Router logs

From: deja@xxxxxxxxxxxx
Date: 2 Sep 2006 08:35:21 -0700

Let me start by saying I know nothing about firewalls and ports.
However I have just started looking at the router logs on my wireless
network. And I'm a little worried. For example I seem to be getting
masses of Access Frowards from an almost sequential list of ports i.e:

116|09/02/2006 15:24:28 |192.168.1.34:1591 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
117|09/02/2006 15:24:28 |192.168.1.34:1589 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
118|09/02/2006 15:24:28 |192.168.1.34:1587 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
119|09/02/2006 15:24:28 |192.168.1.34:1585 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
120|09/02/2006 15:24:27 |192.168.1.34:1583 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
121|09/02/2006 15:24:27 |192.168.1.34:1581 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
122|09/02/2006 15:24:27 |192.168.1.34:1579 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
123|09/02/2006 15:24:27 |192.168.1.34:1577 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
125|09/02/2006 15:24:27 |192.168.1.34:1575 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
126|09/02/2006 15:24:26 |192.168.1.34:1573 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
127|09/02/2006 15:24:26 |192.168.1.34:1571 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)
128|09/02/2006 15:24:26 |192.168.1.34:1569 |69.16.237.154:80
|ACCESS FORWARD
Firewall default policy: TCP (L to W)

To my untrained eye, it seems odd that this access just goes through
all the available ports (I have many more logs - it seemed to start
with port 1028 and goes up to 4999 before starting again). This is
keeping the router busy all the time with up to 10 accesses per minute
solidly throughout the day. Is this normal? Some of the destination ips
seem to be expected (Google etc) others just point mysteriously at
RIPE.NET or LIQUIDWEB.COM which we haven't knowingly visited but maybe
they are adverts or something?

Am I worrying unncessarily?

thanks for any advice

.

Follow-Ups:
- Re: Router logs
  - From: maybenot
- Re: Router logs
  - From: Moe Trin

Prev by Date: Re: Zone Alarm (free addition) and Netscape dialup accelerater.
Next by Date: Re: Decision Between Zone Alarm or McAfee
Previous by thread: Re: Decision Between Zone Alarm or McAfee
Next by thread: Re: Router logs
Index(es):
- Date
- Thread

Relevant Pages

RE: IM Programs
... want to block these ports. ... you don't need an explicit deny for the other ports. ... Access-list 101 deny any tcp any any eq 5000 ... >Now, when applying these to your firewall, make sure the number ...
(Security-Basics)
Re: Windows Firewall on Domain Controllers
... confgured for all the AD ports and you do some voodoo with RPC ports. ... Don't use firewall on a DC, use a diferent machine, if you can don't join ... Global Catalog Server TCP 3269 ...
(microsoft.public.windows.server.active_directory)
Re: Windows Firewall on Domain Controllers
... Are you talking about Windows 2003 or Windows XP? ... confgured for all the AD ports and you do some voodoo with RPC ports. ... Don't use firewall on a DC, use a diferent machine, if you can don't join ... Global Catalog Server TCP 3269 ...
(microsoft.public.windows.server.active_directory)
Re: R2 DFS Replication failing
... No don't open that range of ports. ... Try disabling the firewall and see if you are still getting this error, ... Microsoft MVP: Windows Server ... NetBIOS Session Service TCP 139 ...
(microsoft.public.windows.server.general)
Re: Group Policy Results Wizard and XP SP2
... The first and easiest is to simply enable the following policy on the target ... Profile|Windows Firewall: Allow Remote Administration ... level ports>1023, which are also used by RPC. ...
(microsoft.public.windows.group_policy)