Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder harlequin2k5's Avatar
    Join Date
    Sep 2005
    Location
    Holiday, FL
    Posts
    635
    Thanks
    18
    Thanked 0 Times in 0 Posts

    UDP Data/Packets & TCP Data

    I'm still quite new to this whole router thing...

    I've recently been able to block one of our computers from accessing the internet so I know when that computer tries to go out to the web our security log lets me know that an HTTP connection was dropped with that specific IP address and what it's destination was (looks like its only windows trying to get its updates) - or if a computer attempts to access a blocked keyword - that's cool but there are other things in the security log that I don't understand

    Mon, 07/17/2006 21:11:50 - TCP connection dropped - Source:67.78.75.227, 2782, WAN - Destination:67.78.185.42, 445, LAN - 'SMB'
    Mon, 07/17/2006 21:15:20 - TCP connection dropped - Source:125.248.51.200, 6000, WAN - Destination:67.78.185.42, 7212, LAN - 'Suspicious TCP Data'
    Mon, 07/17/2006 21:17:40 - UDP packet dropped - Source:204.16.208.112, 51572, WAN - Destination:67.78.185.42, 1026, LAN - 'Suspicious UDP Data'
    Mon, 07/17/2006 21:19:04 - TCP connection dropped - Source:67.78.231.147, 2274, WAN - Destination:67.78.185.42, 445, LAN - 'SMB'
    Mon, 07/17/2006 21:23:56 - TCP connection dropped - Source:67.78.165.112, 2387, WAN - Destination:67.78.185.42, 135, LAN - 'Suspicious TCP Data'
    Mon, 07/17/2006 21:32:28 - TCP connection dropped - Source:67.78.228.197, 1138, WAN - Destination:67.78.185.42, 139, LAN - 'NetBIOS'
    Mon, 07/17/2006 21:40:28 - UDP packet dropped - Source:216.107.36.62, 29150, WAN - Destination:67.78.185.42, 1026, LAN - 'Suspicious UDP Data'
    Mon, 07/17/2006 21:46:22 - UDP packet dropped - Source:204.153.43.184, 31243, WAN - Destination:67.78.185.42, 1026, LAN - 'Suspicious UDP Data'
    Mon, 07/17/2006 21:53:08 - TCP connection dropped - Source:67.78.75.227, 4544, WAN - Destination:67.78.185.42, 445, LAN - 'SMB'
    Mon, 07/17/2006 22:00:20 - UDP packet dropped - Source:17.7.242.6, 31260, WAN - Destination:67.78.185.42, 1026, LAN - 'Suspicious UDP Data'
    Mon, 07/17/2006 22:02:22 - UDP packet dropped - Source:204.16.208.119, 57338, WAN - Destination:67.78.185.42, 1026, LAN - 'Suspicious UDP Data'
    Mon, 07/17/2006 22:03:32 - TCP connection dropped - Source:67.78.165.112, 1355, WAN - Destination:67.78.185.42, 135, LAN - 'Suspicious TCP Data'
    I'm able to recognize our IP address on a few of these lines and I didn't know if I needed to worry about all these "suspicious" connections?

    should I try and look up each of these ip's and see where they go? is it just normal traffic (we have 6 other computers hooked up) for others who are surfing or checking email?

    I'm still kinda new to this and I keep telling my boss (who didn't want any of this stuff in the first place ) that everything is fine and we're as safe as we're gonna be

    any help is greatly appreciated

  • #2
    Super Moderator sage45's Avatar
    Join Date
    May 2002
    Posts
    1,059
    Thanks
    0
    Thanked 13 Times in 13 Posts
    What make and model router do you have?

    -saige-
    HTML & CSS Forum Moderator

    "If you don't know what you think you know, then what do you know."
    R.I.P. Derrick Thomas #58
    1/1/1967 - 2/8/2000

  • #3
    Regular Coder harlequin2k5's Avatar
    Join Date
    Sep 2005
    Location
    Holiday, FL
    Posts
    635
    Thanks
    18
    Thanked 0 Times in 0 Posts
    netgear fs318v with personal firewall

  • #4
    Regular Coder
    Join Date
    Jul 2006
    Posts
    112
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Port 445 - SMB (Server Message Block) protocol: used for file sharing and other things in Win2k\XP (Often used by port scanners for OS detection).
    Mon, 07/17/2006 21:11:50 - TCP connection dropped - Source:67.78.75.227, 2782, WAN - Destination:67.78.185.42, 445, LAN - 'SMB'
    Source is trying to connect to your TCP port 7212 ... from Korea.
    Mon, 07/17/2006 21:15:20 - TCP connection dropped - Source:125.248.51.200, 6000, WAN - Destination:67.78.185.42, 7212, LAN - 'Suspicious TCP Data'
    Source is trying to connect to your UDP port 1026 from Wasilla, Alaska.
    Mon, 07/17/2006 21:17:40 - UDP packet dropped - Source:204.16.208.112, 51572, WAN - Destination:67.78.185.42, 1026, LAN - 'Suspicious UDP Data'
    Ports 135 and 139 are Microsoft Remote Procedure Call (RPC) service and Netbios Session Service respectively. Mostly open for backwards compatibility, I believe.

    For more information check this site. On it they said the following:

    If you are using a router as your Internet gateway then you will want to ensure that it does not allow inbound or outbound traffic via TCP ports 135-139.
    Basically, it's probably all harmless, but if you're concerned, increase your firewall settings to white list only the ports you want to get through.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •