Re: linksys wrt54g router seems to leak.
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: 10 Jul 2007 15:58:35 -0500
CJWertz@xxxxxxxxx writes:
This can probably be considered a newbie kind of question.
I have a linksys wrt54g broadband router (firmware version 3.03.6).
Right ow, I have wireless disabled because I don't need it.
Good.
I have firewall protection enabled. My knowledge about this is
limited, but my impression is that enabling the firewall prevents
unsolicited internet traffic from getting past the router into my home
network.
It's supposed to, yes.
I also have McAFee Personal Firewall Plus (v 7.1) running on this
PC. The firewall log tells me that McAFee is blocking occasional
connection attempts.
----------------------------------------------------------------------
Here are a some recent samples:
-- A computer at ichart1.finance.vip.re4.yahoo.com has attempted an
unsolicited connection to TCP port 1862 on your computer.
TCP port 1862 is commonly used by the "techra-server" service or
program.
Were you looking at yahoo finance at the time?
-- A computer at bs1b1.ads.vip.re2.yahoo.com has attempted an
unsolicited connection to TCP port 1859 on your computer.
--A computer at dl00053.lunarpages.com has attempted an unsolicited
connection to TCP port 1790 on your computer.
TCP port 1790 is commonly used by the "Narrative Media Streaming
Protocol" service or program.
--A computer at IP Address 64.95.25.214 has attempted an unsolicited
connection to TCP port 2925 on your computer.
TCP port 2925 is commonly used by the "Firewall Redundancy Protocol"
service or program.
------------------------------------------
Some of these appear benign enough; I can't figure some of them out.
My question is how and why do they get through the hardware firewall?
I've tried to research this, but have yet to find the right place to
look.
This doesn't look terribly good. :-\
For comparison, in my software firewall log, I see nothing but source
IP's from my LAN, localhost, and hosts on the network to which I VPN
(via software vpn client on my pc).
Turn your router over. What hardware version is it? v1/2/3/4/5?
Now, some older ones IIRC were simple packet filters where pushing
some packets past them was relatively easy--doing something useful
with them was harder though, complicated by the NAT issue. Later
models implemented stateful packet inspection which improved things
further. Now, are you using the default IP address range or did you
reassign it? Has your router been hacked-- if you login to its admin
interface, have hosts on your lan perhaps been added to the DMZ (hence
sitting right on the 'net)? There are vulnerabilities on those wrt54g
boxes out there and if you've never updated the firmware, you might
have been hit by the script kiddies. Cross site scripting attacks are
also possible agains the admin login interface, bypassing any security
and allowing router access.
Best Regards,
--
Todd H.
http://www.toddh.net/
.
- Follow-Ups:
- Re: linksys wrt54g router seems to leak.
- From: CJWertz
- Re: linksys wrt54g router seems to leak.
- References:
- linksys wrt54g router seems to leak.
- From: CJWertz
- linksys wrt54g router seems to leak.
- Prev by Date: linksys wrt54g router seems to leak.
- Next by Date: Re: Who so little corporate Vista adoption?
- Previous by thread: linksys wrt54g router seems to leak.
- Next by thread: Re: linksys wrt54g router seems to leak.
- Index(es):
Relevant Pages
|
