Broadband Tech > Security > Security > Firewall Log

Firewall Log

The port is a Quake game server port. The source IP addresses are just a bunch of random machines around the globe. Were you playing a game at the time?

No I wasn't playing any games at the time. Even when all my computers are disconnected for 15 mins and check that log again, I'm still seeing those block inbound access.

Is this log from your hardware firewall, router or software?

800-1000 hits a day would be normal, but you look like you are receiving a lot more than that.

Can your IP address be changed? Is it static or dynamic?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

reply to Solo12
Router firewall. is that a virus acting out or router fault?

It is saying it is blocking them so that would be a good thing.
Whether at the time it was a brute force attack to try and crack your password who knows, but it isn't internal. Has the default password been changed on the router?

Also you didn't mention if you use a static IP address with the ISP, or they use a dynamic IP address? If you cannot find a definitive answer (some ISP's allow release/renew of the IP), turn off the router for half hour or so, or over night and see if the logs show the same IP, IE, 99.126.162.57.

If it's a static address and keeps happening then talk to the ISP, ie, the internet drops out at these moments.

If it's a dynamic address with the ISP, turning off the router for half hour will issue a new IP address, and the original 99.126.162.57 may have been associated with a game as OldCableGuy suggests and you are seeing the last user's traffic to some extent.

But inbound and blocked is a good thing, not a bad thing.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

reply to Solo12
As OldCableGuy says, port 27525 is for Quake. ipproto=6 is TCP, and ipproto=17 is UDP.

You could always look up the source IP adddresses at the regional registries to see where the traffic
was coming from. As for exactly WHAT it was trying to do is anyone's guess.

I'd just make sure your router is scaled to handle whatever traffic load, both INBOUND and OUTBOUND,
is put on it, if you think that this is what caused your connection to be bottlenecked.

Otherwise your gear is doing what it's supposed to, which is "Unknown inbound session stopped."

Regards

Let us know how the IP reset goes via turning off the router.

800 to 1000 probes per day is nothing abnormal and why it is suggested to have a router to drop all the noise from reaching your software firewall. I'm not familiar with the network settings of the US so someone more local or visiting the forum relative to your ISP here may help a little with configuration.

However today with alerts like that "blaster" etc, it usually is diagnosed by looking at the network configuration / alerting specifically to help.

----------------------

Although as you have already had a virus on the computer, you could always post the text of this command:
Start - run - cmd (admin permissions if Win 7) and use the command (without inverted commas) "netstat -ano".

However an image of task manager or a program that will list running processes and the specific numbering to cross reference against the netstat output is required, netstat will not list process names. So we need the 2 reports at the same time frame for providing you help.

-----------------------

The forum can review this type of information after you have refreshed to a new IP address first. Still 84 alerts is still nothing of concern if the router is blocking/dropping them over a period of time. All 84 in 1 second or 300,000 over an hour would need further investigation and concern.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

reply to Solo12
Wondering if you were assigned a new ip and the previous owner was hosting the game. I usually have to wait 24 hrs before a new ip assigned when router is unplugged. If I plug directly into modem ISP will give new ip since MAC address changes.

Edit: Looks like you might have a modem/router combo, not sure. That could nix plugging directly into modem for new ip.

There seems nothing unusual about those processes.

Some of those connections aren't port 80/443 but assume that traffic is all related to utorrent feed.

(I forgot to add in task manager, on the processes tab, view-select columns - check "PID". Not sure why that isn't selected by default, Microsoft must have a reason for that.)

I'd leave that router firewall on and not worry about 1000 hits a days; that is just "Internet noise".
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

Thank you. So you mean that's not unusual? Jee I was worrying. But I have never notice that much logs before. And I couldn't reset my IP either. I requested a new router and it's on it's way. I'm hoping that will change my IP and solve my problem.

1000 hits a day, no.

Although using utorrent would up your hits I'd imagine, but still if the router is blocking/dropping the inbound it is doing it's job.

Just make sure you look at the config for the router and turn off remote admin, upnp, port forwarding and set a good solid password - leaving that at default is a dangerous practice.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

reply to Solo12

reply to norwegian
This morning my router reset itself and my internet connection dropped for several times and then came back on. When I contact my ISP one tech told me someone is doing DDoS ony my router and he suggest a tech team look at my com for infection so I did and they found nothing and they told me to ignore those file. And after 2 hours, I had the same problem and I contacted my ISP again this time a new Tech told me everything's fine. And again afew hours later my connection went down again. Not my Wifi but my whole internet and then came back on. I don't know what is going on but it's driving me crazy. If my computers are clean I'm changing a new ISP. Any idea?

Once your replacement router arrives and your IP address changes, your problems might stop unless someone is specifically ddos-ing you. Will your ISP assign you a new IP address? I'm surprised they didn't already when troubleshooting with you.