Can anyone help? - dslreports.com

Author	All Replies
rehr0001 join:2002-01-22 Minneapolis, MN	Can anyone help? Every few minutes for the last 2 days I get an intrusion email from my router. Its coming from my computer (127.0.0.1). This is the message "Time: 11/05/2003, 18:45:47 Message: IP Spoofing Source: 127.0.0.1, 80 Destination:66.41.208.145, 1213 (from WAN Inbound)" Can anyone give me an idea of what could be causing this? Thanks
	to forum · permalink · · 2003-11-06 21:33:09 ·
keith2468 Premium,MVM join:2001-02-03 Winnipeg, MB	Hi Rehr - 127.0.0.1 is supposed to be reserved for your computer to talk to itself (one process on your computer communicating with another process). 64.41.208.145 doesn't seem to be in use. IP spoofing means a message sent with a fake source IP address. A lot of things could cause this, although it is rare. What is running on your computer when this happens? Which operating system are you running? (I'm thinking something messed up on your firewall, but need more details.)
	to forum · permalink · · 2003-11-07 00:14:35 ·
callihn4 join:2002-01-10 Space	reply to rehr0001 said by rehr0001 : Every few minutes for the last 2 days I get an intrusion email from my router. Its coming from my computer (127.0.0.1). This is the message "Time: 11/05/2003, 18:45:47 Message: IP Spoofing Source: 127.0.0.1, 80 Destination:66.41.208.145, 1213 (from WAN Inbound)" Can anyone give me an idea of what could be causing this? Thanks Nothing to worry about your router is doing it's job. Someone has attempted to connect to your WAN address (66.41.208.145 Port 1213) while spoofing their IPA to appear as 127.0.0.1 which is the IPA of your localhost. -- If Operating Systems Were Women? : »www.sigkill.com/os/
	to forum · permalink · · 2003-11-07 03:31:51 ·
rehr0001 join:2002-01-22 Minneapolis, MN	I'm running WindowsXP. There are 2 computers connected to the router, and a Primiq mediaplayer connected wirelessly. I've just got some standard programs running in the background (outlook, NAV, prismiq software, analogx (network traffic monitor). This just happened suddenly 2-3 days ago and its really annoying. The router is set to email when there is an intrusion attempt and I'm currently getting 70-90 emails/day. I can just turn off the setting as it appears the router and firewall are doing there job, but I'm just trying to figure out if its coming from the outside world (in which case I should probably contact my ISP) or if its coming from inside and trying to get out? Thanks for you help guys ... this is definitely not my area of expertise.
	to forum · permalink · · 2003-11-07 08:51:33 ·
rehr0001 join:2002-01-22 Minneapolis, MN	oh yeah, the router is an SMC2804WBR
	to forum · permalink · · 2003-11-07 08:53:09 ·
Tactics Green Lantern join:2001-03-29 Pinehurst, NC	This might help. Grab a cup of coffee. »Incomming hits from 127.0.0.1
	to forum · permalink · · 2003-11-07 09:36:05 ·
x539 join:2003-08-23 Oklahoma City, OK	reply to rehr0001 This is a pretty good explanation also, and somewhat shorter: »archives.neohapsis.com/archives/···132.html
	to forum · permalink · · 2003-11-07 10:13:34 ·
rehr0001 join:2002-01-22 Minneapolis, MN	Thank you for your help. So what it seems then is that someone on my block has the blaster worm and comcast has windows update DNS set to 127.0.0.1 and one of the spoofed IPs happens to be mine? Oh the joys ... I guess I'm going to turn off my email notification for a while.
	to forum · permalink · · 2003-11-08 00:15:16 ·


Tuesday, 01-Dec 22:48:29	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF