Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jjackson]

Hi,

  I'm getting the following log entries fairly often:

Blocked outgoing TCP packet from XX.XX.XX.XX:80 to ZZ.ZZ.ZZ.ZZ:YYYY

  Where XX.XX.XX.XX is NOT no my LAN (not even on the same subnet...for example, 12...., 74...., 4....).  ZZ.ZZ.ZZ.ZZ is always the WAN side IP of the router, and YYYY varies.

  Anybody have any thoughts as to WHY?  Very concerned here.  Thanks in advance!!

jjackson

[Qev]

I'd bet it's something to do with a bittorrent client running on one of your network's computers.  I see those occasionally, too, and they're always trying to talk to an opened bittorrent port in the firewall.

[jjackson]

Thank you, Qev.  Dang.  Why would a bittorent client (or any client for that matter) be spoofing IP addresses???  The only reasons I can think of for bogus IP addresses being generated are malicious in nature (since any return traffic would never find its way back to my network, obviously).

Any thoughts on debugging this, anyone?  I do online banking and other such sensitive activities from home, and I thought I was locked down pretty tight, but this one has me quite concerned!  I realize that this is veering away from the purpose of this forum if this is not in fact a router anomaly, but maybe someone out there has some useful ideas...

FWIW, I don't run ANY peer to peer apps, or at least I thought I didn't!

[Qev]

Hmm, well, if you're not running bittorrent on any of your LAN computers, it's probably not bittorrent doing it.  Do the logs say why the packets are being blocked?

[jjackson]

All the packet drops were because of bad sequence numbers (I assume the log meant TCP sequence numbers).

In any case, my network was slowly becoming unusable because of the dreaded 'received deauthentication" disconnect mentioned in this forum and elsewhere.  I gave up on pre-N and switched to G mode only and now have a rock solid connection.  No disconnects and none of the bogus outgoing packet messages.  Too bad I paid for N performance, because it just doesn't work (for me and apparently many others, it seems).

[smlunatick]

Check you software firewall or anti-virus software.  Some firewalls would "deauthenticate" the wireless network because the network's SSID was not told to be trusted.