Routers

Hi

Can anyone tell me if it is possible to by pass a NAT enabled router? I'm asking because someone keeps trying hack me - same constaint IP ADDRESS.

Thank for any replys

 

Do you have a software firewall?

 

Unless it is through an allowed connection it shouldn't be able to be bypassed I don't believe.

 

Right, but a 'hacker' might also try to exploit a vulnerability in the router (I don't believe this is the case, otherwise the hack would probably have occured already).
The only allowed connections could come through portforwarding. If you configured this kind of function (like opeing an incoming communication for bittorrent or something like that, someone could try to hack that function.

Best way: show the log.

BTW: dns from your ISP could be the legal source of incoming packets!

 

I will agree with that, I am just mainly going by my own experience. I have been useing a router for several years now and nothing bad has gotten through yet. And i hope it stays that way.

 

Evening all,

I was on the net this morning an while i was using the router i was getting lots of hack attempts and denial of servuice attempts showing in the router log file. Alos when ichecked my software file some of the attempts had got through, but been block by my software firewall. The hack attempts were done by using the EDM MGR Cntrl program!! - This carried on right through out the day until about 6.00pm.

Any ideas,

Mazey

 

As noted above by LowWaterMark, post samples from the log here for review - block out your own public IP address. Until that happens, there's really no useful information in front of us.

Blue

 

do you want software or hardware firewall logs?

 

Both if possible ^_^

 

Try running Shields Up. one or more of your ports may be showing closed but not stealthed. In which case you are protected but visable on the net. There are other tests you can run but this should give you a quick indication of how your router is performing.

 

Unsolicited UDP gets by NAT?

-rich

 

hi guys,

This is a log from my router:
System Log

2005-05-30 00:39:37 1498/TCP from 66.102.9.104:80 to :1498 3-Invalid TCP packet received, dropping packet

The strange thins is all my router ports are closing and im not forwording any, but this hacker keeps trying.

So worried about this, pls help!
Mazeedited ip address==bigc

 

Damn i shoulnt of give my ip adress should i?

 

Here is what I get on the first ip

 

what was that?

 

that is the ip that is trying to connect with your comp.---google.

 

Closed or stealthed?

 

Bigc did a whois it on 66.102.9.104:80 from the log you gave him. look at were it is coming from.

 

It means that the "attack" was actually data received from a web server owned by Google, almost surely due to you visiting it and doing a search. For some reason your router took a dislike to the data sent back and dropped it. "3-Invalid TCP packet received" doesn't really offer much information so perhaps your router documentation has more details on this.

 

The source ip address of the attacker is:

216:239:59:147 - event information - 'firefox'

216:239:59:147 - event information - 'nsjtp-ctrl'

216:239:59:147 - event information - 'ncpm-hip'

This is the current info from my software firewall

Thank

maze

 

''cant access my home page google!!''

 

It just might not be in the whois data basa but here is what I get on that one.

 

LowWaterMark - what does all this mean im not getting hacked, why is my home page not working and i keep getting the same Ip address showing up with event information?

can you explain?

By the way thank guys/girls for helping me out here.

Maze