1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Router Security Log

Discussion in 'Networking' started by jo15765, Aug 9, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. jo15765

    jo15765 Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    305
    I have a home wireless network set-up enabled with MAC address filtering, I was looking at the security log and I see some strange things showing up, that I don't know what mean...should I be concerned?

    Code:
    [FONT=Arial, Helvetica, sans-serif][SIZE=2]Aug 8 18:14:05 2012 Ip Spoofing from IP 10.120.83.244 to                         IP 74.125.45.188 dropped
    Aug 8 18:31:57 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
    Aug 8 18:32:14 2012 Ip Spoofing from IP 10.107.75.5 to                         IP 74.125.137.188 dropped
    Aug 8 18:32:45 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
    Aug 8 18:35:45 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
    Aug 8 18:36:28 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
    Aug 8 18:37:27 2012 Ip Spoofing from IP 10.172.233.181 to                         IP 78.141.179.16 dropped
    Aug 8 18:37:34 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
    Aug 8 18:39:16 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
    Aug 8 18:42:55 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
    Aug 8 18:43:48 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter[3 times]
    Aug 8 18:59:24 2012 Ip Spoofing from IP 10.34.253.201 to                         IP 174.35.36.30 dropped
    Aug 8 18:59:24 2012 Ip Spoofing from IP 10.34.253.201 to                         IP 174.35.36.30 dropped
    Aug 8 18:59:24 2012 Ip Spoofing from IP 10.34.253.201 to                         IP 174.35.36.30 dropped
    Aug 8 19:23:33 2012 Ip Spoofing from IP 10.27.205.72 to                         IP 74.125.45.188 dropped
    Aug 8 19:35:36 2012 Ip Spoofing from IP 10.27.226.211 to                         IP 74.125.134.188 dropped
    Aug 8 19:59:43 2012 Ip Spoofing from IP 10.7.115.38 to                         IP 74.125.137.188 dropped
    Aug 8 20:38:54 2012 Ip Spoofing from IP 10.117.252.89 to                         IP 74.125.137.188 dropped
    Aug 8 21:03:01 2012 Ip Spoofing from IP 10.227.97.116 to                         IP 74.125.139.188 dropped
    Aug 8 21:12:06 2012 Ip Spoofing from IP 10.123.188.76 to                         IP 174.35.35.32 dropped
    Aug 8 21:12:06 2012 Ip Spoofing from IP 10.123.188.76 to                         IP 174.35.35.32 dropped
    Aug 8 21:51:19 2012 Ip Spoofing from IP 10.124.116.166 to                         IP 74.125.137.188 dropped
    Aug 8 23:06:54 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
    Aug 8 23:06:55 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
    Aug 8 23:06:56 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
    Aug 8 23:06:57 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
    Aug 8 23:06:58 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
    Aug 8 23:07:16 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
    Aug 8 23:07:21 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
    Aug 8 23:07:44 2012 SYN FIN Scan from IP 192.168.2.14 port 50864 to                     IP 92.37.226.141 port 443 droppe
    Aug 9 04:14:22 2012 Ip Spoofing from IP 10.19.13.255 to                         IP 63.144.43.103 dropped
    Aug 9 05:53:59 2012 Ip Spoofing from IP 10.20.72.207 to                         IP 74.125.45.188 dropped
    Aug 9 06:03:02 2012 Ip Spoofing from IP 10.108.203.141 to                         IP 74.125.137.188 dropped
    Aug 9 06:48:15 2012 Ip Spoofing from IP 10.114.3.53 to                         IP 74.125.134.188 dropped
    Aug 9 16:12:46 2012 b8:17:c2:08:0d:8f is blocked by                         wireless MAC filter
    Aug 9 19:50:17 2012 Ip Spoofing from IP 10.42.35.217 to                         IP 74.125.45.188 dropped
    [/SIZE][/FONT]
    [FONT=Arial, Helvetica, sans-serif]

    My router IP is 192.168.2.1 and of course everything that connects is 192.168.2.X why are there crazy IP addresses in there?
    Also what is SYN FIN SCAN?

    I thought my network was secure but after seeing those in my Firewall Log I am not so sure...

    ****EDIT
    One thing I will say is I often times will use LogMeIn to remote into my PC, the times do not match up, but could that be the IP Spoofing that is showing or is it something totally different?
    [/FONT]
     
  2. TerryNet

    TerryNet Terry Moderator

    Joined:
    Mar 23, 2005
    Messages:
    69,538
    What encryption are you using? I suggest that you change the encryption key and use at least WPA-PSK.

    I'm mostly guessing, but that log looks to me that somebody else is connected to your router and/or one of your computers is infected.
     
  3. jo15765

    jo15765 Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    305
    I am using WPA-PSK. My key is 15 characters long including 3 dashes in there, as well as MAC address filtering enabled, (*correct me if I am wrong, but that means not only do they have to have my wireless key they also have to have there MAC address on the "approved list", is that right) and is random letters and numbers, but I will change it. Any other suggestions? I am at work now, and just tried to remote into my router to change the key but for some reason I can't connect. I will do it this afternoon for sure tho.
     
  4. TerryNet

    TerryNet Terry Moderator

    Joined:
    Mar 23, 2005
    Messages:
    69,538
    With your security you are probably OK and I may have given you a false alarm. But changing the key only costs you the inconvenience of having to reconnect your devices so it is probably worth it for the peace of mind.

    MAC Addresses are easily spoofed and are nearly worthless for security; as long as you are using WPA or WPA2 encryption with a strong passphrase (not a dictionary word) you are not really gaining anything with MAC Address filtering. You may enjoy reading The ABCs of securing your wireless network.
     
  5. loserOlimbs

    loserOlimbs

    Joined:
    Jun 19, 2004
    Messages:
    7,800
    Your log will also show you external hits on your router from your modem.

    If you are really concerned, you can find out who those IPs belong to, but most likely I would say you are being probed by bot-nets on other machines somewhere.

    Do you have any ports open for RDP / HTTP? Are you using anything like DynaDNS?
     
  6. jo15765

    jo15765 Thread Starter

    Joined:
    Oct 11, 2011
    Messages:
    305
    I am not using DynaDNS.

    Also, I have not changed the default settings in my router so IDK if there are ports open for RDP/HTTP or not...


    EDIT****
    I also have changed my network name, am not broadcasting a SSID, and changed my network password and I am still seeing IP Spoofing and Syn Fin attacks in my router firewall log....What the devil is going on?
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1064515