Router Blocking Incoming

Router Blocking Incoming

Post by Mik Tows » Tue, 08 Feb 2005 05:57:07


I decided to replace my PTI-CAE84 ADSL router with a new Belkin wireless,
which, I'm pleased to report, has cured the line hiss.

However, the new router has a built-in firewall which blocks incoming WAN
pings by default. Perusing the security log shows a /lot/ of blocked
activity. All the addresses include the allocated WAN IP address /and/ the
WAN default gateway.

An extract from the security log:

Feb.06.2005 20:36:59 security:2445.164 Blocked Prot=103, 80.189.99.249 >
0:20:2b:0:0:d -Default Defense
Feb.06.2005 20:36:06 security:2457.499 Blocked Prot=17, 8.2.96.27:55150 >
80.189.214.40:1026 -Default Defense
Feb.06.2005 20:36:06 security:2457.499 Blocked Prot=17, 8.2.96.27:55150 >
80.189.214.40:1026 -Disallowed Destination IP

80.189.214.40 is the WAN IP address[1] & 80.189.99.249 is the (WAN) default
gateway.

[1] That's not fixed, but I think it is fixed for the current session.

Do I need to worry about the above & should I leave the ping blocking on?

My RPC NIC is an EtherX.


TIA for any advice/help.

--
Mik Towse * XXXX@XXXXX.COM * http://www.yqcomputer.com/
My writers' site can be found at: http://www.yqcomputer.com/

xemik.net - cost effective web hosting : http://www.yqcomputer.com/

The end move in politics is always to pick up a gun. Buckminster Fuller
 
 
 

Router Blocking Incoming

Post by Steven Pam » Tue, 08 Feb 2005 06:26:47

In article <4D392539E3% XXXX@XXXXX.COM >, Mik Towse


[Snip]



OK how worried do you want to be?

Simply putting IP port 1026 into google gives a nice list of references all
of which relate to PC security and usually to Trojan attacks.
http://www.yqcomputer.com/ ~rakerman/trojan-port-table.html gives a nice
summary of things.

1026 relates to variants of exploits against vulnerabilities in MS
Messenger.




[Snip]


How do you fancy some nice little script kiddie attempting to do things to
any machine you connect to the router? OK so they aren't going to get far
with an MS exploit on your RPC...

I'd check for a stealth mode that way they can't see the existence of the
IP and they don't try the scripted attacks. It can make a difference to the
speed of your link if there are lot's of the little darlings having a go.

 
 
 

Router Blocking Incoming

Post by druc » Tue, 08 Feb 2005 06:40:46


[Snip]


Every address on the internet, and especially those associated with a
broadband connection, will be regularly probed by thousands of virus
ridden Windows boxes and script kiddies machines. As long as you dont
have an unprotected Windows box, its nothing to worry about.

---druck

--
The ARM Club Free Software - http://www.yqcomputer.com/
The 32bit Conversions Page - http://www.yqcomputer.com/
 
 
 

Router Blocking Incoming

Post by Mik Tows » Tue, 08 Feb 2005 07:15:20


Ah, so it's just something poking at my visible presence on the 'net hoping
to get a response. Both PCs have the Windows Firewall on; altho' I expect
that that isn't much comfort. ;-)

Thanks for your comments.

--
Mik Towse * XXXX@XXXXX.COM * http://www.yqcomputer.com/
My writers' site can be found at: http://www.yqcomputer.com/

xemik.net - cost effective web hosting : http://www.yqcomputer.com/

A truly wise man never plays leapfrog with a unicorn
 
 
 

Router Blocking Incoming

Post by Mik Tows » Tue, 08 Feb 2005 07:23:32


LOL not at all! :o)

[snip]

The router passed the TruStealth check at grc.com, so I'll just leave well
alone. Thanks for reminding me about that.

They vary between 5 in a second or two, to 30sec/1min a part. :o(

ATB
Mik

--
Mik Towse * XXXX@XXXXX.COM * http://www.yqcomputer.com/
My writers' site can be found at: http://www.yqcomputer.com/

xemik.net - cost effective web hosting : http://www.yqcomputer.com/

Computer Lie #1: You'll never use all that disk space