1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Kernel Intrusion on my router

Discussion in 'General Security' started by Trebor901, Aug 28, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Trebor901

    Trebor901 Thread Starter

    Joined:
    Aug 3, 2007
    Messages:
    6
    Hi last night i checked my routers "Security Log" and i found this line appearing every sort of 10 minutes:

    kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=219.148.119.6 DST=172.141.192.159 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW=8192 RES=0x00 SYN URGP=0

    Is this something i should be worried about or is it just something that happens when having a router.
     
  2. Frank4d

    Frank4d Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
  3. Trebor901

    Trebor901 Thread Starter

    Joined:
    Aug 3, 2007
    Messages:
    6
    Well i havent got the network setup so you can access files from the pc's on the network so they wouldnt be able to do anything if they did get past the router anyway would they?
     
  4. Trebor901

    Trebor901 Thread Starter

    Joined:
    Aug 3, 2007
    Messages:
    6
    Sometimes i get this aswell : kernel: eth1 Link UP.
     
  5. Tritone

    Tritone

    Joined:
    Sep 16, 2007
    Messages:
    1
    Hi Trebor,

    Basically, SPT=12200 DPT=7212 means "source port 12000 and destination port 7212".

    It means something scanned your IP to see if you were open on port 7212.

    This is a pretty normal thing to see in a firewall log anywhere. It is very common. There are bots and people who can ports looking for open proxies. 7212 is a tcp port used by a well known open proxy - meaning someone could surf the Internet, send spam, etc through your proxy IF it was open and you didn't have a firewall.

    This is simply your firewall telling you it did it's job. You'll see similar entries for other ports, especially ports in the 1020-1030 range which are old Microsoft pop up ports that would let you send pop up messages to people on your local LAN. (or let spammers send you pop up ads).

    The other line is just your firewall router telling you it's inside Ethernet interface is up.

    This is all normal activity and you don't have anything to worry about. Your firewall is doing it's job and it is good you are monitoring the logs.

    If you don't already monitor and keep historical logs, you should. Install something like Kiwi Syslog and set your PC up to receive the logs from your firewall.

    Cheers,

    T
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/616350