Security Alert - Netgear Router

Hi all

Can anyone explain what this means please?

UDP Packet - Source:69.23.133.44,6881
Destination:83.100.203.196,18913 - [DOS]
UDP Packet - Source:69.23.133.44,6881
Destination:83.100.203.196,18913 - [DOS]
UDP Packet - Source:222.90.114.253,6652
Destination:83.100.224.133,42284 - [DOS]


These alerts have been sent from my netgear DG834 router to my email address
(guess I must have configured this at some point).
Does this mean outgoing or incoming activity?

TIA

Phil

TheScullster wrote:
> Hi all
>
> Can anyone explain what this means please?
>
> UDP Packet - Source:69.23.133.44,6881
> Destination:83.100.203.196,18913 - [DOS]
> UDP Packet - Source:69.23.133.44,6881
> Destination:83.100.203.196,18913 - [DOS]
> UDP Packet - Source:222.90.114.253,6652
> Destination:83.100.224.133,42284 - [DOS]
>
>
> These alerts have been sent from my netgear DG834 router to my email address
> (guess I must have configured this at some point).
> Does this mean outgoing or incoming activity?

It means that a lot of packets have been sent from the source IP
69.23.133.44 to the destination IP. The number behind each IP is the
relevant port number. Only you can tell what IP addresses you were using
at the time on your router and in your LAN. You haven't mentioned the
timestamp, but I suspect your router had the IP address 83.100.203.196
the first two times, and the third entry is after a change of IP on your
router to 83.100.224.133. The destination IP addresses belong to an ISP
called Karoo, 69.23.133.44 belongs to rr.com in the US, and
222.90.114.253 is somewhere in China.

Regards,
Gunde

"TheScullster" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed). uk...
> Hi all
>
> Can anyone explain what this means please?
>
> UDP Packet - Source:69.23.133.44,6881
> Destination:83.100.203.196,18913 - [DOS]
> UDP Packet - Source:69.23.133.44,6881
> Destination:83.100.203.196,18913 - [DOS]
> UDP Packet - Source:222.90.114.253,6652
> Destination:83.100.224.133,42284 - [DOS]
>
>
> These alerts have been sent from my netgear DG834 router to my email
> address (guess I must have configured this at some point).
> Does this mean outgoing or incoming activity?
>
> TIA
>
> Phil


Do you use torrent?

"Gundemarie Scholz" wrote

>> Can anyone explain what this means please?
>>
>> UDP Packet - Source:69.23.133.44,6881
>> Destination:83.100.203.196,18913 - [DOS]
>> UDP Packet - Source:69.23.133.44,6881
>> Destination:83.100.203.196,18913 - [DOS]
>> UDP Packet - Source:222.90.114.253,6652
>> Destination:83.100.224.133,42284 - [DOS]
>>
>>
>> These alerts have been sent from my netgear DG834 router to my email
>> address
>> (guess I must have configured this at some point).
>> Does this mean outgoing or incoming activity?
>
> It means that a lot of packets have been sent from the source IP
> 69.23.133.44 to the destination IP. The number behind each IP is the
> relevant port number. Only you can tell what IP addresses you were using
> at the time on your router and in your LAN. You haven't mentioned the
> timestamp, but I suspect your router had the IP address 83.100.203.196
> the first two times, and the third entry is after a change of IP on your
> router to 83.100.224.133. The destination IP addresses belong to an ISP
> called Karoo, 69.23.133.44 belongs to rr.com in the US, and
> 222.90.114.253 is somewhere in China.
>

Thanks Gunde

Can you clarify the above for me further please.....
My ISP is Karoo, so it looks like your assumption is correct and the
83.100... IP relates to my router.
Also, I rebooted my router recently which may explain the changing IP - do
the ISPs allocate different IPs to re-connecting routers (like in DHCP)?

If lots of packets have been sent to my router, what's happened to them?
Is this alert simply reporting that the firewall has blocked them?

Thanks again

Phil

TheScullster wrote:
> "Gundemarie Scholz" wrote
>
>>> Can anyone explain what this means please?
>>>
>>> UDP Packet - Source:69.23.133.44,6881
>>> Destination:83.100.203.196,18913 - [DOS]
>>> UDP Packet - Source:69.23.133.44,6881
>>> Destination:83.100.203.196,18913 - [DOS]
>>> UDP Packet - Source:222.90.114.253,6652
>>> Destination:83.100.224.133,42284 - [DOS]
>>>
>>>
>>> These alerts have been sent from my netgear DG834 router to my
>>> email address
>>> (guess I must have configured this at some point).
>>> Does this mean outgoing or incoming activity?
>>
>> It means that a lot of packets have been sent from the source IP
>> 69.23.133.44 to the destination IP. The number behind each IP is
>> the relevant port number. Only you can tell what IP addresses you
>> were using at the time on your router and in your LAN. You haven't
>> mentioned the timestamp, but I suspect your router had the IP
>> address 83.100.203.196 the first two times, and the third entry is
>> after a change of IP on your router to 83.100.224.133. The
>> destination IP addresses belong to an ISP called Karoo,
>> 69.23.133.44 belongs to rr.com in the US, and 222.90.114.253 is
>> somewhere in China.
>
> Thanks Gunde
>
> Can you clarify the above for me further please.....
> My ISP is Karoo, so it looks like your assumption is correct and the
> 83.100... IP relates to my router.
> Also, I rebooted my router recently which may explain the changing
> IP - do the ISPs allocate different IPs to re-connecting routers
> (like in DHCP)?
> If lots of packets have been sent to my router, what's happened to
> them? Is this alert simply reporting that the firewall has blocked
> them?
> Thanks again
>
> Phil

From days of old when I had a Netgear I seem to remember that if it
saw any traffic it couldn't recognise it immediately slapped a DOS
flag on it, even when you had rules allowing the traffic

As for your external IP changing. Yes if you are being allocated a
dynamic IP then you have a good chance of it changing each time you
reboot your router, any packets in the system heading to your old
address will basically be lost but I wouldn't worry about it, just
don't reboot your router half way through a download, that's all.

(E-Mail Removed) declared for all the world to hear...
> Hi all
>
> Can anyone explain what this means please?
>
> UDP Packet - Source:69.23.133.44,6881
> Destination:83.100.203.196,18913 - [DOS]
> UDP Packet - Source:69.23.133.44,6881
> Destination:83.100.203.196,18913 - [DOS]
> UDP Packet - Source:222.90.114.253,6652
> Destination:83.100.224.133,42284 - [DOS]
>
>
> These alerts have been sent from my netgear DG834 router to my email address
> (guess I must have configured this at some point).
> Does this mean outgoing or incoming activity?

Incoming.

Nothing to worry about, just standard background hacker probes.

Don't let your router email you every time this happens, you'll fill
your inbox very quickly.
--
Regards
Jon

(E-Mail Removed) declared for all the world to hear...
> Also, I rebooted my router recently which may explain the changing IP - do
> the ISPs allocate different IPs to re-connecting routers (like in DHCP)?

Typically you have to pay for a fixed IP, the vast majority of consumer
broadband products use DHCP.

> If lots of packets have been sent to my router, what's happened to them?

Hopefully your router has dropped them silently (without responding to
the source).

> Is this alert simply reporting that the firewall has blocked them?

Yes.
--
Regards
Jon

Thanks to all respondents!!

My mind has now been suitably put at rest.

Phil