Topic: Under Attack - What does one do? (Read 6538 times)

thecreator · « **on:** April 09, 2011, 03:13:08 PM »

Hi All,

Quote

[INFO] Sat Apr 09 18:04:09 2011 Sending log email as log is full
[INFO] Sat Apr 09 18:04:09 2011 Blocked incoming TCP connection request from 167.102.135.136:13145 to 192.168.1.2:10566
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13145 to 192.168.1.2:6502
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13145 to 192.168.1.2:49175
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13117 to 192.168.1.2:10566
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13117 to 192.168.1.2:6502
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13117 to 192.168.1.2:49175
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13098 to 192.168.1.2:10566
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13098 to 192.168.1.2:6502
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13098 to 192.168.1.2:49175
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13031 to 192.168.1.2:10566
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13031 to 192.168.1.2:6502
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13031 to 192.168.1.2:49175
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13276 to 192.168.1.2:5214
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13276 to 192.168.1.2:10004
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13276 to 192.168.1.2:7019
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13223 to 192.168.1.2:5214
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13223 to 192.168.1.2:10004
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13223 to 192.168.1.2:7019
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13211 to 192.168.1.2:5214
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13211 to 192.168.1.2:10004
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13211 to 192.168.1.2:7019
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13153 to 192.168.1.2:5214
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13153 to 192.168.1.2:10004
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13153 to 192.168.1.2:7019
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13145 to 192.168.1.2:5214
[INFO] Sat Apr 09 18:04:08 2011 Blocked incoming TCP connection request from 167.102.135.136:13145 to 192.168.1.2:10004

What does one do, in this situation?

Verizon does not support the D-Link Router being plugged into the Verizon / ActionTec Router?

FurryNutz · « **Reply #1 on:** April 09, 2011, 03:23:23 PM »

whos on the 1.2 address in your house?
try putting in a blocking filter for that IP address range if you think you need to?

This is what Domain tools reports for that 167 address:

IP Information for 167.102.135.136
IP Location:

United States Annapolis State Of Maryland

ASN: AS53302

IP Address:

167.102.135.136
NetRange: 167.102.0.0 - 167.102.255.255
CIDR: 167.102.0.0/16
OriginAS:
NetName: NETWORKMARYLAND
NetHandle: NET-167-102-0-0-1
Parent: NET-167-0-0-0-0
NetType: Direct Assignment
RegDate: 1993-05-27
Updated: 2010-04-07
Ref: http://whois.arin.net/rest/net/NET-167-102-0-0-1

OrgName: State of Maryland
OrgId: STATEO-2
Address: 45 Calvert Street, Rm 418
City: Annapolis
StateProv: MD
PostalCode: 21401
Country: US
RegDate: 1993-05-27
Updated: 2010-12-07
Ref: http://whois.arin.net/rest/org/STATEO-2

OrgNOCHandle: NOC11330-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-877-664-6963
OrgNOCEmail:
OrgNOCRef: http://whois.arin.net/rest/poc/NOC11330-ARIN

OrgAbuseHandle: ABUSE491-ARIN
OrgAbuseName: Abuse Report
OrgAbusePhone: +1-410-260-7423
OrgAbuseEmail:
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE491-ARIN

OrgTechHandle: TECH406-ARIN
OrgTechName: Tech
OrgTechPhone: +1-410-260-7423
OrgTechEmail:
OrgTechRef: http://whois.arin.net/rest/poc/TECH406-ARIN

thecreator · « **Reply #2 on:** April 09, 2011, 04:08:30 PM »

Hi FurryNutz,

Quote

whos on the 1.2 address in your house?
try putting in a blocking filter for that IP address range if you think you need to?

The 192.168.1.2 Address is the IP Address assigned from the ActionTec Router to the D-Link DIR-655 A3 Router.

It is a double-firewall, set up, but all the work is being done by the D-Link Router.

A Blocking Filter? Would that stop the IP Address from being recorded in the logs?

FurryNutz · « **Reply #3 on:** April 09, 2011, 04:22:36 PM »

what happens if you set the 655 router up in the DMZ of the ActionTec modem? It Have a DMZ?

It's possible that the logs will not report this if you set up a filter.

thecreator · « **Reply #4 on:** April 09, 2011, 05:20:28 PM »

Quote from: FurryNutz on April 09, 2011, 04:22:36 PM

what happens if you set the 655 router up in the DMZ of the ActionTec modem? It Have a DMZ?

It's possible that the logs will not report this if you set up a filter.

Hi FurryNutz,

The ActionTec does have a DMZ and the Router is already in the DMZ of the unit. Needs to be in the DMZ because of the DNS-323 Storage Unit.

FurryNutz · « **Reply #5 on:** April 10, 2011, 11:51:57 AM »

Need to find out what that IP address is thats hitting the 655. If it's something that needs to be filtered, then I would set up a filter for xtra protection. The router is doing its job for the most part...blocking it and the logs are just showing it. Might ask your ISP for additional information on this IP address.

thecreator · « **Reply #6 on:** April 10, 2011, 01:21:43 PM »

Quote from: FurryNutz on April 10, 2011, 11:51:57 AM

Need to find out what that IP address is thats hitting the 655. If it's something that needs to be filtered, then I would set up a filter for xtra protection. The router is doing its job for the most part...blocking it and the logs are just showing it. Might ask your ISP for additional information on this IP address.

Hi FurryNutz,

Well from the information you provided, I sent an Email to the Maryland State Police and my County Executive, asking if I should ignore it or report it.

I don't want to block the IP Address, and I am not setting up a filter to allow it, neither.

I just wanted to know, what does one do, like to report the Attacks or sit back and do nothing.

D-Link Forums

News:

Author Topic: Under Attack - What does one do? (Read 6538 times)

thecreator

Under Attack - What does one do?

FurryNutz

Re: Under Attack - What does one do?

thecreator

Re: Under Attack - What does one do?

FurryNutz

Re: Under Attack - What does one do?

thecreator

Re: Under Attack - What does one do?

FurryNutz

Re: Under Attack - What does one do?

thecreator

Re: Under Attack - What does one do?