Frewall log query.

My Draytek 2800 router blocked the following yesterday.

134Apr 27 19:20:34VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:20:36VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:20:38VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:20:42VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:20:50VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:21:07VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:21:39VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:21:55VigorP2P Block(eDonkey) wan 84.222.193.211,1755 ->
87.113.12.243,2832 PR 6 len 20 46
134Apr 27 19:22:00VigorP2P Block(eDonkey) wan 82.25.90.81,4661 ->
87.113.12.243,2920 PR 6 len 20 46
134Apr 27 19:22:04VigorP2P Block(eDonkey) wan 82.25.90.81,4661 ->
87.113.12.243,2920 PR 6 len 20 46
134Apr 27 19:22:07VigorP2P Block(eDonkey) wan 86.3.23.100,4662 ->
87.113.12.243,2900 PR 6 len 20 46
134Apr 27 19:22:13VigorP2P Block(eDonkey) wan 82.25.90.81,4661 ->
87.113.12.243,2920 PR 6 len 20 46
134Apr 27 19:22:43VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:23:04VigorP2P Block(eDonkey) wan 82.25.90.81,4661 ->
87.113.12.243,2920 PR 6 len 20 46
134Apr 27 19:23:47VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:24:33VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:24:34VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:24:35VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:24:36VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:24:40VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:24:47VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:24:51VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:25:01VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:25:28VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:25:55VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:26:23VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:26:59VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:28:03VigorIM Block(Yahoo messenger) wan
216.155.193.129,23 -> 87.113.12.243,2122 PR 6 len 20 60
134Apr 27 19:28:14VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:30:14VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:32:15VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:34:14VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:36:14VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:38:15VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54
134Apr 27 19:40:14VigorP2P Block(eDonkey) wan 80.239.200.103,3000 ->
87.113.12.243,2155 PR 6 len 20 54

Can anyone suggest what caused this? I assume it is some form of attempt to
compromise my machine. I don't use P2P or Yahoo messenger. ANy suggestions
as to the appropriate course of action would be welcome. TIA

--
Peter Crosland




Peter Crosland

"Peter Crosland" <(E-Mail Removed)> wrote in message
news:445230fe$0$9269$(E-Mail Removed)...
> My Draytek 2800 router blocked the following yesterday.
>
> Can anyone suggest what caused this? I assume it is some form of attempt
> to compromise my machine. I don't use P2P or Yahoo messenger. ANy
> suggestions as to the appropriate course of action would be welcome. TIA
>
> --
> Peter Crosland
>
If you use an ISP with dynamic IP allocation it can happen once the previous
user has had certain programs running. Once you have been allocated their
old IP address the other systems don't seem to know you are a different
user. So they still try to resume or connect again if that particulr IP
number is stored on another computer as one holding certain programs or
pictures. It will eventually give up.
At least the router works.
If you have a static IP then someone has put your IP number in to attempt a
direct connection.
Get a decent firewall installed.

>> My Draytek 2800 router blocked the following yesterday.
>>
>> Can anyone suggest what caused this? I assume it is some form of attempt
>> to compromise my machine. I don't use P2P or Yahoo messenger. ANy
>> suggestions as to the appropriate course of action would be welcome. TIA
>>
> If you use an ISP with dynamic IP allocation it can happen once the
> previous user has had certain programs running. Once you have been
> allocated their old IP address the other systems don't seem to know you
> are a different user. So they still try to resume or connect again if
> that particulr IP number is stored on another computer as one holding
> certain programs or pictures. It will eventually give up.
> At least the router works.
> If you have a static IP then someone has put your IP number in to attempt
> a direct connection.
> Get a decent firewall installed.


Thanks for that. Surely the fact that the router's firewall rejected the it
means it works. Or have I missed something? I also run a software firewall
but it never reached that.

Peter Crosland

Peter Crosland wrote:
>>>My Draytek 2800 router blocked the following yesterday.
>>>
>>>Can anyone suggest what caused this? I assume it is some form of attempt
>>>to compromise my machine. I don't use P2P or Yahoo messenger. ANy
>>>suggestions as to the appropriate course of action would be welcome. TIA
>>>
>>
>>If you use an ISP with dynamic IP allocation it can happen once the
>>previous user has had certain programs running. Once you have been
>>allocated their old IP address the other systems don't seem to know you
>>are a different user. So they still try to resume or connect again if
>>that particulr IP number is stored on another computer as one holding
>>certain programs or pictures. It will eventually give up.
>>At least the router works.
>>If you have a static IP then someone has put your IP number in to attempt
>>a direct connection.
>>Get a decent firewall installed.
>
>
>
> Thanks for that. Surely the fact that the router's firewall rejected the it
> means it works. Or have I missed something? I also run a software firewall
> but it never reached that.
>
> Peter Crosland
>
>

Should be OK - I am also on a dynamic IP, but don't log detail - which
is just as well as I got 72000 the other day :-)

Andy.

In article <95u4g.1715$(E-Mail Removed)>, (E-Mail Removed)
says...
> Get a decent firewall installed.

Ummm..! The draytek's use IPFILTER - which is *the* (well, until a
recent release of iptables) definitive firewall!

Don't talk about subjects you clearly know precious little about.

Could it be that you have firewall blocking P2P and IM services? This
is quite useful and is under
the firewall settings