

Check you software firewall or anti-virus software.  Some firewalls would "deauthenticate" the wireless network because the network's SSID was not told to be trusted.