router log issues

Discussion in 'privacy problems' started by wutsup, Oct 1, 2009.

Thread Status:
Not open for further replies.
  1. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    ok so iecently ive been viewing the logs of my dir655 d link router and i see alot of:

    Blocked incoming udp connection request from.....
    Blocked incoming Tcp connection request from....

    like over 50 of blocked incoming....

    i have 2 computers in my home network

    can anyone here tell me what is happening?
     
  2. SundariDevi

    SundariDevi Registered Member

    Joined:
    Sep 22, 2009
    Posts:
    40
    Some routers have firewalls that block incoming connections. Your router has NAT and SPI firewalls. With SPI, the router keeps two logs: a log of Web sites visited by the local computers, and a log of attack attempts.
     
  3. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    i looked up alot of the ip addresses through ip-adress.com and alot of them are from china, hungay, or some other european,asian country. and a few of them are from amazon.com, other ISP's such as at&t and hurricane electric from chicago.

    is this something i should be worried about?

    get a few hundred of these everyday i dont use p2p programs
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    No, dont worry. Everyone gets these types of inbounds. Just make sure you have a password set up in the router (not the default), and disable any remote access.

    - Stem
     
  5. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    you mean the password that you use to log in to the router set up right? yes, ive alreaady changed that. and when you mean disable remote access you mean by right clicking on my computer and unchecking allow remote assistance in the remote tab correct?
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes. OK.
    No. Look in the router settings. There is usually a setting to allow remote access/management (to be able to log into the router from outside the LAN), it should be disabled unless you need/use it.


    - Stem
     
  7. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    ok thx stem yes remote management is unchecked in the router settings.

    sorry but i have another question llol. a post above my sundaridevi says i can view separate logs from websites visited from the computers on my lan network and logs from attack attempts from hackers and/or outside sources.

    when i click on log i have log options such as view levels: critical, warnings, informational and what to view: firewall security, system, router status adn all of them are checked. how do i view the logs for attack attempts.
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi,

    Sorry, I am not sure as to your question.

    Are you asking which logging to enable, or asking how to view the log, or how to view only certain parts of the log?

    If for example, you are logging everything, then it could of course give you a very big single log (that would depend on the router, it may split the logs itself?), when such a log is to be viewed I would normally take the log (there is usually an option in the log to save it to the PC) and then use a log viewer. There are a number of log viewers (some free) that can be used. One example is the Kiwi log viewer, there is the free basic viewer that can be used. What you would do is to load the log file, then you can add key words such as "Inbound" which would then highlight all the entries within the log that contained that text.

    - Stem
     
  9. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    ok sorry for not being clear, what i was trying to ask was how do i view the log of attack attempts vs the log of the computers on my network
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If the options in the router do split the logs (as could be inferred by your post). Then try changing the "VIEW" to critical + warnings and "What to view" as Firewall security.

    If that does not help, then I suggest downloading the log from the router and use a log viewer (as mentioned above).


    - Stem
     
  11. wat0114

    wat0114 Guest

    Hi wutsup,

    I have the same router. I don't know if it's possible to view everything separately unless you disable some of the checkmarks. however, it's probably easiest just to save the log file from Status -> Logs, then view them with notepad.

    Just FYI from the help file:

    So your log file will probably never be really big. Mine never are.
     
    Last edited by a moderator: Oct 29, 2009
  12. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    hey wat, so what should i keep checked off to see attack attempts vs of things by my copmuters on the network?
     
  13. wat0114

    wat0114 Guest

    I'm not really sure. I just keep checked the ones you see in the screenshot. I would think Firewall & Security with Critical and or Warning at least? TBH I don't really check the logs very often, mainly because I never see anything unexpected or worthwhile for my needs.
     

    Attached Files:

  14. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    hey wat, sorry but i have another question. if NAT, SPI, and Anti- Spoofing are checked, does this prevent DOS attacks? or is there another setting to prevent DOS attacks?
     
  15. wat0114

    wat0114 Guest

    TBH, I don't know. There's no mention in the help files I can see about protection against DOS attacks. I have those options checked anyway, regardless of how effective they may or may not be, since I figure they must at least add some security.
     
  16. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    hey wat sorry but i have another question (didnt want to make a new thread)... i powered down my route and cable modem for about a day and when i checked the WAN ip it changed to a different one? is this what a dynamic ip is?
     
  17. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Yes.....that is what an Dynamic IP is.....

    The WAN IP Address of your Router is dynamically assigned to your Router by your Internet Service Providers DHCP Server.

    The LAN IP Address of your Computer, and all Computers connected to your Router, are dynamically assigned to your Computer and all Computers connected to your Router, by your Router's DHCP Server.

    The LAN Address of your Computer, and all Computers connected to your Router, will have an IP Address starting with 192.xxx.xxx.xxx
    The Router's IP Address on the LAN side of your Router will also have an IP Address starting with 192.xxx.xxx.xxx
    The Router's IP Address on the WAN side of your Router will have an IP Address starting with anything other than 192.xxx.xxx.xxx

    WAN = Wide Area Network (the Internet)
    IP = Internet Protocol
    DHCP = Dynamic Host Configuration Protocol
    LAN = Local Area Network (the computers connected to your Router)


    You may read about DHCP here:
    http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol


    HKEY1952
     
Loading...
Thread Status:
Not open for further replies.