D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: anonposter on June 13, 2009, 09:33:28 PM
-
Lately I've been getting a number of messages and I don't know how to decipher them.
[INFO] Sun Jun 14 00:14:34 2009 Blocked incoming TCP packet from XX.XXX.XX.XXX:80 to XX.XXX.XX.XXX:53404 as FIN:ACK received but there is no active connection
[INFO] Sun Jun 14 00:14:31 2009 Blocked incoming TCP packet from XX.XXX.XX.XXX:80 to XX.XXX.XX.XXX:53398 as FIN:ACK received but there is no active connection
[INFO] Sun Jun 14 00:14:22 2009 Blocked incoming TCP packet from XX.XXX.XX.XXX:80 to XX.XXX.XX.XXX:53400 as FIN:ACK received but there is no active connection
[INFO] Sun Jun 14 00:14:21 2009 Blocked incoming TCP packet from XX.XXX.XX.XXX:80 to XX.XXX.XX.XXX:53412 as FIN:ACK received but there is no active connection
This will continue using the same destination ip with a different port. I've also seen a similar number of RST:ACK errors doing the same. Can anyone help me identify what I can do on my end to solve these? I can give additional information about my setup if that will help, but I don't know what information is useful.
-
I uncheck the 'Informational' setting in the LOG OPTIONS and apply it.
It saves me over 200 logs a day!
But for attacks analyze you could turn it on for some time.
Feel free to use it.
-
Nothing to worry about. These entries will occur when a either the browsing window has already closed or the website visited is already exited, but still gives a connection acknowledgement (which is no longer valid).
-
Like Demonized says, this are not attacks. It's just blocking traffic to connections already closed on your PC.
-
During the night I've logged last year, btw no PC (or NAS) running that time and one hour before.
These are the attacks;
[INFO] Sun Jul 06 01:44:46 2008 Blocked incoming TCP connection request from 86.121.209.52:35918 to 217.122.231.245:22
[INFO] Sun Jul 06 01:44:43 2008 Above message repeated 1 times
[INFO] Sun Jul 06 03:32:01 2008 Blocked incoming TCP connection request from 82.201.237.193:3140 to 217.122.231.245:23
[INFO] Sun Jul 06 05:30:40 2008 Blocked incoming TCP connection request from 217.153.169.251:51228 to 217.122.231.245:22
[INFO] Sun Jul 06 05:30:37 2008 Above message repeated 1 times
Therefore I uncheck the Informational setting.
They never can reach my LAN (sofar), and never can connect to my old IP-adress.
-
I guess you have/had an FTP running on the LAN?
Remove your IP address, by the way / Verwijder je IP even :-)
-
I guess you have/had an FTP running on the LAN?
Remove your IP address, by the way / Verwijder je IP even :-)
No!
Every device was off!
My IP is changed to a new IP adress, so no wurry about it, or...
-
...When your PC/NAS was turned on I mean...
-
At the risk of showing what I don't know, when I unblocked my SMTP, TCP port on my McAfee firewall, thinking it would help send router logs, I began receiving a flood of such requests. Blocking it again stopped that nonsense and it had no effect on log mail delivery. Do you have any TCP ports unnecessarily unblocked?
-
...When your PC/NAS was turned on I mean...
No not on that time (Jul 06 2008, midnight), and the LOG's are retrieved from the WAN side!
-
No not on that time (Jul 06 2008, midnight), and the LOG's are retrieved from the WAN side!
I mean: when you have your NAS/FTP enabled and you can reach them from the oustidde (WAN) side, there is no logging or blocking (because the FTP/NAS is responding). When the FTP is inactive you will see these messages.