router logs

[Baz]

I know people will say that in the router logs, DOS attacks etc are normal and its the router doing its job, but is there any thing you can or should do if you get the same/similar address in the log.

Ive had some recently and did an IP address look up and some were from the same ' company ' shall we say, there were also lots of reports about the same address

can the address be traced right back to an individual computer or account.

[cavillas]

Baz your tag is reporting the wrong browser for me I am using Exlorer 9. 

[Baz]

some one has to use I guess Alf   

[Gary]

I know people will say that in the router logs, DOS attacks etc are normal and its the router doing its job, but is there any thing you can or should do if you get the same/similar address in the log.

Ive had some recently and did an IP address look up and some were from the same ' company ' shall we say, there were also lots of reports about the same address

can the address be traced right back to an individual computer or account.

Ignore logs Baz, the routers doing its job, and some are not Dos attacks anyway, logging into facebook produces loads, just ignore them

[pctech]

As Gary says its quite normal, switch off respond to ping on WAN port and you'll find they will disappear (but this will also stop the Think Broadband Quality Monitor from working)

You'll probably find a lot of them are from China or Russia, lots of bots and hackers running port scans from there, there's little or nothing an ISP can do.

Technically you could send an abuse report to the address listed in RIPE or the appropriate registry but in those countries the ISPs don't really care all that much.

[armadillo]

The ones to worry about are the attacks that are NOT logged. 

[Rik]

  Now he'll have sleepless nights...

[pctech]

Don't have nightmares

[Lance]

Baz, have you seriously not got anything better to do then trawling through router logs?? 

Most people would only ever look at them if they have an issue.

[pctech]

I've seen the logs from our firewall appliances at work.

He really would be scared if he saw the amount of attempted probes they rebuff on a daily basis.

[Baz]

Baz, have you seriously not got anything better to do then trawling through router logs?? 

Most people would only ever look at them if they have an issue.

yeah and you wouldnt know you have an issue unless you look at them.


to be honest the ones that do bother me lately, if any one can explain, are from an IDNet address

[cavillas]

I have used the router logs and they burn quite nicely on the fire.

[Gary]

yeah and you wouldnt know you have an issue unless you look at them.


to be honest the ones that do bother me lately, if any one can explain, are from an IDNet address

I have had them too, as has been mentioned Baz all this shows is the routers firewall is doing its job, no need to worry, just ignore them. If you want to see how well stealthed your ports are from a probe go here to shields up https://www.grc.com/x/ne.dll?bh0bkyd2 select proceed and run the all ports test it should come up all green. Lots of traffic probes ports, messengers can show up as such as well, you are protected.

[pctech]

yeah and you wouldnt know you have an issue unless you look at them.


to be honest the ones that do bother me lately, if any one can explain, are from an IDNet address

Baz I take it you are looking the addresses up on ripe.net?

[Steve]

The ones from IDNet are probably caused by the multicast service.

[Baz]

Baz I take it you are looking the addresses up on ripe.net?

I use this    http://ip-address-lookup-v4.com/

[pctech]

If they begin 224 they definitely are multicast addresses and it'll just be the IDNet routers checking if your router is multicast capable.