ok so iecently ive been viewing the logs of my dir655 d link router and i see alot of: Blocked incoming udp connection request from..... Blocked incoming Tcp connection request from.... like over 50 of blocked incoming.... i have 2 computers in my home network can anyone here tell me what is happening?
Some routers have firewalls that block incoming connections. Your router has NAT and SPI firewalls. With SPI, the router keeps two logs: a log of Web sites visited by the local computers, and a log of attack attempts.
i looked up alot of the ip addresses through ip-adress.com and alot of them are from china, hungay, or some other european,asian country. and a few of them are from amazon.com, other ISP's such as at&t and hurricane electric from chicago. is this something i should be worried about? get a few hundred of these everyday i dont use p2p programs
No, dont worry. Everyone gets these types of inbounds. Just make sure you have a password set up in the router (not the default), and disable any remote access. - Stem
you mean the password that you use to log in to the router set up right? yes, ive alreaady changed that. and when you mean disable remote access you mean by right clicking on my computer and unchecking allow remote assistance in the remote tab correct?
Yes. OK. No. Look in the router settings. There is usually a setting to allow remote access/management (to be able to log into the router from outside the LAN), it should be disabled unless you need/use it. - Stem
ok thx stem yes remote management is unchecked in the router settings. sorry but i have another question llol. a post above my sundaridevi says i can view separate logs from websites visited from the computers on my lan network and logs from attack attempts from hackers and/or outside sources. when i click on log i have log options such as view levels: critical, warnings, informational and what to view: firewall security, system, router status adn all of them are checked. how do i view the logs for attack attempts.
Hi, Sorry, I am not sure as to your question. Are you asking which logging to enable, or asking how to view the log, or how to view only certain parts of the log? If for example, you are logging everything, then it could of course give you a very big single log (that would depend on the router, it may split the logs itself?), when such a log is to be viewed I would normally take the log (there is usually an option in the log to save it to the PC) and then use a log viewer. There are a number of log viewers (some free) that can be used. One example is the Kiwi log viewer, there is the free basic viewer that can be used. What you would do is to load the log file, then you can add key words such as "Inbound" which would then highlight all the entries within the log that contained that text. - Stem
ok sorry for not being clear, what i was trying to ask was how do i view the log of attack attempts vs the log of the computers on my network
If the options in the router do split the logs (as could be inferred by your post). Then try changing the "VIEW" to critical + warnings and "What to view" as Firewall security. If that does not help, then I suggest downloading the log from the router and use a log viewer (as mentioned above). - Stem
Hi wutsup, I have the same router. I don't know if it's possible to view everything separately unless you disable some of the checkmarks. however, it's probably easiest just to save the log file from Status -> Logs, then view them with notepad. Just FYI from the help file: So your log file will probably never be really big. Mine never are.
hey wat, so what should i keep checked off to see attack attempts vs of things by my copmuters on the network?
I'm not really sure. I just keep checked the ones you see in the screenshot. I would think Firewall & Security with Critical and or Warning at least? TBH I don't really check the logs very often, mainly because I never see anything unexpected or worthwhile for my needs.
hey wat, sorry but i have another question. if NAT, SPI, and Anti- Spoofing are checked, does this prevent DOS attacks? or is there another setting to prevent DOS attacks?
TBH, I don't know. There's no mention in the help files I can see about protection against DOS attacks. I have those options checked anyway, regardless of how effective they may or may not be, since I figure they must at least add some security.
hey wat sorry but i have another question (didnt want to make a new thread)... i powered down my route and cable modem for about a day and when i checked the WAN ip it changed to a different one? is this what a dynamic ip is?
Yes.....that is what an Dynamic IP is..... The WAN IP Address of your Router is dynamically assigned to your Router by your Internet Service Providers DHCP Server. The LAN IP Address of your Computer, and all Computers connected to your Router, are dynamically assigned to your Computer and all Computers connected to your Router, by your Router's DHCP Server. The LAN Address of your Computer, and all Computers connected to your Router, will have an IP Address starting with 192.xxx.xxx.xxx The Router's IP Address on the LAN side of your Router will also have an IP Address starting with 192.xxx.xxx.xxx The Router's IP Address on the WAN side of your Router will have an IP Address starting with anything other than 192.xxx.xxx.xxx WAN = Wide Area Network (the Internet) IP = Internet Protocol DHCP = Dynamic Host Configuration Protocol LAN = Local Area Network (the computers connected to your Router) You may read about DHCP here: http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol HKEY1952
