dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
733
CmmTch
join:2002-08-10
High Ridge, MO

CmmTch

Member

Router Security Log Entry, IP Spoofed?

Could someone explain what this entry means? The IP's are LAN and router, but what is the 13 in 192.168.1.13?. I have one computer behind a Cayman 3220H ver 6.3.

Number of security log entries : 1

Security alert type : IP Source Address Spoofing
IP source address : 192.168.1.13
IP destination address : 64.218.91.xxx
Number of attempts : 4
Time at last attempt : Thu Feb 19 12:08:47 2004(UTC)
IP Interface : PPP (pppoe/vcc1)

Thanks for replies

sdfdfs
@lsanca1.dsl-verizon.

sdfdfs

Anon

Did your router drop the packets? If so then you should not worry as you arent in any danger.If you want to be 100% sure run a packet sniffer and see if you see any suspicious stuff.

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ to CmmTch

Premium Member

to CmmTch
quote:
IP source address : 192.168.1.13
It means your router spotted a packet with a spoofed source address of 192.168.1.13. Which means either your router was mistaken or someone is sending you packets with spoofed source addresses, hoping to get them into your network.

Seems like your router/firewall is doing its job.

keith2468
Premium Member
join:2001-02-03
Winnipeg, MB

keith2468 to CmmTch

Premium Member

to CmmTch
Normally the packets go from the source IP address to the destination IP address.

Is this an inbound or an outbound packet? What IP address is your computer?

I'm thinking this is an inbound event from 192.168.1.13 and your router is at 54.218.91.xxx.

As noted by John, the 192.168.xxx.xxx is spoofed. This is because 192.168.xxx.xxx is reserved for local use on LAN, so many computers are at 192.168.xxx.xxx, and so any reply from your system to the source couldn't be routed back to the orginal sender.
CmmTch
join:2002-08-10
High Ridge, MO

CmmTch

Member

sdfdfs I'm not sure if the router dropped the packets. I would have to think so, the message at the top of the security log said "Your Gateway has detected and successfully blocked an event that could have compromised the security of your network" Does this mean those packets were dropped?

keith2468 The message in the security log seems to be for an inbound packet(s). The 64.218.91.xxx is the router IP on the WAN side.

I also have ZAP 4.5 to protect the pc.

There wasn't much in the ZA log until after i created a pinhole to play a game online, now its full of mostly TCP and some UDP protocol type attempts, all blocked. Should I close the pinhole after I play the game? or is it ok to leave it there all the time?

Mem
join:2002-01-03
Nashville, TN
·Google Fiber
·AT&T FTTP

Mem

Member

Yes, the packets were dropped (blocked) - the Cayman protected your network. Definitely inbound packet(s) from the Internet.

I would suggest you close the pinhole (forwarding) when you don't need it. No sense in opening up an access to your network when it's not being used.