Re: What does "unallowed access" mean in a router log?



On Mon, 04 Sep 2006 13:37:14 +0000, Henrich wrote:

Hello, all.

I am trying to decipher the following three lines from recent router logs
of mine:

Thu Aug 31 10:31:35 2006 Unallowed access from 210.13.41.1:7799 to
192.168.1.151:22 protocol=6 rule=-1 Sun Sep 03 07:32:17
2006 Unallowed access from 88.116.151.228:35273 to 192.168.1.151:22
protocol=6 rule=-1 Sun Sep 03 07:32:20 2006 Unallowed access from
88.116.151.228:35273 to 192.168.1.151:22 protocol=6 rule=-1

Do these lines mean someone was able to get through my router on Port
22, or not?

Also, any idea what "protocol=6 rule=-1" means? Protocol 6 is TCP.

Thank you.

Someone tried to access your PC with ssh (port 22)
I don't think that they got to the PC.
You would have to look in the router manual what rule=-1 means.

That is about all i can tell without knowing what router model and
software you have. (Even then i would have to try to find a manual ...)

Do you have a computer on your network with the address 192.168.1.151 ?
If so; is that computer running Linux or *BSD? --> Check the logs on that
PC!
Is that computer running Windows? Firewall enabled? Good!

If you don't have a computer at that address: no damage done!

But most probaly that action got blocked in the router.

Rudy


.



Relevant Pages

  • Re: How to see ALL wireless devices in range?
    ... Blocked Port 25 on the router and set all email to go port 587 ... Set router logs on. ... My router logs are not helped by the fact that every time the internet ...
    (alt.internet.wireless)
  • Re: Using Remote Desktop From an SBS Domain
    ... when you tried to RDP while attached directly to a port on your router? ... So if 3389 needs forwarded on the client end too then that is what the ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)
  • Re: Cost of setting up a network
    ... A router capable of acting as a VPN endpoint for more than one user simultaneously with four Ethernet ports or a switch to suit. ... The rationale for using a server here is basically that the router doesn't need to be able to decide which PC to route the connection to. ... If you are using a router which supports it, you can set up a port-forwarding inbound rule which also _translates_ the port supplied to the receiving port. ... You can use several of these connections to different machines simultaneously. ...
    (uk.comp.homebuilt)
  • How did they get behind my NAT?
    ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ... client connection using local port number 5900 (which was also being ...
    (alt.computer.security)
  • Re: Connecting to Home Computer
    ... cannot transmit IP packets outside the local network). ... assigned by your router. ... You have to add the port too, ... Determine the ports (pcAnywhere uses 5631 for DATA, 5632 for STATUS, I ...
    (microsoft.public.windowsxp.work_remotely)