Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Go to first new post Wireless not connecting
Go to first new post WAN LAN or something else!!
Go to first new post 2-floor Home networking question
Go to first new post DNS Problem - Can't connect more than on ...
Go to first new post Desktop Won't Connect Though Laptop/Xbox ...
Go to first new post Can't connect to internet with laptop wi ...
Go to first new post Can't connect to WiFi with Thinkpad
Go to first new post Setting up an Imaging sever
Go to first new post Is it possible to connect as a repeater ...
Go to first new post defaultipgateway & dhcpserver failed
Go to first new post Issues with mobile phone & wifi
Go to first new post wireless not connecting
Go to first new post "Unable to Connect" to certain ...
Go to first new post MR
Go to first new post Internet connection lost after installin ...
Search Search
Search for:
Tech Support Guy Forums > > >

Router Security Log


(!)

Reply
jo15765's Avatar
Computer Specs
Member with 271 posts.
THREAD STARTER
  
Join Date: Oct 2011
Experience: Intermediate
09-Aug-2012, 07:58 PM #1
Router Security Log
I have a home wireless network set-up enabled with MAC address filtering, I was looking at the security log and I see some strange things showing up, that I don't know what mean...should I be concerned?

Code:
Aug 8 18:14:05 2012 Ip Spoofing from IP 10.120.83.244 to                         IP 74.125.45.188 dropped
Aug 8 18:31:57 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:32:14 2012 Ip Spoofing from IP 10.107.75.5 to                         IP 74.125.137.188 dropped
Aug 8 18:32:45 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:35:45 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:36:28 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:37:27 2012 Ip Spoofing from IP 10.172.233.181 to                         IP 78.141.179.16 dropped
Aug 8 18:37:34 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:39:16 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:42:55 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 8 18:43:48 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter[3 times]
Aug 8 18:59:24 2012 Ip Spoofing from IP 10.34.253.201 to                         IP 174.35.36.30 dropped
Aug 8 18:59:24 2012 Ip Spoofing from IP 10.34.253.201 to                         IP 174.35.36.30 dropped
Aug 8 18:59:24 2012 Ip Spoofing from IP 10.34.253.201 to                         IP 174.35.36.30 dropped
Aug 8 19:23:33 2012 Ip Spoofing from IP 10.27.205.72 to                         IP 74.125.45.188 dropped
Aug 8 19:35:36 2012 Ip Spoofing from IP 10.27.226.211 to                         IP 74.125.134.188 dropped
Aug 8 19:59:43 2012 Ip Spoofing from IP 10.7.115.38 to                         IP 74.125.137.188 dropped
Aug 8 20:38:54 2012 Ip Spoofing from IP 10.117.252.89 to                         IP 74.125.137.188 dropped
Aug 8 21:03:01 2012 Ip Spoofing from IP 10.227.97.116 to                         IP 74.125.139.188 dropped
Aug 8 21:12:06 2012 Ip Spoofing from IP 10.123.188.76 to                         IP 174.35.35.32 dropped
Aug 8 21:12:06 2012 Ip Spoofing from IP 10.123.188.76 to                         IP 174.35.35.32 dropped
Aug 8 21:51:19 2012 Ip Spoofing from IP 10.124.116.166 to                         IP 74.125.137.188 dropped
Aug 8 23:06:54 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:06:55 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:06:56 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:06:57 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:06:58 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:07:16 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:07:21 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 8 23:07:44 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
Aug 9 04:14:22 2012 Ip Spoofing from IP 10.19.13.255 to                         IP 63.144.43.103 dropped
Aug 9 05:53:59 2012 Ip Spoofing from IP 10.20.72.207 to                         IP 74.125.45.188 dropped
Aug 9 06:03:02 2012 Ip Spoofing from IP 10.108.203.141 to                         IP 74.125.137.188 dropped
Aug 9 06:48:15 2012 Ip Spoofing from IP 10.114.3.53 to                         IP 74.125.134.188 dropped
Aug 9 16:12:46 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
Aug 9 19:50:17 2012 Ip Spoofing from IP 10.42.35.217 to                         IP 74.125.45.188 dropped


My router IP is 192.168.2.1 and of course everything that connects is 192.168.2.X why are there crazy IP addresses in there?
Also what is SYN FIN SCAN?

I thought my network was secure but after seeing those in my Firewall Log I am not so sure...

****EDIT
One thing I will say is I often times will use LogMeIn to remote into my PC, the times do not match up, but could that be the IP Spoofing that is showing or is it something totally different?
Last edited by jo15765; 09-Aug-2012 at 08:04 PM..
TerryNet's Avatar
Computer Specs
Moderator with 58,650 posts.
  
Join Date: Mar 2005
Location: Ottawa, IL
10-Aug-2012, 09:18 AM #2
What encryption are you using? I suggest that you change the encryption key and use at least WPA-PSK.

I'm mostly guessing, but that log looks to me that somebody else is connected to your router and/or one of your computers is infected.
jo15765's Avatar
Computer Specs
Member with 271 posts.
THREAD STARTER
  
Join Date: Oct 2011
Experience: Intermediate
10-Aug-2012, 09:52 AM #3
I am using WPA-PSK. My key is 15 characters long including 3 dashes in there, as well as MAC address filtering enabled, (*correct me if I am wrong, but that means not only do they have to have my wireless key they also have to have there MAC address on the "approved list", is that right) and is random letters and numbers, but I will change it. Any other suggestions? I am at work now, and just tried to remote into my router to change the key but for some reason I can't connect. I will do it this afternoon for sure tho.
TerryNet's Avatar
Computer Specs
Moderator with 58,650 posts.
  
Join Date: Mar 2005
Location: Ottawa, IL
10-Aug-2012, 10:02 AM #4
With your security you are probably OK and I may have given you a false alarm. But changing the key only costs you the inconvenience of having to reconnect your devices so it is probably worth it for the peace of mind.

MAC Addresses are easily spoofed and are nearly worthless for security; as long as you are using WPA or WPA2 encryption with a strong passphrase (not a dictionary word) you are not really gaining anything with MAC Address filtering. You may enjoy reading The ABCs of securing your wireless network.
__________________
Microsoft MVP - Windows Expert - Consumer (since July 2010)
loserOlimbs's Avatar
Computer Specs
Member with 7,788 posts.
  
Join Date: Jun 2004
Location: Wichita, KS
10-Aug-2012, 05:45 PM #5
Your log will also show you external hits on your router from your modem.

If you are really concerned, you can find out who those IPs belong to, but most likely I would say you are being probed by bot-nets on other machines somewhere.

Do you have any ports open for RDP / HTTP? Are you using anything like DynaDNS?
__________________
"Dear Posterity, If you have not become more just, more peaceful, and generally more rational than we are (or were)--why then, the Devil take you. Having, with all respect, given utterance to this pious wish, I am (or was) Yours, Albert Einstein"
jo15765's Avatar
Computer Specs
Member with 271 posts.
THREAD STARTER
  
Join Date: Oct 2011
Experience: Intermediate
11-Aug-2012, 03:07 PM #6
I am not using DynaDNS.

Also, I have not changed the default settings in my router so IDK if there are ports open for RDP/HTTP or not...


EDIT****
I also have changed my network name, am not broadcasting a SSID, and changed my network password and I am still seeing IP Spoofing and Syn Fin attacks in my router firewall log....What the devil is going on?
Last edited by jo15765; 12-Aug-2012 at 10:34 AM..
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Networking | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 03:40 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑