[Kristian]

Hello,

I'm not sure this is the correct place to ask, but asking it anyway.
I've been looking through my Internet settings for a solution for the fact that my internet connection keeps falling out, and I noticed this in the system log:

2010/03/12 21:25:50 : Blocked access attempt from 187.24.141.5
2010/03/12 21:25:49 : Blocked access attempt from 201.1.89.240
2010/03/12 21:25:48 : Blocked access attempt from 222.70.152.160
2010/03/12 21:25:48 : Blocked access attempt from 117.84.158.222
2010/03/12 21:25:48 : Blocked access attempt from 222.70.152.160
2010/03/12 21:25:47 : Blocked access attempt from 217.216.54.86
2010/03/12 21:25:47 : Blocked access attempt from 193.77.185.30
2010/03/12 21:25:46 : Blocked access attempt from 75.82.105.8
2010/03/12 21:25:44 : Blocked access attempt from 24.20.55.36
2010/03/12 21:25:43 : Blocked access attempt from 218.75.242.228
2010/03/12 21:25:43 : Blocked access attempt from 201.1.89.240
2010/03/12 21:25:43 : Blocked access attempt from 88.2.98.63
2010/03/12 21:25:42 : Blocked access attempt from 69.70.200.2
2010/03/12 21:25:42 : Blocked access attempt from 122.193.175.99
2010/03/12 21:25:41 : Blocked access attempt from 79.87.70.94
2010/03/12 21:25:41 : Blocked access attempt from 201.13.38.208

And it goed on, and on, and on... For every second of the day, every day of the week.

I traced a few of these IP's to places like Singapore, and I was quite curious why all these IP's are actually in there.

Any suggestions?

Kristian.

 

[losttsol]

You're getting attacked by a botnet.

 

[Kristian]

That doesn't sound pleasant. What do these botnets do, and how do I stop them doing this?

 

[losttsol]

It was a half joke, but could be possible. Change your computer's IP and see if it keeps happening.

A botnet is a collection of unknowingly compromised computers which perform various deviant acts upon other computers. Could be denial of service attacks, brute force attacks (like maybe they are doing on your computer), spamming, etc...

 

[FiX]

Ban their ip's. I cant trace them though, some router problem at my end. Prob firewall.

 

[Kristian]

Thought about blocking them, but as I said, they do around 3 a second, and for as far as I can see, the IP's aren't recurring.

Changed the IP, now waiting for the log to update to show me if it continues.

+rep for both =)

 

[Kristian]

Didn't work, the blocked attempts still continue.

 

[wutsup]

is this your router's log? or your software's firewall log?

this happened to me awhile ago and my internet would sometimes disconnect. my router had simliar logs, its just yoour firewall/router doings its job. its most likely your ISP is being crappy.

 

[Kristian]

Yes, it's the system log of my router from the internet settings. Well, it comforts me to see that I'm not the only one. I'll just leave it alone for now, might be something to investigate further the next time I call them up for tech support (sigh).

Thanks =)

 

[srsparky32]

yeah i installed malwarebytes full and had the same exact thing..i'd get popup baloons saying that it blocked this ip and it blocked that ip...its quite normal

 

[wutsup]

Quote:

Originally Posted by srsparky32 yeah i installed malwarebytes full and had the same exact thing..i'd get popup baloons saying that it blocked this ip and it blocked that ip...its quite normal

uhhhhh i dont think mbam is a firewall lol, it just blocks known bad IP addresses to prevent malware from getting on your computer. mbam is not a firewall

 

[Toonshorty]

Could be DoS attack, may explain the disconnection.

People gather a load of botnets to spam connect to a webserver until it crashes. The same could be happening here, a load of botnets crashing your internet connection till your router can't handle it.

Maybe or maybe not.

 

[Willage]

do you have a decent firewall and anti virus installed on your machines at home? if so i wouldn't worry to much about these attacks on your router, also make sure that the settings page has a password

 

[scottsee]

From that log it looks like a Spoofed IP attack. You may want to install HoneyBOT (or any other honeypot) and monitor what services are being scanned/attacked. You can also install Wireshark and capture that traffic to determine what those packets are doing. Whether trying to bypass a packet filter, just a DOS, etc.

Just a thought.

 

[SonyDSLR]

Hostname:201-1-89-240.dsl.telesp.net.br
ISP:TELECOMUNICACOES DE SAO PAULO S.A. - TELESP
Organization:TELECOMUNICACOES DE SAO PAULO S.A. - TELESP
Proxy:None detected
Type:Broadband
Assignmentynamic IP
Blacklist:

Geo-Location Information

Country:Brazil
State/Region:Sao Paulo
City:São Paulo
Latitude:-23.5333
Longitude:-46.6167
Area Code:

 

[lurkingdevil]

Empty the logs and then disconnect your pc from the router. Then wait a few minutes and then connect your pc and check the logs. Check for logs of the time when your pc was disconnected. If you don't see those blocked IPs this time then it maybe something your pc initiating the connection.