- Joined
- Apr 20, 2006
Hey guys!
Whilst logged in the GUI for my router earlier I went to the Firewall log page and was rather shocked to see that I had been under HackAttack: [SPI:Illegal connection state attack] since 8.29am (GMT).
Here's a small example of what the log lists:
Apr 15 08:32:51 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 116.15.25.33:49389 to 82.26.200.129:48718
Apr 15 08:32:51 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 96.254.120.20:49978 to 82.26.200.129:48718
Apr 15 08:32:54 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 71.77.40.11:61952 to 82.26.200.129:48718
Apr 15 08:32:56 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 71.187.14.238:57571 to 82.26.200.129:48718
Apr 15 08:32:56 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 71.45.156.233:62360 to 82.26.200.129:48718
Apr 15 08:32:58 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 72.27.15.110:19293 to 82.26.200.129:60525
Apr 15 08:33:00 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 175.137.164.252:62230 to 82.26.200.129:48718
Also this a segment from the System Log:
Apr 15 08:41:35 daemon UPNPD[2033]: HTTP Connection closed inexpectedly
Apr 15 08:42:03 daemon UPNPD[2033]: HTTP Connection closed inexpectedly
Apr 15 08:43:18 daemon DHCP SERVER: DHCPINFORM from 192.168.1.103
Apr 15 08:43:21 daemon DHCP SERVER: DHCPINFORM from 192.168.1.103
Apr 15 08:47:25 daemon DHCP SERVER: DHCPINFORM from 192.168.1.103
Apr 15 08:47:28 daemon DHCP SERVER: DHCPINFORM from 192.168.1.103
Apr 15 08:47:53 daemon DHCP SERVER: DHCPDISCOVER from 00:26:55:8b:86:7b via br0
Apr 15 08:47:55 daemon DHCP SERVER: DHCP offer to 00:26:55:8b:86:7b
Apr 15 08:47:55 daemon DHCP SERVER: DHCP request from 00:26:55:8b:86:7b
Apr 15 08:47:55 daemon DHCP SERVER: DHCP ack to 00:26:55:8b:86:7b
There's also 'daemon UPNPD[2036]' listed quite often in the log.
What's going on?? :S Am I still safe to surf the net? I can provide you with the complete log if required cause its very long.
Any help appreciated! Cheeers!
Anubis_386
Whilst logged in the GUI for my router earlier I went to the Firewall log page and was rather shocked to see that I had been under HackAttack: [SPI:Illegal connection state attack] since 8.29am (GMT).
Here's a small example of what the log lists:
Apr 15 08:32:51 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 116.15.25.33:49389 to 82.26.200.129:48718
Apr 15 08:32:51 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 96.254.120.20:49978 to 82.26.200.129:48718
Apr 15 08:32:54 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 71.77.40.11:61952 to 82.26.200.129:48718
Apr 15 08:32:56 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 71.187.14.238:57571 to 82.26.200.129:48718
Apr 15 08:32:56 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 71.45.156.233:62360 to 82.26.200.129:48718
Apr 15 08:32:58 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 72.27.15.110:19293 to 82.26.200.129:60525
Apr 15 08:33:00 Bi7800N user.info kernel: HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp_0_0_38_1] 175.137.164.252:62230 to 82.26.200.129:48718
Also this a segment from the System Log:
Apr 15 08:41:35 daemon UPNPD[2033]: HTTP Connection closed inexpectedly
Apr 15 08:42:03 daemon UPNPD[2033]: HTTP Connection closed inexpectedly
Apr 15 08:43:18 daemon DHCP SERVER: DHCPINFORM from 192.168.1.103
Apr 15 08:43:21 daemon DHCP SERVER: DHCPINFORM from 192.168.1.103
Apr 15 08:47:25 daemon DHCP SERVER: DHCPINFORM from 192.168.1.103
Apr 15 08:47:28 daemon DHCP SERVER: DHCPINFORM from 192.168.1.103
Apr 15 08:47:53 daemon DHCP SERVER: DHCPDISCOVER from 00:26:55:8b:86:7b via br0
Apr 15 08:47:55 daemon DHCP SERVER: DHCP offer to 00:26:55:8b:86:7b
Apr 15 08:47:55 daemon DHCP SERVER: DHCP request from 00:26:55:8b:86:7b
Apr 15 08:47:55 daemon DHCP SERVER: DHCP ack to 00:26:55:8b:86:7b
There's also 'daemon UPNPD[2036]' listed quite often in the log.
What's going on?? :S Am I still safe to surf the net? I can provide you with the complete log if required cause its very long.
- Router settings wise for the firewall, there's one default rule I can't alter basically saying anything frm any local ip on any port to allow it.
- I then have options for an "Ethernet MAC Filter" set to 'Block' but it has no parameters set.
- There's a "Wireless MAC Filter" set to 'Block', "Intrusion Detection" enabled set to 'Maximum TCP Open Handshaking Count' 50/per second, 'Maximum Ping Count' set to 10/per second and "Maximum ICMP Count" set to 50/per second.
- Under "Block WAN PING" the two options "Block WAN PING" & "Block WAN (IPv6) PING" are both set to 'Enable',
- I then have options for a URL filter which is currently disabled.
- Other settings such as "IGMP/MLD Proxy", "IGMP/MLD Snooping" are all set to enabled.
Any help appreciated! Cheeers!
Anubis_386