Router says "ip spoofing attack"

Discussion in 'other firewalls' started by pandorax, Mar 31, 2012.

Thread Status:
Not open for further replies.
  1. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    I enabled logging and it shows ip spoofing attack!


    ip spoofing - WAN UDP source:192.168.1.2:59365 | destination:my internal ip:port | ATTACK

    What is that?
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
  3. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    So the log that i posted here is really attack or not?

    PS: It is happening when torrent open.
    New log;

    ip spoofing - WAN UDP 192.168.1.2:22134 internal ip:torrent port ATTACK
     
    Last edited: Mar 31, 2012
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Here is a more readable explanations. Hacking into private home networks is more for TV-series.

    Intro: http://www.symantec.com/connect/articles/ip-spoofing-introduction

    explanation http://knight.segfaults.net/EE579/ look for the powerpoint IP Spoofing brief to class and IP spoofing powerpoint

    As a precaution, do the following:

    1. Have a wired backup
    Before taking precautions below, connect to your router with a wired PC, make sure this connection works. To prevent to be cut out, either by your own clumsiness or the (very) unlikely event of a hacker tacking over.

    2. Check access rights
    Disable remote admin/management capabilities and log-on options on your router. Check whether all access is protected with a password (some routers only have one admin, some two and some also user log-ins) and change them with your modem powered off.

    3. Limit number of available IP-addresses on the LAN
    limit the range of internal IP addresses to the number of clients you normally have on your LAN (don't forget the smartphone's).

    4. Check Source routing options
    Some routers have this, possibly under IP options/Advanced network setup. Look for anomolies from the default and disable this.

    5. Change network name and key
    Change the name of your network (by default the make of the router, give it another name to make it more difficult for attackers to know the weakspots of your router). Same with the encryption protection. Choose the strongest encryption type (WPA2), use a long longer than 12 characters pass phrase.


    I am not a fireall/router expert, there are a few on Wilders though
     
    Last edited: Apr 1, 2012
  5. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    Thanks @Kees1958. I think i have a tough wireless setup. I can make pocket filter in router. The thing is i don't know if it is torrent thing or a real threat! And this thing is far beyond average user o_O
     
Thread Status:
Not open for further replies.