Router - Alert Messages

Discussion in 'privacy problems' started by philby, Oct 7, 2012.

Thread Status:
Not open for further replies.
  1. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    Hello All

    I have a Draytek 2820n router that has been running for around 2 years, with mail alert for attacks set to 'On'.

    Recently, (last 2 months) I've been getting a lot of alert notifications - today alone I've had 57 !!

    They look like this:

    2012/10/07 16:58:25 -- [DOS][Block][trace_route][66.70.56.122:42877->MY PUBLIC IP + Various Port>[UDP][HLen=20, TLen=44]

    or this:

    2012/10/07 13:21:16 -- [DOS][Block][trace_route][178.239.163.10->MY PUBLIC IP (No Port)[ICMP][HLen=20, TLen=44, Type=8, Code=0]

    Does this just mean my router is doing its job i.e. repelling DOS attacks?

    Or might there be more to this?

    Thanks in advance

    philby
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Robotex doesn't show anyone owning that IP. 66.70.56 is registered to DataPipe in NJ. However, I see a lot of foreign sites listed located India and China so it is possible someone is trying to nail you.

    The prior ICMP was probably a port scan.

    You can always block inbound traffic to 66.70.56.0 - 66.70.56.255 in your software firewall to play it safe. Better to do it on the router if you have that capability.
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    it is doing its job and blocking unsolicited traffic. nothing more i don't think.
     
  4. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    OK - will relax... but also see about blocking those inbounds itman - thank you both!

    philby
     
Thread Status:
Not open for further replies.