Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Search Search
Search for:
Tech Support Guy > > >

Router Security Log


(!)

jo15765's Avatar
jo15765 jo15765 is offline
Computer Specs
Member with 303 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
09-Aug-2012, 07:58 PM #1
Router Security Log
I have a home wireless network set-up enabled with MAC address filtering, I was looking at the security log and I see some strange things showing up, that I don't know what mean...should I be concerned?

Code:
Aug 8 18:14:05 2012 Ip Spoofing from IP 10.120.83.244 to                         IP 74.125.45.188 dropped
Aug 8 18:31:57 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:32:14 2012 Ip Spoofing from IP 10.107.75.5 to                         IP 74.125.137.188 dropped
Aug 8 18:32:45 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:35:45 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:36:28 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:37:27 2012 Ip Spoofing from IP 10.172.233.181 to                         IP 78.141.179.16 dropped
Aug 8 18:37:34 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:39:16 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:42:55 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:43:48 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter[3 times]
Aug 8 18:59:24 2012 Ip Spoofing from IP 10.34.253.201 to                         IP 174.35.36.30 dropped
Aug 8 18:59:24 2012 Ip Spoofing from IP 10.34.253.201 to                         IP 174.35.36.30 dropped
Aug 8 18:59:24 2012 Ip Spoofing from IP 10.34.253.201 to                         IP 174.35.36.30 dropped
Aug 8 19:23:33 2012 Ip Spoofing from IP 10.27.205.72 to                         IP 74.125.45.188 dropped
Aug 8 19:35:36 2012 Ip Spoofing from IP 10.27.226.211 to                         IP 74.125.134.188 dropped
Aug 8 19:59:43 2012 Ip Spoofing from IP 10.7.115.38 to                         IP 74.125.137.188 dropped
Aug 8 20:38:54 2012 Ip Spoofing from IP 10.117.252.89 to                         IP 74.125.137.188 dropped
Aug 8 21:03:01 2012 Ip Spoofing from IP 10.227.97.116 to                         IP 74.125.139.188 dropped
Aug 8 21:12:06 2012 Ip Spoofing from IP 10.123.188.76 to                         IP 174.35.35.32 dropped
Aug 8 21:12:06 2012 Ip Spoofing from IP 10.123.188.76 to                         IP 174.35.35.32 dropped
Aug 8 21:51:19 2012 Ip Spoofing from IP 10.124.116.166 to                         IP 74.125.137.188 dropped
Aug 8 23:06:54 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:06:55 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:06:56 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:06:57 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:06:58 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:07:16 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:07:21 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:07:44 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 9 04:14:22 2012 Ip Spoofing from IP 10.19.13.255 to                         IP 63.144.43.103 dropped
Aug 9 05:53:59 2012 Ip Spoofing from IP 10.20.72.207 to                         IP 74.125.45.188 dropped
Aug 9 06:03:02 2012 Ip Spoofing from IP 10.108.203.141 to                         IP 74.125.137.188 dropped
Aug 9 06:48:15 2012 Ip Spoofing from IP 10.114.3.53 to                         IP 74.125.134.188 dropped
Aug 9 16:12:46 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 9 19:50:17 2012 Ip Spoofing from IP 10.42.35.217 to                         IP 74.125.45.188 dropped


My router IP is 192.168.2.1 and of course everything that connects is 192.168.2.X why are there crazy IP addresses in there?
Also what is SYN FIN SCAN?

I thought my network was secure but after seeing those in my Firewall Log I am not so sure...

****EDIT
One thing I will say is I often times will use LogMeIn to remote into my PC, the times do not match up, but could that be the IP Spoofing that is showing or is it something totally different?

Last edited by jo15765; 09-Aug-2012 at 08:04 PM..
TerryNet's Avatar
Computer Specs
Moderator with 66,536 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
10-Aug-2012, 09:18 AM #2
What encryption are you using? I suggest that you change the encryption key and use at least WPA-PSK.

I'm mostly guessing, but that log looks to me that somebody else is connected to your router and/or one of your computers is infected.
jo15765's Avatar
jo15765 jo15765 is offline
Computer Specs
Member with 303 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
10-Aug-2012, 09:52 AM #3
I am using WPA-PSK. My key is 15 characters long including 3 dashes in there, as well as MAC address filtering enabled, (*correct me if I am wrong, but that means not only do they have to have my wireless key they also have to have there MAC address on the "approved list", is that right) and is random letters and numbers, but I will change it. Any other suggestions? I am at work now, and just tried to remote into my router to change the key but for some reason I can't connect. I will do it this afternoon for sure tho.
TerryNet's Avatar
Computer Specs
Moderator with 66,536 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
10-Aug-2012, 10:02 AM #4
With your security you are probably OK and I may have given you a false alarm. But changing the key only costs you the inconvenience of having to reconnect your devices so it is probably worth it for the peace of mind.

MAC Addresses are easily spoofed and are nearly worthless for security; as long as you are using WPA or WPA2 encryption with a strong passphrase (not a dictionary word) you are not really gaining anything with MAC Address filtering. You may enjoy reading The ABCs of securing your wireless network.
__________________
Microsoft MVP - Windows Expert - Consumer (since July 2010)
loserOlimbs's Avatar
Computer Specs
Member with 7,800 posts.
 
Join Date: Jun 2004
Location: Wichita, KS
10-Aug-2012, 05:45 PM #5
Your log will also show you external hits on your router from your modem.

If you are really concerned, you can find out who those IPs belong to, but most likely I would say you are being probed by bot-nets on other machines somewhere.

Do you have any ports open for RDP / HTTP? Are you using anything like DynaDNS?
jo15765's Avatar
jo15765 jo15765 is offline
Computer Specs
Member with 303 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
11-Aug-2012, 03:07 PM #6
I am not using DynaDNS.

Also, I have not changed the default settings in my router so IDK if there are ports open for RDP/HTTP or not...


EDIT****
I also have changed my network name, am not broadcasting a SSID, and changed my network password and I am still seeing IP Spoofing and Syn Fin attacks in my router firewall log....What the devil is going on?

Last edited by jo15765; 12-Aug-2012 at 10:34 AM..
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑