Reply

Re: Analysing my log

Bilbo0a
Novice

Analysing my log

i am trying to see if i am getting unauthorized access via the internet and hence i check my log file.
I have a netgear Router WNDR3700 with latest firmware, and using a cable modem from motorola.

here are the questions i have on my log

What does this line mean? (as i live in Singapore this ip adress is not from here)

[Internet connected] IP address: 58.182.56.108, Saturday, May 26,2012 08:41:45
[Internet connected] IP address: 58.182.56.108, Saturday, May 26,2012 02:41:46

How can i prevent those?

[DoS Attack: RST Scan] from source: 186.23.122.219, port 54674, Saturday, May 26,2012 02:16:16
[DoS Attack: RST Scan] from source: 186.23.122.219, port 54672, Saturday, May 26,2012 02:16:16
[Internet connected] IP address: 58.182.56.108, Saturday, May 26,2012 00:41:46
[DoS Attack: RST Scan] from source: 186.23.122.219, port 50817, Saturday, May 26,2012 00:16:20
[DoS Attack: RST Scan] from source: 186.23.122.219, port 50820, Saturday, May 26,2012 00:16:20

thanks for your help , let me know if you need other information from me.
Message 1 of 5
jmizoguchi
Virtuoso

Re: Analysing my log

DoS- denial of service

DROPPED traffic. Nothing to worried about.

you will NEVER see no log with nothing.

you will EXPECT DoS log which router is doing it's job.Smiley Happy

below is where the ip is originated

whois 186.23.122.219
#
# Query terms are ambiguous. The query is assumed to be:
# "n 186.23.122.219"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=186.23.122.219?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 186.0.0.0 - 186.255.255.255
CIDR: 186.0.0.0/8
OriginAS:
NetName: LACNIC-186
NetHandle: NET-186-0-0-0-1
Parent:
NetType: Allocated to LACNIC
Comment: This IP address range is under LACNIC responsibility
Comment: for further allocations to users in LACNIC region.
Comment: Please see http://www.lacnic.net/ for further details,
Comment: or check the WHOIS server located at http://whois.lacnic.net
RegDate: 2007-09-28
Updated: 2010-07-21
Ref: http://whois.arin.net/rest/net/NET-186-0-0-0-1

OrgName: Latin American and Caribbean IP address Regional Registry
OrgId: LACNIC
Address: Rambla Republica de Mexico 6125
City: Montevideo
StateProv:
PostalCode: 11400
Country: UY
RegDate: 2002-07-27
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/LACNIC

ReferralServer: whois://whois.lacnic.net

OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Whois Info
OrgTechPhone: 999-999-9999
OrgTechEmail: whois-contact@lacnic.net
OrgTechRef: http://whois.arin.net/rest/poc/LACNIC-ARIN

OrgAbuseHandle: LACNIC-ARIN
OrgAbuseName: LACNIC Whois Info
OrgAbusePhone: 999-999-9999
OrgAbuseEmail: whois-contact@lacnic.net
OrgAbuseRef: http://whois.arin.net/rest/poc/LACNIC-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries

% LACNIC resource: whois.lacnic.net


% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2012-05-26 11:45:59 (BRT -03:00)

inetnum: 186.22/15
status: allocated
aut-num: N/A
owner: Telecentro S.A.
ownerid: AR-TESA26-LACNIC
responsible: Administrador de Direcciones IP
address: Coronel Apolinario Figueroa, 254,
address: C1414EDF - Buenos Aires - BA
country: AR
phone: +54 11 6380-9500 []
owner-c: FRH
tech-c: FRH
abuse-c: FRH
inetrev: 186.22/15
nserver: NS1.TELECENTRO.COM.AR
nsstat: 20120525 AA
nslastaa: 20120525
nserver: NS2.TELECENTRO.COM.AR
nsstat: 20120525 AA
nslastaa: 20120525
created: 20100805
changed: 20100805

nic-hdl: FRH
person: Administrador de IPs
e-mail: ipadmin@TELECENTRO.NET.AR
address: Coronel Apolinario Figueroa, 254,
address: C1414EDF - Buenos Aires -
country: AR
phone: +54 11 63809500 [0]
created: 20060731
changed: 20111206

% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 2 of 5
Bilbo0a
Novice

Re: Analysing my log

thanks for the fast reply.

what about the internet connected part. what does that mean?
Message 3 of 5
jmizoguchi
Virtuoso

Re: Analysing my log

that is your IP released from your ISP
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 4 of 5
Bilbo0a
Novice

Re: Analysing my log

thanks again for all the answers and this closes my case now.
Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 2889 views
  • 0 kudos
  • 2 in conversation
Announcements