any ideas:
kernel: DROP <4>DROPIN=ppp0 OUT= MAC= <1>SRC=210.6.206.198 DST=146.90.230.0 <1>LEN=60 TOS=0x00 PREC=0x80 TTL=45 ID=61264 DF PROTO=TCP <1>SPT=1247 DPT=23 SEQ=577273818 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (
i get lots of these DROPIN=ppp0 OUT= MAC=
i did a whois on the source IP and it came back with..
http://www.ip-adress.com/whois/210.6.206.198
Hong Kong / china ? is this accurate and why is this address on my router logs. the destination is plusnet london network.
did i buy a piece of asian spyware when purchasing an Asus
DROP <4>DROPIN=ppp0 OUT= MAC= <1>SRC=217.212.238.132 DST=146.90.230.0 <1>LEN=93 TOS=0x00 PREC=0xA0 TTL=50 ID=0 DF PROTO=UDP <1>SPT=3478 DPT=61971 LEN=73
^ thats a Swedish server
is this just DNS listings
im getting permanent listings in the router log (im on the latest firmware)
Nov 13 19:38:34 kernel: DROP <4>DROPIN=ppp0 OUT= MAC= <1>SRC=64.34.169.244 DST=146.90.230.0 <1>LEN=60 TOS=0x00 PREC=0x80 TTL=56 ID=62831 DF PROTO=TCP <1>SPT=47176 DPT=80 SEQ=774176840 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A5D52F5270000000001030307)
Nov 13 19:38:37 kernel: DROP <4>DROPIN=ppp0 OUT= MAC= <1>SRC=64.34.169.244 DST=146.90.230.0 <1>LEN=60 TOS=0x00 PREC=0x80 TTL=56 ID=62832 DF PROTO=TCP <1>SPT=47176 DPT=80 SEQ=774176840 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A5D52F8150000000001030307)
Nov 13 19:38:43 kernel: DROP <4>DROPIN=ppp0 OUT= MAC= <1>SRC=64.34.169.244 DST=146.90.230.0
pages of this stuff ^^
I have QOS off and most things are fairly standard. i have the firewall on the router and UPNP off. I also have no VPN setup. just a fairly standard CHAP PPPO connection to plustnet radius.
any ideas folks ?
64.34.169.244 <- this one seems to be a genuine attack attempt going by the comments.
http://www.ipillion.com/ip/64.34.169.244
what can i do to safe guard against any access other than what i already have set as standard.