(The quickest way to register)

Forum

Dear visitor! The webpage is only available in English. We're sorry for the inconvenience.
  1. User picture
    • catweezl on Mon 28 Sep 2009
    • 11:47:52 PM UTC

    Security Alerts coming from my router

    I have set my router up to notify me of any security alerts and since doing so i am being emailed these every couple of days:
    I have left out the destination details as I know it is coming to me lol.........

    Can someone give me a bit of a run down on who and what and why I am getting these and should I be worried????

    TCP Packet - Source:88.235.137.127,4367 Destination: .............- [DOS]
    TCP Packet - Source:88.252.248.150,4653 Destination:.............. - [DOS]
    TCP Packet - Source:81.213.115.112,3373 Destination: ............[DOS]
    TCP Packet - Source:85.96.191.3,4051 Destination:.............. [DOS]
    TCP Packet - Source:88.252.8.12,3824 Destination: ..........[DOS]
    UDP Packet - Source:83.26.184.243,43605 Destination:........ - [DOS]
    TCP Packet - Source:88.252.205.137,2795 Destination:[...........DOS]

    many thanks
    cat!!

Comments:

  2. User picture
    • jpvip on Mon 28 Sep 2009
    • 11:57:53 PM UTC

    Did a check...

    At least one of those, if not all, are from Turkey. Are you from Turkey?

    ~DragonMaster Jay, malware researcher,
    Admin, helpmyos.com
    • User picture
      • catweezl on Tue 29 Sep 2009
      • 01:08:28 AM UTC

      Re: from Turkey

      Hi jpvip,

      No not from Turkey, Australia....

      Regards
      cat
  3. User picture
    • jpvip on Tue 29 Sep 2009
    • 01:46:16 AM UTC

    ...

    There may be attacks launched from Turkey to your computer.

    ~DragonMaster Jay, malware researcher,
    Admin, helpmyos.com
  4. User picture
    • catweezl on Tue 29 Sep 2009
    • 03:10:40 AM UTC

    Re....

    anything I can do or should do????

    regards
    cat
  5. User picture
    • jpvip on Tue 29 Sep 2009
    • 05:28:45 AM UTC

    ...

    Those just seem like notifications that the traffic was blocked. No reason for panic. It is what a firewall is used for. ;)

    ~DragonMaster Jay, malware researcher,
    Admin, helpmyos.com
  6. User picture
    • demonluo on Tue 29 Sep 2009
    • 08:55:15 PM UTC

    u may want to try

    u may want to try peerguardian, it allow u to block whatever IP u want...
    http://phoenixlabs.org/pg2/

    if u want IP blocklist, get it here...
    http://iblocklist.com/lists.php
  7. User picture
    • amishrabbit on Tue 29 Sep 2009
    • 09:12:42 PM UTC

    Consider submitting your logs to DShield

    If your router supports it, you can just automatically feed this information into a system which correlates attack sources.

    Read up on it here:

    http://isc.sans.org/howto.html
  8. User picture
    • g7w on Wed 30 Sep 2009
    • 03:35:05 AM UTC

    @ catweezl

    Follow amishrabbit's link.

    You may also be interested in www.autoshun.org

    For now, rated RED
    PHISH
    DShield attack
    88.235.137.127
    88.252.248.150
    81.213.115.112
    85.96.191.3
    88.252.8.12
    83.26.184.243
    88.252.205.137

    Notice one is from Poland (pl) the rest are from Turkey (tr)

    More on the IP's:

    88.235.137.127
    route: 88.235.128.0/17
    descr: TurkTelecom
    origin: AS9121
    mnt-by: AS9121-MNT

    LISTED IN BLACKLIST!
    b.barracudacentral.org
    dnsbl-2.uceprotect.net
    dnsbl-3.uceprotect.net

    88.252.248.150
    route: 88.252.128.0/17
    descr: TurkTelecom
    origin: AS9121
    mnt-by: AS9121-MNT

    LISTED IN BLACKLIST!
    12 days, threat score 15, suspicious
    Project Honeypot
    b.barracudacentral.org
    dnsbl.sorbs.net
    web.dnsbl.sorbs.net
    dnsbl-2.uceprotect.net
    dnsbl-3.uceprotect.net

    81.213.115.112
    canonical name dsl.dynamic81213115112.ttnet.net.tr.
    route: 81.213.0.0/16
    descr: TurkTelecom
    origin: AS9121
    mnt-by: AS9121-MNT

    LISTED IN BLACKLIST!
    b.barracudacentral.org
    dnsbl.sorbs.net
    dul.dnsbl.sorbs.net
    dnsbl-2.uceprotect.net
    dnsbl-3.uceprotect.net
    no-more-funn.moensted.dk

    85.96.191.3
    canonical name dsl.static85961913.ttnet.net.tr.
    route: 85.96.128.0/17
    descr: TurkTelecom
    origin: AS9121
    mnt-by: AS9121-MNT

    LISTED IN BLACKLIST!
    dnsbl-2.uceprotect.net
    dnsbl-3.uceprotect.net
    no-more-funn.moensted.dk

    88.252.8.12
    route: 88.252.0.0/16
    descr: TurkTelekom
    origin: AS9121
    mnt-by: AS9121-MNT

    LISTED IN BLACKLIST!
    27 days, threat score 10, suspicious
    Project Honeypot
    b.barracudacentral.org
    dnsbl-2.uceprotect.net
    dnsbl-3.uceprotect.net

    83.26.184.243
    canonical name aqy243.neoplus.adsl.tpnet.pl.
    route: 83.24.0.0/13
    descr: TPNET
    descr: for abuse: abuse@tpnet.pl
    origin: AS5617
    mnt-by: AS5617-MNT

    LISTED IN BLACKLIST!
    2 days, threat score 2, suspicious
    Project Honeypot
    b.barracudacentral.org
    xbl.spamhaus.org
    dnsbl.sorbs.net
    dul.dnsbl.sorbs.net
    cbl.abuseat.org
    dnsbl-2.uceprotect.net
    dnsbl-3.uceprotect.net
    no-more-funn.moensted.dk
    sbl-xbl.spamhaus.org

    88.252.205.137
    route: 88.252.128.0/17
    descr: TurkTelecom
    origin: AS9121
    mnt-by: AS9121-MNT

    LISTED IN BLACKLIST!
    6 days, threat score 4, suspicious
    Project Honeypot
    b.barracudacentral.org
    dnsbl-2.uceprotect.net
    dnsbl-3.uceprotect.net

    -------
    WOT Services Ltd. - gives us safety through Web of Trust.
    WOT Community - gives us security through unity.
    Thank you all
    - G7W
  9. User picture
    • catweezl on Wed 30 Sep 2009
    • 01:31:54 PM UTC

    ...

    Thank for the info Guys,

    regrads
    Cat