Re: how tell a hacking attempt?

From: David (davidwnh@adelphia.net)
Date: 11/24/02 

From: "David" <davidwnh@adelphia.net>
Date: Sun, 24 Nov 2002 05:28:02 GMT

Unfortunately you can't always tell whether the incoming traffic was allowed
or blocked just by looking at it. Most unwanted incoming is blocked if your
router is set up to do so. If you compare your outgoing log with the
incoming log you can however discern much of the incoming that is a response
to your own requests. Much of the normal return traffic doesn't show,
however dynamically allocated port usage seems to show. I don't know if this
is the way it is supposed to be and may or may not be a result of flaws in
the SPI function?

All in all the incoming access log seems to be relatively useless. You can
discern certain activity from it particularly, worms and script kiddies. It
does generally take another IDS tool, logging program, or indication at
least to determine if something bad has happened. For the most part just be
sure you have your router set up to block all the traffic you don't want and
stay aware of the vulnerabilities that surface so you can upgrade the
firmware when possible.

I personally disabled remote logging on my router since there is a flaw
inherent in the protocol that it uses. Nothing particularly nasty so don't
let this statement scare you. There is also a flaw in Wallwatcher so be sure
you either disable NetBios and block port 137 outbound, or disable dns
lookups within Wallwatcher.

"cheryltj" <chery@hotmail.NET> wrote in message
news:esND9.14847$Rq5.11351@news2.central.cox.net...
> I installed Wallwatcher and it displays all the in and outs of the
> Linksys router i have on my home network.
>
> How can I tell if an access is valid or an unwanted attempt to access
> my home network?
>
> Most of the sites I can tell are related to stuff I have going but
> some of the names are totally unknown to me. How can I tell whats bad
> and whats not when viewing the log output by Linksys router?
>
> thank you
>
>

Relevant Pages

  • problem with router---NAT and caching?
    ... address of a particular machine if that is what is behind the router). ... machine with another IP address and told the router to forward incoming ... any port---EXCEPT that remote applications can't display locally. ... I had a similar problem---everything except port 6000 worked ...
    (comp.os.vms)
  • Lost incoming mail
    ... I cannot receive incoming mail. ... I added a 2nd NIC (still behind the router) and used CEICW to set ip ... I discovered I was not receiving any incoming email (probably ... I tied to telnet into port 25 with no success. ...
    (microsoft.public.windows.server.sbs)
  • Re: Boo - NetMeeting
    ... >> the Requests to the PC (Laptop or DeskTop) that can answer them. ... How would the Router (which is the bit that is actually Connected ... to the Internet) know *which* of the ... Machines on the *Internal* Network the Incoming thing is destined for? ...
    (uk.people.silversurfers)
  • Re: Net Meeting and Ports
    ... I thought he said that he had used NetMeeting with you & that you could ... Have you Set up the Firewall (Port Forwarding0 thing in your Router OK? ... I can't see any way that anybody could ever *Receive* an Incoming Call ... Request to their NetMeeting, when there's a Router between them & the ...
    (uk.people.silversurfers)