Do these recent Netgear DoS attack messages concern you [DoS attack: FIN Scan] attack packets in last 20 sec from ip [96.17.148.8], Monday, Aug 11,2014 05:28:45 [DoS attack: Smurf] attack packets in last 20 sec from ip [113.88.232.255], Sunday, Aug 10,2014 11:22:14
I am not in the habit of looking at my Netgear router log files but I just happened to look and saw those two activities.
Does that mean the router protected me and they didn't get in? How did they get past the firewall?
I also see very many of these types: [LAN access from remote] from 209.170.124.118:3075 to 192.168.1.3:3074, Tuesday, Aug 12,2014 01:43:44 [LAN access from remote] from 108.45.144.8:3074 to 192.168.1.3:3074, Tuesday, Aug 12,2014 01:40:50 [LAN access from remote] from 99.36.167.174:3074 to 192.168.1.3:3074, Tuesday, Aug 12,2014 01:40:50
Is a LAN access an actual remote log in? Or is it just an "attempt" that failed?
(There are dozens of these, from many IP addresses.)
To "log in", you must "log in" into something. While one could conceivably log into a LAN, mass IT equipment does not normally have that capability (as in, they would have nowhere to "log in" into a LAN).
"LAN access" means that someone is able to send packets into the LAN (read: send them to hosts on the LAN) and receive packets from the LAN.
According to the logs you posted, on several/numerous occasions, your router "patched" an outside host to a host on the inside. Whether this is a problem or not depends on whether that particular host (192.168.1.3) is supposed to be taking inbound connections. Is it?
A breach means that an attacker managed to get past the perimeter. The above logs show that a connection (presumably initiated from the outside) was established on several/many occasions. Again, whether this is a problem or not depends on whether this is supposed to happen. What is
192.168.1.3? Is it an XBox? Playstation? A PC running a torrent program? A smartphone running the Skype app? One of those "plug servers", like a Raspberry Pi or a Sheeva? Is it a media server? A file server? A web server designed to take in traffic from the outside? There are many options.
As for a little more color on what is happening, look at the ports they are trying to connect to:
$grep '[[:space:]]3074/' /etc/services xbox 3074/tcp # Xbox game port xbox 3074/udp # Xbox game port
Someone is (presumably) looking for XBoxen. Maybe they just want to play?
It's a Windows XP laptop. It's not "supposed" to be doing anything. So, I'm not sure what the router "patched", but, whatever it did, it shouldn't have done.
Is this a problem with Netgear? Should I have gotten a different router that doesn't patch?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.