Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[krex]

Can anyone answer me, why is full of my router's log with this:

"Blocked incoming TCP connection request from xxx.xxx.xxx.xxx:yyyy to 85.66.51.76:xxxx"

..where xxx.xxx.xxx.xxx is an arbitrary ip address from outside and 85.66.51.76 is my ISP's host.

[krex]

and the same with "Blocked incoming UDP packet..."? 

[EddieZ]

What ports? If you use BT on the internal IP/port in the log, it means your still announced as a file share (peer), but the router denies the data because you have already closed your BT client (which uses UPnP to open ports on the router)

Otherwise it just denied request from the outside (http website) to a port on your PC that is not 'open'.

No worries, esp. when you set MAC filtering and security. 

[krex]

What ports? If you use BT on the internal IP/port in the log, it means your still announced as a file share (peer), but the router denies the data because you have already closed your BT client (which uses UPnP to open ports on the router)

Otherwise it just denied request from the outside (http website) to a port on your PC that is not 'open'.

No worries, esp. when you set MAC filtering and security. 

Thanks for your response

It needs no torrent for these messages. It comes during browsing. And yes, I use MAC filtering. But these messages mess up the log and fill it with unusable infos. Everyone should live with this together? Sad... 

[EddieZ]

Thanks for your response

It needs no torrent for these messages. It comes during browsing. And yes, I use MAC filtering. But these messages mess up the log and fill it with unusable infos. Everyone should live with this together? Sad... 

If you had given it a good look you would have noticed that you can select/deslect the kind of infos you want you record in the log. Use it...

[krex]

If you had given it a good look you would have noticed that you can select/deslect the kind of infos you want you record in the log. Use it...

Yes, I've noticed. But these are categorized into [INFO] priority. Should I deselect [INFO] category? Since I've bought this router I didn't noticed any other log entry priority like [INFO]...

And is there nothing weird, that the destination is my ISP's host? Why isn't this my router/computer?

[EddieZ]

Could be your PC is connecting your ISP DNS.... when you show the port numbers there's more to tell perhaps.


When deselecting [info]  you'll loose all the [info] labeled lines, so you only get informed when really important stuff happens.

[krex]

Could be your PC is connecting your ISP DNS.... when you show the port numbers there's more to tell perhaps.


When deselecting [info]  you'll loose all the [info] labeled lines, so you only get informed when really important stuff happens.

hello again...
some examples from the log. That is interesting, all the log entries I've copied now in are created last night while I was sleeping and the computer was switched off. So it isn't because I browsed the net...

Blocked incoming TCP connection request from 190.154.44.174:4154 to 85.66.51.76:4899
Blocked incoming TCP connection request from 210.47.224.6:4802 to 85.66.51.76:5906
Blocked incoming TCP connection request from 189.154.98.237:55321 to 85.66.51.76:5900
Blocked incoming TCP connection request from 61.164.112.200:6000 to 85.66.51.76:1433
Blocked incoming TCP connection request from 202.102.254.93:6000 to 85.66.51.76:2967
Blocked incoming TCP connection request from 99.243.230.206:52199 to 85.66.51.76:80
Blocked incoming TCP connection request from 99.243.230.206:52196 to 85.66.51.76:21
Blocked incoming TCP connection request from 221.176.4.19:111 to 85.66.51.76:111
Blocked incoming ICMP packet (ICMP type from 85.66.15.235 to 85.66.51.76
Blocked incoming TCP packet from 60.28.2.79:80 to 85.66.51.76:2869 as RST:ACK received but there is no active connection
Blocked incoming TCP packet from 221.5.47.132:80 to 85.66.51.76:2869 as SYN:ACK received but there is no active connection

[krex]

Today the most (99%) messages are Blocked incoming TCP connection request from [variable ipaddress] to 85.66.51.76:17241 (the port is the same, 17241 in every message)

I checked, this port is used by my torrent client...

[EddieZ]

So most questions answered I guess 

There are some strange ports trying to connect to your PC. Please do a thourough virus- and malware scan.

[krex]

So most questions answered I guess 

There are some strange ports trying to connect to your PC. Please do a thourough virus- and malware scan.

Ok, I've started a scan, but please explain me where/how does the virus run when my computer was switched off at night?

[EddieZ]

Possible scenario is that you have some infection on your PC which has reported the IP it is on to a 'server'. This server will use that Ip/location to send more infected data or newer versions of the infection. :-) Basically a zombie network.

Not saying it is, but this way your PC does not have to be turned on to receive connections attempts.

[krex]

Yes, it could be a possible scenario. I think I will renew my ip. Thanks.

[edit]

Isn't it possible that this is caused by a torrent tracker server?

[EddieZ]

Looking at the ports involved I don't think so. I guess you don't actually host (I don't mean acting as a temporary peer while downloading) torrents on your machine. This is a no-no for private home connections and will absolutely kill your connection.

[yoder]

I think this is pretty average...probably just random port scans from China. You can reverse lookup the IP's (http://whois.domaintools.com/) but if they resolve to anything it's probably just a slave machine anyway. Could be leftover traffic from a previous owner of your dynamically assigned IP as well.