>I'm using @home internet cable. I have the linksys cable router + 4 port >switch. This splits the connection to 3 computers in the house. DHCP is >turned off. The Internal IPs are 192.168.1.x (2,3,4)... Over the past day >I received a couple of weird INCOMING entries in the log. >DATE TIME SCR SCR_PORT DEST DEST_PORT >08/25/2001 13:24:52 192.168.1.8 80 <my ip address> 3976 >08/25/2001 19:04:42 192.168.1.16 80 <my ip address> 4319 >08/25/2001 23:25:38 192.168.1.9 80 <my ip address> 4450 The first two sets of ports are unassigned. The last one is assigned to CAMP. As near as I can tell, CAMP is an enhanced DOS based OS. See: http://www.antronics.com/camp/version4.htm Maybe someone more knowledgeable can give more insight on this ? >How is it possible that these are coming into the router from the outside? >Is this an error on the router? Do any of these ports seem familiar. Well obviously, you are not using public IP addresses on your LAN. Did you open any ports to the internal network ? Is the router set to drop ICMP ? Or perhaps you have placed some of the destination addresses in the DMZ ? >Extra note: When I tried to make a connection with these ports from within >my network it refused the connection and didn't put it in the incoming or >outgoing log. If you tried accessing the ports internally, the router (if set as a gateway) will not have to pass any traffic externally or accept any in, thus no log entries. Also, since most likely you are not running any applications that use those ports, there is nothing to accept the connections. I suspect one of two things: 1) You have a dynamically assigned public IP address. The connection attempts may be intended for the system which last had your current address. or: 2) Someone is flying blind and trying to probe for responses. I suggest downloading and installing Tiny Personal software (freeware) to one of your internal Windows systems. This will help you to get a better picture of what type of traffic is on your internal network and will allow you to allow or deny the traffic at a more granular level than the Linksys will. ~S~ Disclaimer: My own 2 cents. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 08:22:11 PDT