Connection Issue - Intrusion? - Printable Version +- [TC] Gaming Forums (https://forum.city-driving.co.uk) +-- Forum: General Information (/forumdisplay.php?fid=1) +--- Forum: General Discussions (/forumdisplay.php?fid=4) +---- Forum: Help Requests & Technical Support (/forumdisplay.php?fid=9) +---- Thread: Connection Issue - Intrusion? (/showthread.php?tid=4181) |
Connection Issue - Intrusion? - Tommer - 2012-08-19 15:13 Hi guys. Yesterday I was having problems with my connection, my internet was running as fast as it normally does and I shouldn't have been having a problem but then every 5-10 minutes I'd suddenly drop connection randomly. I did some investigating and found my router security log which normally when I check it is blank but today I'm getting messages like the following every 5-10 mins; Spoiler (Click to View) Every time there's a new intrusion alert the source IP changes (Mostly from China, sometimes Thailand, allover the place) and the destination IP is the same. The STP switches back and forth from various ports but sometimes the same one appears twice - My router has no ports open in the firewall but however it did for a period of 3 days have a port open for a private LFS server I was hosting. My suspicion with these Intrusions is that some script kiddies computer is trying to port scan my network, but I get the feeling this firewall activity is also what's causing me to drop connection seeing as it would be quite the coincidence that these two problems started at the same time. Wondering if anyone has a fix for this? It's a little frustrating. Should I leave my router off overnight and hope it will acquire a new IP in the morning when I turn it on? or will this not work? RE: Connection Issue - Intrusion? - Chuck - 2012-08-19 16:46 That's nothing extraordinary. There are thousands of machines in the internet constantly scanning any possible ip address for vulnerabilities. In your example it appears to be accessing port 80 (which is commonly uses for websites) and probably scanning there for commonly used software. For instance, once a bug for such a software has been discovered they know instantly which host ran that software and they can instantly use that weakness for hacking it. If you run SSH services for instance (linux terminal), you usually have 2-3 attacks per day. That's just a normal day in the internet. However, I don't think your problems are caused by any kind of such scans because the actual network impact is marginal. |