Networking Forums  

Go Back   Networking Forums > Networking Newsgroups > Broadband Hardware
Reload this Page More MN-500 strangeness

More MN-500 strangeness

Reply
 
Thread Tools Display Modes
  #1  
Old 01-28-2004, 02:45 PM
Default More MN-500 strangeness


Hi All,

Last night I went to log into the BMT and was denied, saying that someone
was already logged in from 60.189.86.0, which, of course, is not an IP on my
network. According to Whois the IP belongs to a company in Australia. (I
know, IPs can be spoofed)

I thought this sort of thing wasn't possible.

On the wireless side I have 128 WEB encryption enabled, using a key that was
randomly generated.

There is at least one other wireless networn in my neighborhood (the
broadcast their SID). Which bring up the question, I know I can tell if is
on my router if someone grabs an IP using DHCP,but what if they are using a
static IP, is there any way to tell who is connected to my router?

Is it possible there is a backdoor through the firewall that MS isn't
telling us about?

As always, any insight/thoughts are greatly appreciated.

Brian W







Brian W
Reply With Quote
  #2  
Old 01-28-2004, 02:57 PM
Barb Bowman \(MVP-Windows\)
Guest
  
Posts: n/a
Default Re: More MN-500 strangeness
are you using the default 192.168.2.x IP range or did you change it to
something else? can you post the base station log here as a reply?

Brian W wrote:
> Hi All,
>
> Last night I went to log into the BMT and was denied, saying that
> someone was already logged in from 60.189.86.0, which, of course, is
> not an IP on my network. According to Whois the IP belongs to a
> company in Australia. (I know, IPs can be spoofed)
>
> I thought this sort of thing wasn't possible.
>
> On the wireless side I have 128 WEB encryption enabled, using a key
> that was randomly generated.
>
> There is at least one other wireless networn in my neighborhood (the
> broadcast their SID). Which bring up the question, I know I can tell
> if is on my router if someone grabs an IP using DHCP,but what if they
> are using a static IP, is there any way to tell who is connected to
> my router?
>
> Is it possible there is a backdoor through the firewall that MS isn't
> telling us about?
>
> As always, any insight/thoughts are greatly appreciated.
>
> Brian W


--
Barb Bowman
Expert Zone Columnist
http://www.microsoft.com/windowsxp/expertzone
MS-MVP (Windows)


Reply With Quote
  #3  
Old 01-28-2004, 03:42 PM
Brian W
Guest
  
Posts: n/a
Default Re: More MN-500 strangeness
WOW, That was fast!

Yes, I am using the default IP range.

The log is pasted below log but I know it doesn't show anything. The only
way I was able to log on to the BMT last night was to pull the plug (and if
someone was logged in to my basestation, I wanted them off ASAP) which for
some reason, reset the log, because the only entries were for the PPPoE
reconnecting, reassigning IP's etc, etc. Not to mention all the blocked
connect attempts I get, fills the log pretty fast.

Currently there are no DHCP assigned addresses that I can't account for.


Thanks
Brian W



2004/01/28 06:38:52 DeletePortMapping: ExternalPort:32748, TCP
2004/01/28 06:41:01 AddPortMapping: ExternalPort:41198, UDP,
InternalPort:11281, InternalClient:192.168.2.25
2004/01/28 06:41:01 AddPortMapping: ExternalPort:58859, TCP,
InternalPort:10580, InternalClient:192.168.2.25
2004/01/28 06:41:02 DeletePortMapping: ExternalPort:41198, UDP
2004/01/28 06:41:02 DeletePortMapping: ExternalPort:58859, TCP
2004/01/28 06:43:02 AddPortMapping: ExternalPort:51444, UDP,
InternalPort:13945, InternalClient:192.168.2.25
2004/01/28 06:43:03 AddPortMapping: ExternalPort:6112, TCP,
InternalPort:8870, InternalClient:192.168.2.25
2004/01/28 06:43:03 DeletePortMapping: ExternalPort:51444, UDP
2004/01/28 06:43:03 DeletePortMapping: ExternalPort:6112, TCP
2004/01/28 06:45:03 AddPortMapping: ExternalPort:4600, UDP,
InternalPort:15008, InternalClient:192.168.2.25
2004/01/28 06:45:03 AddPortMapping: ExternalPort:27132, TCP,
InternalPort:16088, InternalClient:192.168.2.25
2004/01/28 06:45:03 DeletePortMapping: ExternalPort:4600, UDP
2004/01/28 06:45:03 DeletePortMapping: ExternalPort:27132, TCP
2004/01/28 06:47:12 AddPortMapping: ExternalPort:31725, UDP,
InternalPort:12234, InternalClient:192.168.2.25
2004/01/28 06:47:13 AddPortMapping: ExternalPort:12007, TCP,
InternalPort:9631, InternalClient:192.168.2.25
2004/01/28 06:47:13 DeletePortMapping: ExternalPort:31725, UDP
2004/01/28 06:47:13 DeletePortMapping: ExternalPort:12007, TCP
2004/01/28 06:49:14 AddPortMapping: ExternalPort:44024, UDP,
InternalPort:14874, InternalClient:192.168.2.25
2004/01/28 06:49:14 AddPortMapping: ExternalPort:23528, TCP,
InternalPort:10986, InternalClient:192.168.2.25
2004/01/28 06:49:14 DeletePortMapping: ExternalPort:44024, UDP
2004/01/28 06:49:14 DeletePortMapping: ExternalPort:23528, TCP
2004/01/28 06:51:15 AddPortMapping: ExternalPort:10979, UDP,
InternalPort:8603, InternalClient:192.168.2.25
2004/01/28 06:51:15 AddPortMapping: ExternalPort:6617, TCP,
InternalPort:7080, InternalClient:192.168.2.25
2004/01/28 06:51:16 DeletePortMapping: ExternalPort:10979, UDP
2004/01/28 06:51:16 DeletePortMapping: ExternalPort:6617, TCP
2004/01/28 06:51:30 Connection attempt to base station from WAN blocked --
src:<217.82.37.216:1329> dst:<63.196.188.70:137>
2004/01/28 06:53:25 AddPortMapping: ExternalPort:37625, UDP,
InternalPort:15139, InternalClient:192.168.2.25
2004/01/28 06:53:25 AddPortMapping: ExternalPort:58754, TCP,
InternalPort:16468, InternalClient:192.168.2.25
2004/01/28 06:53:25 DeletePortMapping: ExternalPort:37625, UDP
2004/01/28 06:53:25 DeletePortMapping: ExternalPort:58754, TCP
2004/01/28 06:55:26 AddPortMapping: ExternalPort:29151, UDP,
InternalPort:7616, InternalClient:192.168.2.25
2004/01/28 06:55:26 AddPortMapping: ExternalPort:54011, TCP,
InternalPort:14691, InternalClient:192.168.2.25
2004/01/28 06:55:26 DeletePortMapping: ExternalPort:29151, UDP
2004/01/28 06:55:26 DeletePortMapping: ExternalPort:54011, TCP
2004/01/28 06:55:33 Client filtering settings blocked connection from IP
address <63.199.102.107>
2004/01/28 06:56:29 Address 192.168.2.34 was assigned to client
1:0x00010323036b
2004/01/28 06:57:26 Address 192.168.2.25 was assigned to client
1:0x0050f274a976
2004/01/28 06:57:27 AddPortMapping: ExternalPort:2782, UDP,
InternalPort:7355, InternalClient:192.168.2.25
2004/01/28 06:57:27 AddPortMapping: ExternalPort:57582, TCP,
InternalPort:11345, InternalClient:192.168.2.25
2004/01/28 06:57:27 DeletePortMapping: ExternalPort:2782, UDP
2004/01/28 06:57:27 DeletePortMapping: ExternalPort:57582, TCP
2004/01/28 06:59:36 AddPortMapping: ExternalPort:48637, UDP,
InternalPort:16140, InternalClient:192.168.2.25
2004/01/28 06:59:36 AddPortMapping: ExternalPort:35071, TCP,
InternalPort:15673, InternalClient:192.168.2.25
2004/01/28 06:59:36 DeletePortMapping: ExternalPort:48637, UDP
2004/01/28 06:59:36 DeletePortMapping: ExternalPort:35071, TCP
2004/01/28 07:01:37 AddPortMapping: ExternalPort:52707, UDP,
InternalPort:8572, InternalClient:192.168.2.25
2004/01/28 07:01:37 AddPortMapping: ExternalPort:11258, TCP,
InternalPort:14490, InternalClient:192.168.2.25
2004/01/28 07:01:37 DeletePortMapping: ExternalPort:52707, UDP
2004/01/28 07:01:37 DeletePortMapping: ExternalPort:11258, TCP
2004/01/28 07:03:38 AddPortMapping: ExternalPort:34786, UDP,
InternalPort:8246, InternalClient:192.168.2.25
2004/01/28 07:03:38 AddPortMapping: ExternalPort:29182, TCP,
InternalPort:15552, InternalClient:192.168.2.25
2004/01/28 07:03:38 DeletePortMapping: ExternalPort:34786, UDP
2004/01/28 07:03:38 DeletePortMapping: ExternalPort:29182, TCP
2004/01/28 07:05:47 AddPortMapping: ExternalPort:36313, UDP,
InternalPort:6972, InternalClient:192.168.2.25
2004/01/28 07:05:47 AddPortMapping: ExternalPort:47338, TCP,
InternalPort:10249, InternalClient:192.168.2.25
2004/01/28 07:05:47 DeletePortMapping: ExternalPort:36313, UDP
2004/01/28 07:05:47 DeletePortMapping: ExternalPort:47338, TCP
2004/01/28 07:07:48 AddPortMapping: ExternalPort:42471, UDP,
InternalPort:9492, InternalClient:192.168.2.25
2004/01/28 07:07:48 AddPortMapping: ExternalPort:27097, TCP,
InternalPort:7128, InternalClient:192.168.2.25
2004/01/28 07:07:48 DeletePortMapping: ExternalPort:42471, UDP
2004/01/28 07:07:48 DeletePortMapping: ExternalPort:27097, TCP
2004/01/28 07:09:44 Client filtering settings blocked connection from IP
address <211.224.130.206>
2004/01/28 07:09:48 AddPortMapping: ExternalPort:1753, UDP,
InternalPort:7095, InternalClient:192.168.2.25
2004/01/28 07:09:48 AddPortMapping: ExternalPort:21990, TCP,
InternalPort:9444, InternalClient:192.168.2.25
2004/01/28 07:09:48 DeletePortMapping: ExternalPort:1753, UDP
2004/01/28 07:09:49 DeletePortMapping: ExternalPort:21990, TCP
2004/01/28 07:10:15 Connection attempt to base station from WAN blocked --
src:<64.48.134.72:0> dst:<63.196.188.70:1080>
2004/01/28 07:11:59 AddPortMapping: ExternalPort:15071, UDP,
InternalPort:7563, InternalClient:192.168.2.25
2004/01/28 07:11:59 AddPortMapping: ExternalPort:27383, TCP,
InternalPort:13787, InternalClient:192.168.2.25
2004/01/28 07:11:59 DeletePortMapping: ExternalPort:15071, UDP
2004/01/28 07:11:59 DeletePortMapping: ExternalPort:27383, TCP
2004/01/28 07:14:00 AddPortMapping: ExternalPort:23524, UDP,
InternalPort:9962, InternalClient:192.168.2.25
2004/01/28 07:14:00 AddPortMapping: ExternalPort:36605, TCP,
InternalPort:16191, InternalClient:192.168.2.25
2004/01/28 07:14:00 DeletePortMapping: ExternalPort:23524, UDP
2004/01/28 07:14:00 DeletePortMapping: ExternalPort:36605, TCP
2004/01/28 07:16:01 AddPortMapping: ExternalPort:61683, UDP,
InternalPort:12609, InternalClient:192.168.2.25
2004/01/28 07:16:01 AddPortMapping: ExternalPort:8957, TCP,
InternalPort:16275, InternalClient:192.168.2.25
2004/01/28 07:16:01 DeletePortMapping: ExternalPort:61683, UDP
2004/01/28 07:16:01 DeletePortMapping: ExternalPort:8957, TCP
2004/01/28 07:18:12 AddPortMapping: ExternalPort:33515, UDP,
InternalPort:10547, InternalClient:192.168.2.25
2004/01/28 07:18:12 AddPortMapping: ExternalPort:35714, TCP,
InternalPort:16442, InternalClient:192.168.2.25
2004/01/28 07:18:12 DeletePortMapping: ExternalPort:33515, UDP
2004/01/28 07:18:12 DeletePortMapping: ExternalPort:35714, TCP
2004/01/28 07:18:22 Client filtering settings blocked connection from IP
address <63.119.58.122>
2004/01/28 07:18:22 Client filtering settings blocked connection from IP
address <63.119.58.122>
2004/01/28 07:18:27 Connection attempt to base station from WAN blocked --
src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
2004/01/28 07:18:27 Connection attempt to base station from WAN blocked --
src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
2004/01/28 07:18:30 Connection attempt to base station from WAN blocked --
src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
2004/01/28 07:18:30 Connection attempt to base station from WAN blocked --
src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
2004/01/28 07:18:36 Connection attempt to base station from WAN blocked --
src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
2004/01/28 07:18:36 Connection attempt to base station from WAN blocked --
src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
2004/01/28 07:20:11 AddPortMapping: ExternalPort:25320, UDP,
InternalPort:10963, InternalClient:192.168.2.25
2004/01/28 07:20:11 AddPortMapping: ExternalPort:38398, TCP,
InternalPort:15396, InternalClient:192.168.2.25
2004/01/28 07:20:11 DeletePortMapping: ExternalPort:25320, UDP
2004/01/28 07:20:11 DeletePortMapping: ExternalPort:38398, TCP
2004/01/28 07:22:12 AddPortMapping: ExternalPort:2294, UDP,
InternalPort:13497, InternalClient:192.168.2.25
2004/01/28 07:22:12 AddPortMapping: ExternalPort:46308, TCP,
InternalPort:9733, InternalClient:192.168.2.25
2004/01/28 07:22:12 DeletePortMapping: ExternalPort:2294, UDP
2004/01/28 07:22:13 DeletePortMapping: ExternalPort:46308, TCP
2004/01/28 07:23:17 Client filtering settings blocked connection from IP
address <63.194.169.21>
2004/01/28 07:24:00 Client filtering settings blocked connection from IP
address <63.194.20.170>
2004/01/28 07:24:21 Connection attempt to base station from WAN blocked --
src:<61.6.93.23:220> dst:<63.196.188.70:6129>
2004/01/28 07:24:22 AddPortMapping: ExternalPort:58606, UDP,
InternalPort:11349, InternalClient:192.168.2.25
2004/01/28 07:24:22 AddPortMapping: ExternalPort:19449, TCP,
InternalPort:15354, InternalClient:192.168.2.25
2004/01/28 07:24:22 DeletePortMapping: ExternalPort:58606, UDP
2004/01/28 07:24:22 DeletePortMapping: ExternalPort:19449, TCP
2004/01/28 07:25:44 192.168.2.34 login successful
2004/01/28 07:26:23 AddPortMapping: ExternalPort:1783, UDP,
InternalPort:13751, InternalClient:192.168.2.25
2004/01/28 07:26:23 AddPortMapping: ExternalPort:51967, TCP,
InternalPort:15739, InternalClient:192.168.2.25
2004/01/28 07:26:23 DeletePortMapping: ExternalPort:1783, UDP
2004/01/28 07:26:23 DeletePortMapping: ExternalPort:51967, TCP
2004/01/28 07:26:54 Client filtering settings blocked connection from IP
address <63.199.220.138>
2004/01/28 07:28:24 AddPortMapping: ExternalPort:61693, UDP,
InternalPort:16193, InternalClient:192.168.2.25
2004/01/28 07:28:24 AddPortMapping: ExternalPort:4227, TCP,
InternalPort:16801, InternalClient:192.168.2.25
2004/01/28 07:28:24 DeletePortMapping: ExternalPort:61693, UDP
2004/01/28 07:28:24 DeletePortMapping: ExternalPort:4227, TCP
2004/01/28 07:30:33 AddPortMapping: ExternalPort:55541, UDP,
InternalPort:14185, InternalClient:192.168.2.25
2004/01/28 07:30:34 AddPortMapping: ExternalPort:43761, TCP,
InternalPort:13083, InternalClient:192.168.2.25
2004/01/28 07:30:34 DeletePortMapping: ExternalPort:55541, UDP
2004/01/28 07:30:34 DeletePortMapping: ExternalPort:43761, TCP
2004/01/28 07:32:34 AddPortMapping: ExternalPort:39419, UDP,
InternalPort:14632, InternalClient:192.168.2.25
2004/01/28 07:32:34 AddPortMapping: ExternalPort:21994, TCP,
InternalPort:10468, InternalClient:192.168.2.25
2004/01/28 07:32:34 DeletePortMapping: ExternalPort:39419, UDP
2004/01/28 07:32:34 DeletePortMapping: ExternalPort:21994, TCP
2004/01/28 07:34:34 AddPortMapping: ExternalPort:48121, UDP,
InternalPort:15114, InternalClient:192.168.2.25
2004/01/28 07:34:34 AddPortMapping: ExternalPort:55260, TCP,
InternalPort:7782, InternalClient:192.168.2.25
2004/01/28 07:34:34 DeletePortMapping: ExternalPort:48121, UDP
2004/01/28 07:34:35 DeletePortMapping: ExternalPort:55260, TCP


"Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> are you using the default 192.168.2.x IP range or did you change it to
> something else? can you post the base station log here as a reply?
>
> Brian W wrote:
> > Hi All,
> >
> > Last night I went to log into the BMT and was denied, saying that
> > someone was already logged in from 60.189.86.0, which, of course, is
> > not an IP on my network. According to Whois the IP belongs to a
> > company in Australia. (I know, IPs can be spoofed)
> >
> > I thought this sort of thing wasn't possible.
> >
> > On the wireless side I have 128 WEB encryption enabled, using a key
> > that was randomly generated.
> >
> > There is at least one other wireless networn in my neighborhood (the
> > broadcast their SID). Which bring up the question, I know I can tell
> > if is on my router if someone grabs an IP using DHCP,but what if they
> > are using a static IP, is there any way to tell who is connected to
> > my router?
> >
> > Is it possible there is a backdoor through the firewall that MS isn't
> > telling us about?
> >
> > As always, any insight/thoughts are greatly appreciated.
> >
> > Brian W
>
>
> --
> Barb Bowman
> Expert Zone Columnist
> http://www.microsoft.com/windowsxp/expertzone
> MS-MVP (Windows)
>
>


Reply With Quote
  #4  
Old 01-28-2004, 05:01 PM
Barb Bowman \(MVP-Windows\)
Guest
  
Posts: n/a
Default Re: More MN-500 strangeness
The situation you describe with that routable IP logged on to the base
station is pretty weird. I've never seen a report like this.
However, you can and probably should change the IP addressing range on the
MN-500.

I'd use 172.16.0.1 for the base station address and I'd use
172.16.0.150-172.16.0.15x for your computers - the 172.16.0.* is another
private class non routable addressing range.

Brian W wrote:
> WOW, That was fast!
>
> Yes, I am using the default IP range.
>
> The log is pasted below log but I know it doesn't show anything. The
> only way I was able to log on to the BMT last night was to pull the
> plug (and if someone was logged in to my basestation, I wanted them
> off ASAP) which for some reason, reset the log, because the only
> entries were for the PPPoE reconnecting, reassigning IP's etc, etc.
> Not to mention all the blocked connect attempts I get, fills the log
> pretty fast.
>
> Currently there are no DHCP assigned addresses that I can't account
> for.
>
>
> Thanks
> Brian W
>
>
>
> 2004/01/28 06:38:52 DeletePortMapping: ExternalPort:32748, TCP
> 2004/01/28 06:41:01 AddPortMapping: ExternalPort:41198, UDP,
> InternalPort:11281, InternalClient:192.168.2.25
> 2004/01/28 06:41:01 AddPortMapping: ExternalPort:58859, TCP,
> InternalPort:10580, InternalClient:192.168.2.25
> 2004/01/28 06:41:02 DeletePortMapping: ExternalPort:41198, UDP
> 2004/01/28 06:41:02 DeletePortMapping: ExternalPort:58859, TCP
> 2004/01/28 06:43:02 AddPortMapping: ExternalPort:51444, UDP,
> InternalPort:13945, InternalClient:192.168.2.25
> 2004/01/28 06:43:03 AddPortMapping: ExternalPort:6112, TCP,
> InternalPort:8870, InternalClient:192.168.2.25
> 2004/01/28 06:43:03 DeletePortMapping: ExternalPort:51444, UDP
> 2004/01/28 06:43:03 DeletePortMapping: ExternalPort:6112, TCP
> 2004/01/28 06:45:03 AddPortMapping: ExternalPort:4600, UDP,
> InternalPort:15008, InternalClient:192.168.2.25
> 2004/01/28 06:45:03 AddPortMapping: ExternalPort:27132, TCP,
> InternalPort:16088, InternalClient:192.168.2.25
> 2004/01/28 06:45:03 DeletePortMapping: ExternalPort:4600, UDP
> 2004/01/28 06:45:03 DeletePortMapping: ExternalPort:27132, TCP
> 2004/01/28 06:47:12 AddPortMapping: ExternalPort:31725, UDP,
> InternalPort:12234, InternalClient:192.168.2.25
> 2004/01/28 06:47:13 AddPortMapping: ExternalPort:12007, TCP,
> InternalPort:9631, InternalClient:192.168.2.25
> 2004/01/28 06:47:13 DeletePortMapping: ExternalPort:31725, UDP
> 2004/01/28 06:47:13 DeletePortMapping: ExternalPort:12007, TCP
> 2004/01/28 06:49:14 AddPortMapping: ExternalPort:44024, UDP,
> InternalPort:14874, InternalClient:192.168.2.25
> 2004/01/28 06:49:14 AddPortMapping: ExternalPort:23528, TCP,
> InternalPort:10986, InternalClient:192.168.2.25
> 2004/01/28 06:49:14 DeletePortMapping: ExternalPort:44024, UDP
> 2004/01/28 06:49:14 DeletePortMapping: ExternalPort:23528, TCP
> 2004/01/28 06:51:15 AddPortMapping: ExternalPort:10979, UDP,
> InternalPort:8603, InternalClient:192.168.2.25
> 2004/01/28 06:51:15 AddPortMapping: ExternalPort:6617, TCP,
> InternalPort:7080, InternalClient:192.168.2.25
> 2004/01/28 06:51:16 DeletePortMapping: ExternalPort:10979, UDP
> 2004/01/28 06:51:16 DeletePortMapping: ExternalPort:6617, TCP
> 2004/01/28 06:51:30 Connection attempt to base station from WAN
> blocked -- src:<217.82.37.216:1329> dst:<63.196.188.70:137>
> 2004/01/28 06:53:25 AddPortMapping: ExternalPort:37625, UDP,
> InternalPort:15139, InternalClient:192.168.2.25
> 2004/01/28 06:53:25 AddPortMapping: ExternalPort:58754, TCP,
> InternalPort:16468, InternalClient:192.168.2.25
> 2004/01/28 06:53:25 DeletePortMapping: ExternalPort:37625, UDP
> 2004/01/28 06:53:25 DeletePortMapping: ExternalPort:58754, TCP
> 2004/01/28 06:55:26 AddPortMapping: ExternalPort:29151, UDP,
> InternalPort:7616, InternalClient:192.168.2.25
> 2004/01/28 06:55:26 AddPortMapping: ExternalPort:54011, TCP,
> InternalPort:14691, InternalClient:192.168.2.25
> 2004/01/28 06:55:26 DeletePortMapping: ExternalPort:29151, UDP
> 2004/01/28 06:55:26 DeletePortMapping: ExternalPort:54011, TCP
> 2004/01/28 06:55:33 Client filtering settings blocked connection
> from IP address <63.199.102.107>
> 2004/01/28 06:56:29 Address 192.168.2.34 was assigned to client
> 1:0x00010323036b
> 2004/01/28 06:57:26 Address 192.168.2.25 was assigned to client
> 1:0x0050f274a976
> 2004/01/28 06:57:27 AddPortMapping: ExternalPort:2782, UDP,
> InternalPort:7355, InternalClient:192.168.2.25
> 2004/01/28 06:57:27 AddPortMapping: ExternalPort:57582, TCP,
> InternalPort:11345, InternalClient:192.168.2.25
> 2004/01/28 06:57:27 DeletePortMapping: ExternalPort:2782, UDP
> 2004/01/28 06:57:27 DeletePortMapping: ExternalPort:57582, TCP
> 2004/01/28 06:59:36 AddPortMapping: ExternalPort:48637, UDP,
> InternalPort:16140, InternalClient:192.168.2.25
> 2004/01/28 06:59:36 AddPortMapping: ExternalPort:35071, TCP,
> InternalPort:15673, InternalClient:192.168.2.25
> 2004/01/28 06:59:36 DeletePortMapping: ExternalPort:48637, UDP
> 2004/01/28 06:59:36 DeletePortMapping: ExternalPort:35071, TCP
> 2004/01/28 07:01:37 AddPortMapping: ExternalPort:52707, UDP,
> InternalPort:8572, InternalClient:192.168.2.25
> 2004/01/28 07:01:37 AddPortMapping: ExternalPort:11258, TCP,
> InternalPort:14490, InternalClient:192.168.2.25
> 2004/01/28 07:01:37 DeletePortMapping: ExternalPort:52707, UDP
> 2004/01/28 07:01:37 DeletePortMapping: ExternalPort:11258, TCP
> 2004/01/28 07:03:38 AddPortMapping: ExternalPort:34786, UDP,
> InternalPort:8246, InternalClient:192.168.2.25
> 2004/01/28 07:03:38 AddPortMapping: ExternalPort:29182, TCP,
> InternalPort:15552, InternalClient:192.168.2.25
> 2004/01/28 07:03:38 DeletePortMapping: ExternalPort:34786, UDP
> 2004/01/28 07:03:38 DeletePortMapping: ExternalPort:29182, TCP
> 2004/01/28 07:05:47 AddPortMapping: ExternalPort:36313, UDP,
> InternalPort:6972, InternalClient:192.168.2.25
> 2004/01/28 07:05:47 AddPortMapping: ExternalPort:47338, TCP,
> InternalPort:10249, InternalClient:192.168.2.25
> 2004/01/28 07:05:47 DeletePortMapping: ExternalPort:36313, UDP
> 2004/01/28 07:05:47 DeletePortMapping: ExternalPort:47338, TCP
> 2004/01/28 07:07:48 AddPortMapping: ExternalPort:42471, UDP,
> InternalPort:9492, InternalClient:192.168.2.25
> 2004/01/28 07:07:48 AddPortMapping: ExternalPort:27097, TCP,
> InternalPort:7128, InternalClient:192.168.2.25
> 2004/01/28 07:07:48 DeletePortMapping: ExternalPort:42471, UDP
> 2004/01/28 07:07:48 DeletePortMapping: ExternalPort:27097, TCP
> 2004/01/28 07:09:44 Client filtering settings blocked connection
> from IP address <211.224.130.206>
> 2004/01/28 07:09:48 AddPortMapping: ExternalPort:1753, UDP,
> InternalPort:7095, InternalClient:192.168.2.25
> 2004/01/28 07:09:48 AddPortMapping: ExternalPort:21990, TCP,
> InternalPort:9444, InternalClient:192.168.2.25
> 2004/01/28 07:09:48 DeletePortMapping: ExternalPort:1753, UDP
> 2004/01/28 07:09:49 DeletePortMapping: ExternalPort:21990, TCP
> 2004/01/28 07:10:15 Connection attempt to base station from WAN
> blocked -- src:<64.48.134.72:0> dst:<63.196.188.70:1080>
> 2004/01/28 07:11:59 AddPortMapping: ExternalPort:15071, UDP,
> InternalPort:7563, InternalClient:192.168.2.25
> 2004/01/28 07:11:59 AddPortMapping: ExternalPort:27383, TCP,
> InternalPort:13787, InternalClient:192.168.2.25
> 2004/01/28 07:11:59 DeletePortMapping: ExternalPort:15071, UDP
> 2004/01/28 07:11:59 DeletePortMapping: ExternalPort:27383, TCP
> 2004/01/28 07:14:00 AddPortMapping: ExternalPort:23524, UDP,
> InternalPort:9962, InternalClient:192.168.2.25
> 2004/01/28 07:14:00 AddPortMapping: ExternalPort:36605, TCP,
> InternalPort:16191, InternalClient:192.168.2.25
> 2004/01/28 07:14:00 DeletePortMapping: ExternalPort:23524, UDP
> 2004/01/28 07:14:00 DeletePortMapping: ExternalPort:36605, TCP
> 2004/01/28 07:16:01 AddPortMapping: ExternalPort:61683, UDP,
> InternalPort:12609, InternalClient:192.168.2.25
> 2004/01/28 07:16:01 AddPortMapping: ExternalPort:8957, TCP,
> InternalPort:16275, InternalClient:192.168.2.25
> 2004/01/28 07:16:01 DeletePortMapping: ExternalPort:61683, UDP
> 2004/01/28 07:16:01 DeletePortMapping: ExternalPort:8957, TCP
> 2004/01/28 07:18:12 AddPortMapping: ExternalPort:33515, UDP,
> InternalPort:10547, InternalClient:192.168.2.25
> 2004/01/28 07:18:12 AddPortMapping: ExternalPort:35714, TCP,
> InternalPort:16442, InternalClient:192.168.2.25
> 2004/01/28 07:18:12 DeletePortMapping: ExternalPort:33515, UDP
> 2004/01/28 07:18:12 DeletePortMapping: ExternalPort:35714, TCP
> 2004/01/28 07:18:22 Client filtering settings blocked connection
> from IP address <63.119.58.122>
> 2004/01/28 07:18:22 Client filtering settings blocked connection
> from IP address <63.119.58.122>
> 2004/01/28 07:18:27 Connection attempt to base station from WAN
> blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
> 2004/01/28 07:18:27 Connection attempt to base station from WAN
> blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
> 2004/01/28 07:18:30 Connection attempt to base station from WAN
> blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
> 2004/01/28 07:18:30 Connection attempt to base station from WAN
> blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
> 2004/01/28 07:18:36 Connection attempt to base station from WAN
> blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
> 2004/01/28 07:18:36 Connection attempt to base station from WAN
> blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
> 2004/01/28 07:20:11 AddPortMapping: ExternalPort:25320, UDP,
> InternalPort:10963, InternalClient:192.168.2.25
> 2004/01/28 07:20:11 AddPortMapping: ExternalPort:38398, TCP,
> InternalPort:15396, InternalClient:192.168.2.25
> 2004/01/28 07:20:11 DeletePortMapping: ExternalPort:25320, UDP
> 2004/01/28 07:20:11 DeletePortMapping: ExternalPort:38398, TCP
> 2004/01/28 07:22:12 AddPortMapping: ExternalPort:2294, UDP,
> InternalPort:13497, InternalClient:192.168.2.25
> 2004/01/28 07:22:12 AddPortMapping: ExternalPort:46308, TCP,
> InternalPort:9733, InternalClient:192.168.2.25
> 2004/01/28 07:22:12 DeletePortMapping: ExternalPort:2294, UDP
> 2004/01/28 07:22:13 DeletePortMapping: ExternalPort:46308, TCP
> 2004/01/28 07:23:17 Client filtering settings blocked connection
> from IP address <63.194.169.21>
> 2004/01/28 07:24:00 Client filtering settings blocked connection
> from IP address <63.194.20.170>
> 2004/01/28 07:24:21 Connection attempt to base station from WAN
> blocked -- src:<61.6.93.23:220> dst:<63.196.188.70:6129>
> 2004/01/28 07:24:22 AddPortMapping: ExternalPort:58606, UDP,
> InternalPort:11349, InternalClient:192.168.2.25
> 2004/01/28 07:24:22 AddPortMapping: ExternalPort:19449, TCP,
> InternalPort:15354, InternalClient:192.168.2.25
> 2004/01/28 07:24:22 DeletePortMapping: ExternalPort:58606, UDP
> 2004/01/28 07:24:22 DeletePortMapping: ExternalPort:19449, TCP
> 2004/01/28 07:25:44 192.168.2.34 login successful
> 2004/01/28 07:26:23 AddPortMapping: ExternalPort:1783, UDP,
> InternalPort:13751, InternalClient:192.168.2.25
> 2004/01/28 07:26:23 AddPortMapping: ExternalPort:51967, TCP,
> InternalPort:15739, InternalClient:192.168.2.25
> 2004/01/28 07:26:23 DeletePortMapping: ExternalPort:1783, UDP
> 2004/01/28 07:26:23 DeletePortMapping: ExternalPort:51967, TCP
> 2004/01/28 07:26:54 Client filtering settings blocked connection
> from IP address <63.199.220.138>
> 2004/01/28 07:28:24 AddPortMapping: ExternalPort:61693, UDP,
> InternalPort:16193, InternalClient:192.168.2.25
> 2004/01/28 07:28:24 AddPortMapping: ExternalPort:4227, TCP,
> InternalPort:16801, InternalClient:192.168.2.25
> 2004/01/28 07:28:24 DeletePortMapping: ExternalPort:61693, UDP
> 2004/01/28 07:28:24 DeletePortMapping: ExternalPort:4227, TCP
> 2004/01/28 07:30:33 AddPortMapping: ExternalPort:55541, UDP,
> InternalPort:14185, InternalClient:192.168.2.25
> 2004/01/28 07:30:34 AddPortMapping: ExternalPort:43761, TCP,
> InternalPort:13083, InternalClient:192.168.2.25
> 2004/01/28 07:30:34 DeletePortMapping: ExternalPort:55541, UDP
> 2004/01/28 07:30:34 DeletePortMapping: ExternalPort:43761, TCP
> 2004/01/28 07:32:34 AddPortMapping: ExternalPort:39419, UDP,
> InternalPort:14632, InternalClient:192.168.2.25
> 2004/01/28 07:32:34 AddPortMapping: ExternalPort:21994, TCP,
> InternalPort:10468, InternalClient:192.168.2.25
> 2004/01/28 07:32:34 DeletePortMapping: ExternalPort:39419, UDP
> 2004/01/28 07:32:34 DeletePortMapping: ExternalPort:21994, TCP
> 2004/01/28 07:34:34 AddPortMapping: ExternalPort:48121, UDP,
> InternalPort:15114, InternalClient:192.168.2.25
> 2004/01/28 07:34:34 AddPortMapping: ExternalPort:55260, TCP,
> InternalPort:7782, InternalClient:192.168.2.25
> 2004/01/28 07:34:34 DeletePortMapping: ExternalPort:48121, UDP
> 2004/01/28 07:34:35 DeletePortMapping: ExternalPort:55260, TCP
>
>
> "Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> are you using the default 192.168.2.x IP range or did you change it
>> to something else? can you post the base station log here as a reply?
>>
>> Brian W wrote:
>>> Hi All,
>>>
>>> Last night I went to log into the BMT and was denied, saying that
>>> someone was already logged in from 60.189.86.0, which, of course, is
>>> not an IP on my network. According to Whois the IP belongs to a
>>> company in Australia. (I know, IPs can be spoofed)
>>>
>>> I thought this sort of thing wasn't possible.
>>>
>>> On the wireless side I have 128 WEB encryption enabled, using a key
>>> that was randomly generated.
>>>
>>> There is at least one other wireless networn in my neighborhood (the
>>> broadcast their SID). Which bring up the question, I know I can tell
>>> if is on my router if someone grabs an IP using DHCP,but what if
>>> they are using a static IP, is there any way to tell who is
>>> connected to my router?
>>>
>>> Is it possible there is a backdoor through the firewall that MS
>>> isn't telling us about?
>>>
>>> As always, any insight/thoughts are greatly appreciated.
>>>
>>> Brian W
>>
>>
>> --
>> Barb Bowman
>> Expert Zone Columnist
>> http://www.microsoft.com/windowsxp/expertzone
>> MS-MVP (Windows)


--
Barb Bowman
Expert Zone Columnist
http://www.microsoft.com/windowsxp/expertzone
MS-MVP (Windows)


Reply With Quote
  #5  
Old 01-28-2004, 05:13 PM
Brian W
Guest
  
Posts: n/a
Default Re: More MN-500 strangeness
Thanks, I was planning on changing all of that. So yopu answered my next
question about nonroutable IP's

While we're on the topic, I thought 192.168.* was, itself, a nonroutable IP?

Regards
Brian W




"Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> The situation you describe with that routable IP logged on to the base
> station is pretty weird. I've never seen a report like this.
> However, you can and probably should change the IP addressing range on the
> MN-500.
>
> I'd use 172.16.0.1 for the base station address and I'd use
> 172.16.0.150-172.16.0.15x for your computers - the 172.16.0.* is another
> private class non routable addressing range.
>
> Brian W wrote:
> > WOW, That was fast!
> >
> > Yes, I am using the default IP range.
> >
> > The log is pasted below log but I know it doesn't show anything. The
> > only way I was able to log on to the BMT last night was to pull the
> > plug (and if someone was logged in to my basestation, I wanted them
> > off ASAP) which for some reason, reset the log, because the only
> > entries were for the PPPoE reconnecting, reassigning IP's etc, etc.
> > Not to mention all the blocked connect attempts I get, fills the log
> > pretty fast.
> >
> > Currently there are no DHCP assigned addresses that I can't account
> > for.
> >
> >
> > Thanks
> > Brian W
> >
> >
> >
> > 2004/01/28 06:38:52 DeletePortMapping: ExternalPort:32748, TCP
> > 2004/01/28 06:41:01 AddPortMapping: ExternalPort:41198, UDP,
> > InternalPort:11281, InternalClient:192.168.2.25
> > 2004/01/28 06:41:01 AddPortMapping: ExternalPort:58859, TCP,
> > InternalPort:10580, InternalClient:192.168.2.25
> > 2004/01/28 06:41:02 DeletePortMapping: ExternalPort:41198, UDP
> > 2004/01/28 06:41:02 DeletePortMapping: ExternalPort:58859, TCP
> > 2004/01/28 06:43:02 AddPortMapping: ExternalPort:51444, UDP,
> > InternalPort:13945, InternalClient:192.168.2.25
> > 2004/01/28 06:43:03 AddPortMapping: ExternalPort:6112, TCP,
> > InternalPort:8870, InternalClient:192.168.2.25
> > 2004/01/28 06:43:03 DeletePortMapping: ExternalPort:51444, UDP
> > 2004/01/28 06:43:03 DeletePortMapping: ExternalPort:6112, TCP
> > 2004/01/28 06:45:03 AddPortMapping: ExternalPort:4600, UDP,
> > InternalPort:15008, InternalClient:192.168.2.25
> > 2004/01/28 06:45:03 AddPortMapping: ExternalPort:27132, TCP,
> > InternalPort:16088, InternalClient:192.168.2.25
> > 2004/01/28 06:45:03 DeletePortMapping: ExternalPort:4600, UDP
> > 2004/01/28 06:45:03 DeletePortMapping: ExternalPort:27132, TCP
> > 2004/01/28 06:47:12 AddPortMapping: ExternalPort:31725, UDP,
> > InternalPort:12234, InternalClient:192.168.2.25
> > 2004/01/28 06:47:13 AddPortMapping: ExternalPort:12007, TCP,
> > InternalPort:9631, InternalClient:192.168.2.25
> > 2004/01/28 06:47:13 DeletePortMapping: ExternalPort:31725, UDP
> > 2004/01/28 06:47:13 DeletePortMapping: ExternalPort:12007, TCP
> > 2004/01/28 06:49:14 AddPortMapping: ExternalPort:44024, UDP,
> > InternalPort:14874, InternalClient:192.168.2.25
> > 2004/01/28 06:49:14 AddPortMapping: ExternalPort:23528, TCP,
> > InternalPort:10986, InternalClient:192.168.2.25
> > 2004/01/28 06:49:14 DeletePortMapping: ExternalPort:44024, UDP
> > 2004/01/28 06:49:14 DeletePortMapping: ExternalPort:23528, TCP
> > 2004/01/28 06:51:15 AddPortMapping: ExternalPort:10979, UDP,
> > InternalPort:8603, InternalClient:192.168.2.25
> > 2004/01/28 06:51:15 AddPortMapping: ExternalPort:6617, TCP,
> > InternalPort:7080, InternalClient:192.168.2.25
> > 2004/01/28 06:51:16 DeletePortMapping: ExternalPort:10979, UDP
> > 2004/01/28 06:51:16 DeletePortMapping: ExternalPort:6617, TCP
> > 2004/01/28 06:51:30 Connection attempt to base station from WAN
> > blocked -- src:<217.82.37.216:1329> dst:<63.196.188.70:137>
> > 2004/01/28 06:53:25 AddPortMapping: ExternalPort:37625, UDP,
> > InternalPort:15139, InternalClient:192.168.2.25
> > 2004/01/28 06:53:25 AddPortMapping: ExternalPort:58754, TCP,
> > InternalPort:16468, InternalClient:192.168.2.25
> > 2004/01/28 06:53:25 DeletePortMapping: ExternalPort:37625, UDP
> > 2004/01/28 06:53:25 DeletePortMapping: ExternalPort:58754, TCP
> > 2004/01/28 06:55:26 AddPortMapping: ExternalPort:29151, UDP,
> > InternalPort:7616, InternalClient:192.168.2.25
> > 2004/01/28 06:55:26 AddPortMapping: ExternalPort:54011, TCP,
> > InternalPort:14691, InternalClient:192.168.2.25
> > 2004/01/28 06:55:26 DeletePortMapping: ExternalPort:29151, UDP
> > 2004/01/28 06:55:26 DeletePortMapping: ExternalPort:54011, TCP
> > 2004/01/28 06:55:33 Client filtering settings blocked connection
> > from IP address <63.199.102.107>
> > 2004/01/28 06:56:29 Address 192.168.2.34 was assigned to client
> > 1:0x00010323036b
> > 2004/01/28 06:57:26 Address 192.168.2.25 was assigned to client
> > 1:0x0050f274a976
> > 2004/01/28 06:57:27 AddPortMapping: ExternalPort:2782, UDP,
> > InternalPort:7355, InternalClient:192.168.2.25
> > 2004/01/28 06:57:27 AddPortMapping: ExternalPort:57582, TCP,
> > InternalPort:11345, InternalClient:192.168.2.25
> > 2004/01/28 06:57:27 DeletePortMapping: ExternalPort:2782, UDP
> > 2004/01/28 06:57:27 DeletePortMapping: ExternalPort:57582, TCP
> > 2004/01/28 06:59:36 AddPortMapping: ExternalPort:48637, UDP,
> > InternalPort:16140, InternalClient:192.168.2.25
> > 2004/01/28 06:59:36 AddPortMapping: ExternalPort:35071, TCP,
> > InternalPort:15673, InternalClient:192.168.2.25
> > 2004/01/28 06:59:36 DeletePortMapping: ExternalPort:48637, UDP
> > 2004/01/28 06:59:36 DeletePortMapping: ExternalPort:35071, TCP
> > 2004/01/28 07:01:37 AddPortMapping: ExternalPort:52707, UDP,
> > InternalPort:8572, InternalClient:192.168.2.25
> > 2004/01/28 07:01:37 AddPortMapping: ExternalPort:11258, TCP,
> > InternalPort:14490, InternalClient:192.168.2.25
> > 2004/01/28 07:01:37 DeletePortMapping: ExternalPort:52707, UDP
> > 2004/01/28 07:01:37 DeletePortMapping: ExternalPort:11258, TCP
> > 2004/01/28 07:03:38 AddPortMapping: ExternalPort:34786, UDP,
> > InternalPort:8246, InternalClient:192.168.2.25
> > 2004/01/28 07:03:38 AddPortMapping: ExternalPort:29182, TCP,
> > InternalPort:15552, InternalClient:192.168.2.25
> > 2004/01/28 07:03:38 DeletePortMapping: ExternalPort:34786, UDP
> > 2004/01/28 07:03:38 DeletePortMapping: ExternalPort:29182, TCP
> > 2004/01/28 07:05:47 AddPortMapping: ExternalPort:36313, UDP,
> > InternalPort:6972, InternalClient:192.168.2.25
> > 2004/01/28 07:05:47 AddPortMapping: ExternalPort:47338, TCP,
> > InternalPort:10249, InternalClient:192.168.2.25
> > 2004/01/28 07:05:47 DeletePortMapping: ExternalPort:36313, UDP
> > 2004/01/28 07:05:47 DeletePortMapping: ExternalPort:47338, TCP
> > 2004/01/28 07:07:48 AddPortMapping: ExternalPort:42471, UDP,
> > InternalPort:9492, InternalClient:192.168.2.25
> > 2004/01/28 07:07:48 AddPortMapping: ExternalPort:27097, TCP,
> > InternalPort:7128, InternalClient:192.168.2.25
> > 2004/01/28 07:07:48 DeletePortMapping: ExternalPort:42471, UDP
> > 2004/01/28 07:07:48 DeletePortMapping: ExternalPort:27097, TCP
> > 2004/01/28 07:09:44 Client filtering settings blocked connection
> > from IP address <211.224.130.206>
> > 2004/01/28 07:09:48 AddPortMapping: ExternalPort:1753, UDP,
> > InternalPort:7095, InternalClient:192.168.2.25
> > 2004/01/28 07:09:48 AddPortMapping: ExternalPort:21990, TCP,
> > InternalPort:9444, InternalClient:192.168.2.25
> > 2004/01/28 07:09:48 DeletePortMapping: ExternalPort:1753, UDP
> > 2004/01/28 07:09:49 DeletePortMapping: ExternalPort:21990, TCP
> > 2004/01/28 07:10:15 Connection attempt to base station from WAN
> > blocked -- src:<64.48.134.72:0> dst:<63.196.188.70:1080>
> > 2004/01/28 07:11:59 AddPortMapping: ExternalPort:15071, UDP,
> > InternalPort:7563, InternalClient:192.168.2.25
> > 2004/01/28 07:11:59 AddPortMapping: ExternalPort:27383, TCP,
> > InternalPort:13787, InternalClient:192.168.2.25
> > 2004/01/28 07:11:59 DeletePortMapping: ExternalPort:15071, UDP
> > 2004/01/28 07:11:59 DeletePortMapping: ExternalPort:27383, TCP
> > 2004/01/28 07:14:00 AddPortMapping: ExternalPort:23524, UDP,
> > InternalPort:9962, InternalClient:192.168.2.25
> > 2004/01/28 07:14:00 AddPortMapping: ExternalPort:36605, TCP,
> > InternalPort:16191, InternalClient:192.168.2.25
> > 2004/01/28 07:14:00 DeletePortMapping: ExternalPort:23524, UDP
> > 2004/01/28 07:14:00 DeletePortMapping: ExternalPort:36605, TCP
> > 2004/01/28 07:16:01 AddPortMapping: ExternalPort:61683, UDP,
> > InternalPort:12609, InternalClient:192.168.2.25
> > 2004/01/28 07:16:01 AddPortMapping: ExternalPort:8957, TCP,
> > InternalPort:16275, InternalClient:192.168.2.25
> > 2004/01/28 07:16:01 DeletePortMapping: ExternalPort:61683, UDP
> > 2004/01/28 07:16:01 DeletePortMapping: ExternalPort:8957, TCP
> > 2004/01/28 07:18:12 AddPortMapping: ExternalPort:33515, UDP,
> > InternalPort:10547, InternalClient:192.168.2.25
> > 2004/01/28 07:18:12 AddPortMapping: ExternalPort:35714, TCP,
> > InternalPort:16442, InternalClient:192.168.2.25
> > 2004/01/28 07:18:12 DeletePortMapping: ExternalPort:33515, UDP
> > 2004/01/28 07:18:12 DeletePortMapping: ExternalPort:35714, TCP
> > 2004/01/28 07:18:22 Client filtering settings blocked connection
> > from IP address <63.119.58.122>
> > 2004/01/28 07:18:22 Client filtering settings blocked connection
> > from IP address <63.119.58.122>
> > 2004/01/28 07:18:27 Connection attempt to base station from WAN
> > blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
> > 2004/01/28 07:18:27 Connection attempt to base station from WAN
> > blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
> > 2004/01/28 07:18:30 Connection attempt to base station from WAN
> > blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
> > 2004/01/28 07:18:30 Connection attempt to base station from WAN
> > blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
> > 2004/01/28 07:18:36 Connection attempt to base station from WAN
> > blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
> > 2004/01/28 07:18:36 Connection attempt to base station from WAN
> > blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
> > 2004/01/28 07:20:11 AddPortMapping: ExternalPort:25320, UDP,
> > InternalPort:10963, InternalClient:192.168.2.25
> > 2004/01/28 07:20:11 AddPortMapping: ExternalPort:38398, TCP,
> > InternalPort:15396, InternalClient:192.168.2.25
> > 2004/01/28 07:20:11 DeletePortMapping: ExternalPort:25320, UDP
> > 2004/01/28 07:20:11 DeletePortMapping: ExternalPort:38398, TCP
> > 2004/01/28 07:22:12 AddPortMapping: ExternalPort:2294, UDP,
> > InternalPort:13497, InternalClient:192.168.2.25
> > 2004/01/28 07:22:12 AddPortMapping: ExternalPort:46308, TCP,
> > InternalPort:9733, InternalClient:192.168.2.25
> > 2004/01/28 07:22:12 DeletePortMapping: ExternalPort:2294, UDP
> > 2004/01/28 07:22:13 DeletePortMapping: ExternalPort:46308, TCP
> > 2004/01/28 07:23:17 Client filtering settings blocked connection
> > from IP address <63.194.169.21>
> > 2004/01/28 07:24:00 Client filtering settings blocked connection
> > from IP address <63.194.20.170>
> > 2004/01/28 07:24:21 Connection attempt to base station from WAN
> > blocked -- src:<61.6.93.23:220> dst:<63.196.188.70:6129>
> > 2004/01/28 07:24:22 AddPortMapping: ExternalPort:58606, UDP,
> > InternalPort:11349, InternalClient:192.168.2.25
> > 2004/01/28 07:24:22 AddPortMapping: ExternalPort:19449, TCP,
> > InternalPort:15354, InternalClient:192.168.2.25
> > 2004/01/28 07:24:22 DeletePortMapping: ExternalPort:58606, UDP
> > 2004/01/28 07:24:22 DeletePortMapping: ExternalPort:19449, TCP
> > 2004/01/28 07:25:44 192.168.2.34 login successful
> > 2004/01/28 07:26:23 AddPortMapping: ExternalPort:1783, UDP,
> > InternalPort:13751, InternalClient:192.168.2.25
> > 2004/01/28 07:26:23 AddPortMapping: ExternalPort:51967, TCP,
> > InternalPort:15739, InternalClient:192.168.2.25
> > 2004/01/28 07:26:23 DeletePortMapping: ExternalPort:1783, UDP
> > 2004/01/28 07:26:23 DeletePortMapping: ExternalPort:51967, TCP
> > 2004/01/28 07:26:54 Client filtering settings blocked connection
> > from IP address <63.199.220.138>
> > 2004/01/28 07:28:24 AddPortMapping: ExternalPort:61693, UDP,
> > InternalPort:16193, InternalClient:192.168.2.25
> > 2004/01/28 07:28:24 AddPortMapping: ExternalPort:4227, TCP,
> > InternalPort:16801, InternalClient:192.168.2.25
> > 2004/01/28 07:28:24 DeletePortMapping: ExternalPort:61693, UDP
> > 2004/01/28 07:28:24 DeletePortMapping: ExternalPort:4227, TCP
> > 2004/01/28 07:30:33 AddPortMapping: ExternalPort:55541, UDP,
> > InternalPort:14185, InternalClient:192.168.2.25
> > 2004/01/28 07:30:34 AddPortMapping: ExternalPort:43761, TCP,
> > InternalPort:13083, InternalClient:192.168.2.25
> > 2004/01/28 07:30:34 DeletePortMapping: ExternalPort:55541, UDP
> > 2004/01/28 07:30:34 DeletePortMapping: ExternalPort:43761, TCP
> > 2004/01/28 07:32:34 AddPortMapping: ExternalPort:39419, UDP,
> > InternalPort:14632, InternalClient:192.168.2.25
> > 2004/01/28 07:32:34 AddPortMapping: ExternalPort:21994, TCP,
> > InternalPort:10468, InternalClient:192.168.2.25
> > 2004/01/28 07:32:34 DeletePortMapping: ExternalPort:39419, UDP
> > 2004/01/28 07:32:34 DeletePortMapping: ExternalPort:21994, TCP
> > 2004/01/28 07:34:34 AddPortMapping: ExternalPort:48121, UDP,
> > InternalPort:15114, InternalClient:192.168.2.25
> > 2004/01/28 07:34:34 AddPortMapping: ExternalPort:55260, TCP,
> > InternalPort:7782, InternalClient:192.168.2.25
> > 2004/01/28 07:34:34 DeletePortMapping: ExternalPort:48121, UDP
> > 2004/01/28 07:34:35 DeletePortMapping: ExternalPort:55260, TCP
> >
> >
> > "Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> >> are you using the default 192.168.2.x IP range or did you change it
> >> to something else? can you post the base station log here as a reply?
> >>
> >> Brian W wrote:
> >>> Hi All,
> >>>
> >>> Last night I went to log into the BMT and was denied, saying that
> >>> someone was already logged in from 60.189.86.0, which, of course, is
> >>> not an IP on my network. According to Whois the IP belongs to a
> >>> company in Australia. (I know, IPs can be spoofed)
> >>>
> >>> I thought this sort of thing wasn't possible.
> >>>
> >>> On the wireless side I have 128 WEB encryption enabled, using a key
> >>> that was randomly generated.
> >>>
> >>> There is at least one other wireless networn in my neighborhood (the
> >>> broadcast their SID). Which bring up the question, I know I can tell
> >>> if is on my router if someone grabs an IP using DHCP,but what if
> >>> they are using a static IP, is there any way to tell who is
> >>> connected to my router?
> >>>
> >>> Is it possible there is a backdoor through the firewall that MS
> >>> isn't telling us about?
> >>>
> >>> As always, any insight/thoughts are greatly appreciated.
> >>>
> >>> Brian W
> >>
> >>
> >> --
> >> Barb Bowman
> >> Expert Zone Columnist
> >> http://www.microsoft.com/windowsxp/expertzone
> >> MS-MVP (Windows)
>
>
> --
> Barb Bowman
> Expert Zone Columnist
> http://www.microsoft.com/windowsxp/expertzone
> MS-MVP (Windows)
>
>


Reply With Quote
  #6  
Old 01-28-2004, 05:17 PM
Brian W
Guest
  
Posts: n/a
Default Re: More MN-500 strangeness
Nevermind, I found that answer myself. :/


"Brian W" <brianw@gold_death_2_spam_rush.com> wrote in message
news:(E-Mail Removed)...
> Thanks, I was planning on changing all of that. So yopu answered my next
> question about nonroutable IP's
>
> While we're on the topic, I thought 192.168.* was, itself, a nonroutable
IP?
>
> Regards
> Brian W
>
>
>
>
> "Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > The situation you describe with that routable IP logged on to the base
> > station is pretty weird. I've never seen a report like this.
> > However, you can and probably should change the IP addressing range on
the
> > MN-500.
> >
> > I'd use 172.16.0.1 for the base station address and I'd use
> > 172.16.0.150-172.16.0.15x for your computers - the 172.16.0.* is another
> > private class non routable addressing range.
> >
> > Brian W wrote:
> > > WOW, That was fast!
> > >
> > > Yes, I am using the default IP range.
> > >
> > > The log is pasted below log but I know it doesn't show anything. The
> > > only way I was able to log on to the BMT last night was to pull the
> > > plug (and if someone was logged in to my basestation, I wanted them
> > > off ASAP) which for some reason, reset the log, because the only
> > > entries were for the PPPoE reconnecting, reassigning IP's etc, etc.
> > > Not to mention all the blocked connect attempts I get, fills the log
> > > pretty fast.
> > >
> > > Currently there are no DHCP assigned addresses that I can't account
> > > for.
> > >
> > >
> > > Thanks
> > > Brian W
> > >
> > >
> > >
> > > 2004/01/28 06:38:52 DeletePortMapping: ExternalPort:32748, TCP
> > > 2004/01/28 06:41:01 AddPortMapping: ExternalPort:41198, UDP,
> > > InternalPort:11281, InternalClient:192.168.2.25
> > > 2004/01/28 06:41:01 AddPortMapping: ExternalPort:58859, TCP,
> > > InternalPort:10580, InternalClient:192.168.2.25
> > > 2004/01/28 06:41:02 DeletePortMapping: ExternalPort:41198, UDP
> > > 2004/01/28 06:41:02 DeletePortMapping: ExternalPort:58859, TCP
> > > 2004/01/28 06:43:02 AddPortMapping: ExternalPort:51444, UDP,
> > > InternalPort:13945, InternalClient:192.168.2.25
> > > 2004/01/28 06:43:03 AddPortMapping: ExternalPort:6112, TCP,
> > > InternalPort:8870, InternalClient:192.168.2.25
> > > 2004/01/28 06:43:03 DeletePortMapping: ExternalPort:51444, UDP
> > > 2004/01/28 06:43:03 DeletePortMapping: ExternalPort:6112, TCP
> > > 2004/01/28 06:45:03 AddPortMapping: ExternalPort:4600, UDP,
> > > InternalPort:15008, InternalClient:192.168.2.25
> > > 2004/01/28 06:45:03 AddPortMapping: ExternalPort:27132, TCP,
> > > InternalPort:16088, InternalClient:192.168.2.25
> > > 2004/01/28 06:45:03 DeletePortMapping: ExternalPort:4600, UDP
> > > 2004/01/28 06:45:03 DeletePortMapping: ExternalPort:27132, TCP
> > > 2004/01/28 06:47:12 AddPortMapping: ExternalPort:31725, UDP,
> > > InternalPort:12234, InternalClient:192.168.2.25
> > > 2004/01/28 06:47:13 AddPortMapping: ExternalPort:12007, TCP,
> > > InternalPort:9631, InternalClient:192.168.2.25
> > > 2004/01/28 06:47:13 DeletePortMapping: ExternalPort:31725, UDP
> > > 2004/01/28 06:47:13 DeletePortMapping: ExternalPort:12007, TCP
> > > 2004/01/28 06:49:14 AddPortMapping: ExternalPort:44024, UDP,
> > > InternalPort:14874, InternalClient:192.168.2.25
> > > 2004/01/28 06:49:14 AddPortMapping: ExternalPort:23528, TCP,
> > > InternalPort:10986, InternalClient:192.168.2.25
> > > 2004/01/28 06:49:14 DeletePortMapping: ExternalPort:44024, UDP
> > > 2004/01/28 06:49:14 DeletePortMapping: ExternalPort:23528, TCP
> > > 2004/01/28 06:51:15 AddPortMapping: ExternalPort:10979, UDP,
> > > InternalPort:8603, InternalClient:192.168.2.25
> > > 2004/01/28 06:51:15 AddPortMapping: ExternalPort:6617, TCP,
> > > InternalPort:7080, InternalClient:192.168.2.25
> > > 2004/01/28 06:51:16 DeletePortMapping: ExternalPort:10979, UDP
> > > 2004/01/28 06:51:16 DeletePortMapping: ExternalPort:6617, TCP
> > > 2004/01/28 06:51:30 Connection attempt to base station from WAN
> > > blocked -- src:<217.82.37.216:1329> dst:<63.196.188.70:137>
> > > 2004/01/28 06:53:25 AddPortMapping: ExternalPort:37625, UDP,
> > > InternalPort:15139, InternalClient:192.168.2.25
> > > 2004/01/28 06:53:25 AddPortMapping: ExternalPort:58754, TCP,
> > > InternalPort:16468, InternalClient:192.168.2.25
> > > 2004/01/28 06:53:25 DeletePortMapping: ExternalPort:37625, UDP
> > > 2004/01/28 06:53:25 DeletePortMapping: ExternalPort:58754, TCP
> > > 2004/01/28 06:55:26 AddPortMapping: ExternalPort:29151, UDP,
> > > InternalPort:7616, InternalClient:192.168.2.25
> > > 2004/01/28 06:55:26 AddPortMapping: ExternalPort:54011, TCP,
> > > InternalPort:14691, InternalClient:192.168.2.25
> > > 2004/01/28 06:55:26 DeletePortMapping: ExternalPort:29151, UDP
> > > 2004/01/28 06:55:26 DeletePortMapping: ExternalPort:54011, TCP
> > > 2004/01/28 06:55:33 Client filtering settings blocked connection
> > > from IP address <63.199.102.107>
> > > 2004/01/28 06:56:29 Address 192.168.2.34 was assigned to client
> > > 1:0x00010323036b
> > > 2004/01/28 06:57:26 Address 192.168.2.25 was assigned to client
> > > 1:0x0050f274a976
> > > 2004/01/28 06:57:27 AddPortMapping: ExternalPort:2782, UDP,
> > > InternalPort:7355, InternalClient:192.168.2.25
> > > 2004/01/28 06:57:27 AddPortMapping: ExternalPort:57582, TCP,
> > > InternalPort:11345, InternalClient:192.168.2.25
> > > 2004/01/28 06:57:27 DeletePortMapping: ExternalPort:2782, UDP
> > > 2004/01/28 06:57:27 DeletePortMapping: ExternalPort:57582, TCP
> > > 2004/01/28 06:59:36 AddPortMapping: ExternalPort:48637, UDP,
> > > InternalPort:16140, InternalClient:192.168.2.25
> > > 2004/01/28 06:59:36 AddPortMapping: ExternalPort:35071, TCP,
> > > InternalPort:15673, InternalClient:192.168.2.25
> > > 2004/01/28 06:59:36 DeletePortMapping: ExternalPort:48637, UDP
> > > 2004/01/28 06:59:36 DeletePortMapping: ExternalPort:35071, TCP
> > > 2004/01/28 07:01:37 AddPortMapping: ExternalPort:52707, UDP,
> > > InternalPort:8572, InternalClient:192.168.2.25
> > > 2004/01/28 07:01:37 AddPortMapping: ExternalPort:11258, TCP,
> > > InternalPort:14490, InternalClient:192.168.2.25
> > > 2004/01/28 07:01:37 DeletePortMapping: ExternalPort:52707, UDP
> > > 2004/01/28 07:01:37 DeletePortMapping: ExternalPort:11258, TCP
> > > 2004/01/28 07:03:38 AddPortMapping: ExternalPort:34786, UDP,
> > > InternalPort:8246, InternalClient:192.168.2.25
> > > 2004/01/28 07:03:38 AddPortMapping: ExternalPort:29182, TCP,
> > > InternalPort:15552, InternalClient:192.168.2.25
> > > 2004/01/28 07:03:38 DeletePortMapping: ExternalPort:34786, UDP
> > > 2004/01/28 07:03:38 DeletePortMapping: ExternalPort:29182, TCP
> > > 2004/01/28 07:05:47 AddPortMapping: ExternalPort:36313, UDP,
> > > InternalPort:6972, InternalClient:192.168.2.25
> > > 2004/01/28 07:05:47 AddPortMapping: ExternalPort:47338, TCP,
> > > InternalPort:10249, InternalClient:192.168.2.25
> > > 2004/01/28 07:05:47 DeletePortMapping: ExternalPort:36313, UDP
> > > 2004/01/28 07:05:47 DeletePortMapping: ExternalPort:47338, TCP
> > > 2004/01/28 07:07:48 AddPortMapping: ExternalPort:42471, UDP,
> > > InternalPort:9492, InternalClient:192.168.2.25
> > > 2004/01/28 07:07:48 AddPortMapping: ExternalPort:27097, TCP,
> > > InternalPort:7128, InternalClient:192.168.2.25
> > > 2004/01/28 07:07:48 DeletePortMapping: ExternalPort:42471, UDP
> > > 2004/01/28 07:07:48 DeletePortMapping: ExternalPort:27097, TCP
> > > 2004/01/28 07:09:44 Client filtering settings blocked connection
> > > from IP address <211.224.130.206>
> > > 2004/01/28 07:09:48 AddPortMapping: ExternalPort:1753, UDP,
> > > InternalPort:7095, InternalClient:192.168.2.25
> > > 2004/01/28 07:09:48 AddPortMapping: ExternalPort:21990, TCP,
> > > InternalPort:9444, InternalClient:192.168.2.25
> > > 2004/01/28 07:09:48 DeletePortMapping: ExternalPort:1753, UDP
> > > 2004/01/28 07:09:49 DeletePortMapping: ExternalPort:21990, TCP
> > > 2004/01/28 07:10:15 Connection attempt to base station from WAN
> > > blocked -- src:<64.48.134.72:0> dst:<63.196.188.70:1080>
> > > 2004/01/28 07:11:59 AddPortMapping: ExternalPort:15071, UDP,
> > > InternalPort:7563, InternalClient:192.168.2.25
> > > 2004/01/28 07:11:59 AddPortMapping: ExternalPort:27383, TCP,
> > > InternalPort:13787, InternalClient:192.168.2.25
> > > 2004/01/28 07:11:59 DeletePortMapping: ExternalPort:15071, UDP
> > > 2004/01/28 07:11:59 DeletePortMapping: ExternalPort:27383, TCP
> > > 2004/01/28 07:14:00 AddPortMapping: ExternalPort:23524, UDP,
> > > InternalPort:9962, InternalClient:192.168.2.25
> > > 2004/01/28 07:14:00 AddPortMapping: ExternalPort:36605, TCP,
> > > InternalPort:16191, InternalClient:192.168.2.25
> > > 2004/01/28 07:14:00 DeletePortMapping: ExternalPort:23524, UDP
> > > 2004/01/28 07:14:00 DeletePortMapping: ExternalPort:36605, TCP
> > > 2004/01/28 07:16:01 AddPortMapping: ExternalPort:61683, UDP,
> > > InternalPort:12609, InternalClient:192.168.2.25
> > > 2004/01/28 07:16:01 AddPortMapping: ExternalPort:8957, TCP,
> > > InternalPort:16275, InternalClient:192.168.2.25
> > > 2004/01/28 07:16:01 DeletePortMapping: ExternalPort:61683, UDP
> > > 2004/01/28 07:16:01 DeletePortMapping: ExternalPort:8957, TCP
> > > 2004/01/28 07:18:12 AddPortMapping: ExternalPort:33515, UDP,
> > > InternalPort:10547, InternalClient:192.168.2.25
> > > 2004/01/28 07:18:12 AddPortMapping: ExternalPort:35714, TCP,
> > > InternalPort:16442, InternalClient:192.168.2.25
> > > 2004/01/28 07:18:12 DeletePortMapping: ExternalPort:33515, UDP
> > > 2004/01/28 07:18:12 DeletePortMapping: ExternalPort:35714, TCP
> > > 2004/01/28 07:18:22 Client filtering settings blocked connection
> > > from IP address <63.119.58.122>
> > > 2004/01/28 07:18:22 Client filtering settings blocked connection
> > > from IP address <63.119.58.122>
> > > 2004/01/28 07:18:27 Connection attempt to base station from WAN
> > > blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
> > > 2004/01/28 07:18:27 Connection attempt to base station from WAN
> > > blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
> > > 2004/01/28 07:18:30 Connection attempt to base station from WAN
> > > blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
> > > 2004/01/28 07:18:30 Connection attempt to base station from WAN
> > > blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
> > > 2004/01/28 07:18:36 Connection attempt to base station from WAN
> > > blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
> > > 2004/01/28 07:18:36 Connection attempt to base station from WAN
> > > blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
> > > 2004/01/28 07:20:11 AddPortMapping: ExternalPort:25320, UDP,
> > > InternalPort:10963, InternalClient:192.168.2.25
> > > 2004/01/28 07:20:11 AddPortMapping: ExternalPort:38398, TCP,
> > > InternalPort:15396, InternalClient:192.168.2.25
> > > 2004/01/28 07:20:11 DeletePortMapping: ExternalPort:25320, UDP
> > > 2004/01/28 07:20:11 DeletePortMapping: ExternalPort:38398, TCP
> > > 2004/01/28 07:22:12 AddPortMapping: ExternalPort:2294, UDP,
> > > InternalPort:13497, InternalClient:192.168.2.25
> > > 2004/01/28 07:22:12 AddPortMapping: ExternalPort:46308, TCP,
> > > InternalPort:9733, InternalClient:192.168.2.25
> > > 2004/01/28 07:22:12 DeletePortMapping: ExternalPort:2294, UDP
> > > 2004/01/28 07:22:13 DeletePortMapping: ExternalPort:46308, TCP
> > > 2004/01/28 07:23:17 Client filtering settings blocked connection
> > > from IP address <63.194.169.21>
> > > 2004/01/28 07:24:00 Client filtering settings blocked connection
> > > from IP address <63.194.20.170>
> > > 2004/01/28 07:24:21 Connection attempt to base station from WAN
> > > blocked -- src:<61.6.93.23:220> dst:<63.196.188.70:6129>
> > > 2004/01/28 07:24:22 AddPortMapping: ExternalPort:58606, UDP,
> > > InternalPort:11349, InternalClient:192.168.2.25
> > > 2004/01/28 07:24:22 AddPortMapping: ExternalPort:19449, TCP,
> > > InternalPort:15354, InternalClient:192.168.2.25
> > > 2004/01/28 07:24:22 DeletePortMapping: ExternalPort:58606, UDP
> > > 2004/01/28 07:24:22 DeletePortMapping: ExternalPort:19449, TCP
> > > 2004/01/28 07:25:44 192.168.2.34 login successful
> > > 2004/01/28 07:26:23 AddPortMapping: ExternalPort:1783, UDP,
> > > InternalPort:13751, InternalClient:192.168.2.25
> > > 2004/01/28 07:26:23 AddPortMapping: ExternalPort:51967, TCP,
> > > InternalPort:15739, InternalClient:192.168.2.25
> > > 2004/01/28 07:26:23 DeletePortMapping: ExternalPort:1783, UDP
> > > 2004/01/28 07:26:23 DeletePortMapping: ExternalPort:51967, TCP
> > > 2004/01/28 07:26:54 Client filtering settings blocked connection
> > > from IP address <63.199.220.138>
> > > 2004/01/28 07:28:24 AddPortMapping: ExternalPort:61693, UDP,
> > > InternalPort:16193, InternalClient:192.168.2.25
> > > 2004/01/28 07:28:24 AddPortMapping: ExternalPort:4227, TCP,
> > > InternalPort:16801, InternalClient:192.168.2.25
> > > 2004/01/28 07:28:24 DeletePortMapping: ExternalPort:61693, UDP
> > > 2004/01/28 07:28:24 DeletePortMapping: ExternalPort:4227, TCP
> > > 2004/01/28 07:30:33 AddPortMapping: ExternalPort:55541, UDP,
> > > InternalPort:14185, InternalClient:192.168.2.25
> > > 2004/01/28 07:30:34 AddPortMapping: ExternalPort:43761, TCP,
> > > InternalPort:13083, InternalClient:192.168.2.25
> > > 2004/01/28 07:30:34 DeletePortMapping: ExternalPort:55541, UDP
> > > 2004/01/28 07:30:34 DeletePortMapping: ExternalPort:43761, TCP
> > > 2004/01/28 07:32:34 AddPortMapping: ExternalPort:39419, UDP,
> > > InternalPort:14632, InternalClient:192.168.2.25
> > > 2004/01/28 07:32:34 AddPortMapping: ExternalPort:21994, TCP,
> > > InternalPort:10468, InternalClient:192.168.2.25
> > > 2004/01/28 07:32:34 DeletePortMapping: ExternalPort:39419, UDP
> > > 2004/01/28 07:32:34 DeletePortMapping: ExternalPort:21994, TCP
> > > 2004/01/28 07:34:34 AddPortMapping: ExternalPort:48121, UDP,
> > > InternalPort:15114, InternalClient:192.168.2.25
> > > 2004/01/28 07:34:34 AddPortMapping: ExternalPort:55260, TCP,
> > > InternalPort:7782, InternalClient:192.168.2.25
> > > 2004/01/28 07:34:34 DeletePortMapping: ExternalPort:48121, UDP
> > > 2004/01/28 07:34:35 DeletePortMapping: ExternalPort:55260, TCP
> > >
> > >
> > > "Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
> > > news:%(E-Mail Removed)...
> > >> are you using the default 192.168.2.x IP range or did you change it
> > >> to something else? can you post the base station log here as a reply?
> > >>
> > >> Brian W wrote:
> > >>> Hi All,
> > >>>
> > >>> Last night I went to log into the BMT and was denied, saying that
> > >>> someone was already logged in from 60.189.86.0, which, of course, is
> > >>> not an IP on my network. According to Whois the IP belongs to a
> > >>> company in Australia. (I know, IPs can be spoofed)
> > >>>
> > >>> I thought this sort of thing wasn't possible.
> > >>>
> > >>> On the wireless side I have 128 WEB encryption enabled, using a key
> > >>> that was randomly generated.
> > >>>
> > >>> There is at least one other wireless networn in my neighborhood (the
> > >>> broadcast their SID). Which bring up the question, I know I can tell
> > >>> if is on my router if someone grabs an IP using DHCP,but what if
> > >>> they are using a static IP, is there any way to tell who is
> > >>> connected to my router?
> > >>>
> > >>> Is it possible there is a backdoor through the firewall that MS
> > >>> isn't telling us about?
> > >>>
> > >>> As always, any insight/thoughts are greatly appreciated.
> > >>>
> > >>> Brian W
> > >>
> > >>
> > >> --
> > >> Barb Bowman
> > >> Expert Zone Columnist
> > >> http://www.microsoft.com/windowsxp/expertzone
> > >> MS-MVP (Windows)
> >
> >
> > --
> > Barb Bowman
> > Expert Zone Columnist
> > http://www.microsoft.com/windowsxp/expertzone
> > MS-MVP (Windows)
> >
> >
>
>


Reply With Quote
  #7  
Old 01-28-2004, 05:18 PM
Barb Bowman \(MVP-Windows\)
Guest
  
Posts: n/a
Default Re: More MN-500 strangeness
yes, 192.168.x.x is non routable. But you were concerned about statics. I'd
change the range and then use the statics I gave you. Also use MAC address
filtering.

Brian W wrote:
> Thanks, I was planning on changing all of that. So yopu answered my
> next question about nonroutable IP's
>
> While we're on the topic, I thought 192.168.* was, itself, a
> nonroutable IP?
>
> Regards
> Brian W
>
>
>
>
> "Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> The situation you describe with that routable IP logged on to the
>> base station is pretty weird. I've never seen a report like this.
>> However, you can and probably should change the IP addressing range
>> on the MN-500.
>>
>> I'd use 172.16.0.1 for the base station address and I'd use
>> 172.16.0.150-172.16.0.15x for your computers - the 172.16.0.* is
>> another private class non routable addressing range.
>>
>> Brian W wrote:
>>> WOW, That was fast!
>>>
>>> Yes, I am using the default IP range.
>>>
>>> The log is pasted below log but I know it doesn't show anything. The
>>> only way I was able to log on to the BMT last night was to pull the
>>> plug (and if someone was logged in to my basestation, I wanted them
>>> off ASAP) which for some reason, reset the log, because the only
>>> entries were for the PPPoE reconnecting, reassigning IP's etc, etc.
>>> Not to mention all the blocked connect attempts I get, fills the log
>>> pretty fast.
>>>
>>> Currently there are no DHCP assigned addresses that I can't account
>>> for.
>>>
>>>
>>> Thanks
>>> Brian W
>>>
>>>
>>>
>>> 2004/01/28 06:38:52 DeletePortMapping: ExternalPort:32748, TCP
>>> 2004/01/28 06:41:01 AddPortMapping: ExternalPort:41198, UDP,
>>> InternalPort:11281, InternalClient:192.168.2.25
>>> 2004/01/28 06:41:01 AddPortMapping: ExternalPort:58859, TCP,
>>> InternalPort:10580, InternalClient:192.168.2.25
>>> 2004/01/28 06:41:02 DeletePortMapping: ExternalPort:41198, UDP
>>> 2004/01/28 06:41:02 DeletePortMapping: ExternalPort:58859, TCP
>>> 2004/01/28 06:43:02 AddPortMapping: ExternalPort:51444, UDP,
>>> InternalPort:13945, InternalClient:192.168.2.25
>>> 2004/01/28 06:43:03 AddPortMapping: ExternalPort:6112, TCP,
>>> InternalPort:8870, InternalClient:192.168.2.25
>>> 2004/01/28 06:43:03 DeletePortMapping: ExternalPort:51444, UDP
>>> 2004/01/28 06:43:03 DeletePortMapping: ExternalPort:6112, TCP
>>> 2004/01/28 06:45:03 AddPortMapping: ExternalPort:4600, UDP,
>>> InternalPort:15008, InternalClient:192.168.2.25
>>> 2004/01/28 06:45:03 AddPortMapping: ExternalPort:27132, TCP,
>>> InternalPort:16088, InternalClient:192.168.2.25
>>> 2004/01/28 06:45:03 DeletePortMapping: ExternalPort:4600, UDP
>>> 2004/01/28 06:45:03 DeletePortMapping: ExternalPort:27132, TCP
>>> 2004/01/28 06:47:12 AddPortMapping: ExternalPort:31725, UDP,
>>> InternalPort:12234, InternalClient:192.168.2.25
>>> 2004/01/28 06:47:13 AddPortMapping: ExternalPort:12007, TCP,
>>> InternalPort:9631, InternalClient:192.168.2.25
>>> 2004/01/28 06:47:13 DeletePortMapping: ExternalPort:31725, UDP
>>> 2004/01/28 06:47:13 DeletePortMapping: ExternalPort:12007, TCP
>>> 2004/01/28 06:49:14 AddPortMapping: ExternalPort:44024, UDP,
>>> InternalPort:14874, InternalClient:192.168.2.25
>>> 2004/01/28 06:49:14 AddPortMapping: ExternalPort:23528, TCP,
>>> InternalPort:10986, InternalClient:192.168.2.25
>>> 2004/01/28 06:49:14 DeletePortMapping: ExternalPort:44024, UDP
>>> 2004/01/28 06:49:14 DeletePortMapping: ExternalPort:23528, TCP
>>> 2004/01/28 06:51:15 AddPortMapping: ExternalPort:10979, UDP,
>>> InternalPort:8603, InternalClient:192.168.2.25
>>> 2004/01/28 06:51:15 AddPortMapping: ExternalPort:6617, TCP,
>>> InternalPort:7080, InternalClient:192.168.2.25
>>> 2004/01/28 06:51:16 DeletePortMapping: ExternalPort:10979, UDP
>>> 2004/01/28 06:51:16 DeletePortMapping: ExternalPort:6617, TCP
>>> 2004/01/28 06:51:30 Connection attempt to base station from WAN
>>> blocked -- src:<217.82.37.216:1329> dst:<63.196.188.70:137>
>>> 2004/01/28 06:53:25 AddPortMapping: ExternalPort:37625, UDP,
>>> InternalPort:15139, InternalClient:192.168.2.25
>>> 2004/01/28 06:53:25 AddPortMapping: ExternalPort:58754, TCP,
>>> InternalPort:16468, InternalClient:192.168.2.25
>>> 2004/01/28 06:53:25 DeletePortMapping: ExternalPort:37625, UDP
>>> 2004/01/28 06:53:25 DeletePortMapping: ExternalPort:58754, TCP
>>> 2004/01/28 06:55:26 AddPortMapping: ExternalPort:29151, UDP,
>>> InternalPort:7616, InternalClient:192.168.2.25
>>> 2004/01/28 06:55:26 AddPortMapping: ExternalPort:54011, TCP,
>>> InternalPort:14691, InternalClient:192.168.2.25
>>> 2004/01/28 06:55:26 DeletePortMapping: ExternalPort:29151, UDP
>>> 2004/01/28 06:55:26 DeletePortMapping: ExternalPort:54011, TCP
>>> 2004/01/28 06:55:33 Client filtering settings blocked connection
>>> from IP address <63.199.102.107>
>>> 2004/01/28 06:56:29 Address 192.168.2.34 was assigned to client
>>> 1:0x00010323036b
>>> 2004/01/28 06:57:26 Address 192.168.2.25 was assigned to client
>>> 1:0x0050f274a976
>>> 2004/01/28 06:57:27 AddPortMapping: ExternalPort:2782, UDP,
>>> InternalPort:7355, InternalClient:192.168.2.25
>>> 2004/01/28 06:57:27 AddPortMapping: ExternalPort:57582, TCP,
>>> InternalPort:11345, InternalClient:192.168.2.25
>>> 2004/01/28 06:57:27 DeletePortMapping: ExternalPort:2782, UDP
>>> 2004/01/28 06:57:27 DeletePortMapping: ExternalPort:57582, TCP
>>> 2004/01/28 06:59:36 AddPortMapping: ExternalPort:48637, UDP,
>>> InternalPort:16140, InternalClient:192.168.2.25
>>> 2004/01/28 06:59:36 AddPortMapping: ExternalPort:35071, TCP,
>>> InternalPort:15673, InternalClient:192.168.2.25
>>> 2004/01/28 06:59:36 DeletePortMapping: ExternalPort:48637, UDP
>>> 2004/01/28 06:59:36 DeletePortMapping: ExternalPort:35071, TCP
>>> 2004/01/28 07:01:37 AddPortMapping: ExternalPort:52707, UDP,
>>> InternalPort:8572, InternalClient:192.168.2.25
>>> 2004/01/28 07:01:37 AddPortMapping: ExternalPort:11258, TCP,
>>> InternalPort:14490, InternalClient:192.168.2.25
>>> 2004/01/28 07:01:37 DeletePortMapping: ExternalPort:52707, UDP
>>> 2004/01/28 07:01:37 DeletePortMapping: ExternalPort:11258, TCP
>>> 2004/01/28 07:03:38 AddPortMapping: ExternalPort:34786, UDP,
>>> InternalPort:8246, InternalClient:192.168.2.25
>>> 2004/01/28 07:03:38 AddPortMapping: ExternalPort:29182, TCP,
>>> InternalPort:15552, InternalClient:192.168.2.25
>>> 2004/01/28 07:03:38 DeletePortMapping: ExternalPort:34786, UDP
>>> 2004/01/28 07:03:38 DeletePortMapping: ExternalPort:29182, TCP
>>> 2004/01/28 07:05:47 AddPortMapping: ExternalPort:36313, UDP,
>>> InternalPort:6972, InternalClient:192.168.2.25
>>> 2004/01/28 07:05:47 AddPortMapping: ExternalPort:47338, TCP,
>>> InternalPort:10249, InternalClient:192.168.2.25
>>> 2004/01/28 07:05:47 DeletePortMapping: ExternalPort:36313, UDP
>>> 2004/01/28 07:05:47 DeletePortMapping: ExternalPort:47338, TCP
>>> 2004/01/28 07:07:48 AddPortMapping: ExternalPort:42471, UDP,
>>> InternalPort:9492, InternalClient:192.168.2.25
>>> 2004/01/28 07:07:48 AddPortMapping: ExternalPort:27097, TCP,
>>> InternalPort:7128, InternalClient:192.168.2.25
>>> 2004/01/28 07:07:48 DeletePortMapping: ExternalPort:42471, UDP
>>> 2004/01/28 07:07:48 DeletePortMapping: ExternalPort:27097, TCP
>>> 2004/01/28 07:09:44 Client filtering settings blocked connection
>>> from IP address <211.224.130.206>
>>> 2004/01/28 07:09:48 AddPortMapping: ExternalPort:1753, UDP,
>>> InternalPort:7095, InternalClient:192.168.2.25
>>> 2004/01/28 07:09:48 AddPortMapping: ExternalPort:21990, TCP,
>>> InternalPort:9444, InternalClient:192.168.2.25
>>> 2004/01/28 07:09:48 DeletePortMapping: ExternalPort:1753, UDP
>>> 2004/01/28 07:09:49 DeletePortMapping: ExternalPort:21990, TCP
>>> 2004/01/28 07:10:15 Connection attempt to base station from WAN
>>> blocked -- src:<64.48.134.72:0> dst:<63.196.188.70:1080>
>>> 2004/01/28 07:11:59 AddPortMapping: ExternalPort:15071, UDP,
>>> InternalPort:7563, InternalClient:192.168.2.25
>>> 2004/01/28 07:11:59 AddPortMapping: ExternalPort:27383, TCP,
>>> InternalPort:13787, InternalClient:192.168.2.25
>>> 2004/01/28 07:11:59 DeletePortMapping: ExternalPort:15071, UDP
>>> 2004/01/28 07:11:59 DeletePortMapping: ExternalPort:27383, TCP
>>> 2004/01/28 07:14:00 AddPortMapping: ExternalPort:23524, UDP,
>>> InternalPort:9962, InternalClient:192.168.2.25
>>> 2004/01/28 07:14:00 AddPortMapping: ExternalPort:36605, TCP,
>>> InternalPort:16191, InternalClient:192.168.2.25
>>> 2004/01/28 07:14:00 DeletePortMapping: ExternalPort:23524, UDP
>>> 2004/01/28 07:14:00 DeletePortMapping: ExternalPort:36605, TCP
>>> 2004/01/28 07:16:01 AddPortMapping: ExternalPort:61683, UDP,
>>> InternalPort:12609, InternalClient:192.168.2.25
>>> 2004/01/28 07:16:01 AddPortMapping: ExternalPort:8957, TCP,
>>> InternalPort:16275, InternalClient:192.168.2.25
>>> 2004/01/28 07:16:01 DeletePortMapping: ExternalPort:61683, UDP
>>> 2004/01/28 07:16:01 DeletePortMapping: ExternalPort:8957, TCP
>>> 2004/01/28 07:18:12 AddPortMapping: ExternalPort:33515, UDP,
>>> InternalPort:10547, InternalClient:192.168.2.25
>>> 2004/01/28 07:18:12 AddPortMapping: ExternalPort:35714, TCP,
>>> InternalPort:16442, InternalClient:192.168.2.25
>>> 2004/01/28 07:18:12 DeletePortMapping: ExternalPort:33515, UDP
>>> 2004/01/28 07:18:12 DeletePortMapping: ExternalPort:35714, TCP
>>> 2004/01/28 07:18:22 Client filtering settings blocked connection
>>> from IP address <63.119.58.122>
>>> 2004/01/28 07:18:22 Client filtering settings blocked connection
>>> from IP address <63.119.58.122>
>>> 2004/01/28 07:18:27 Connection attempt to base station from WAN
>>> blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
>>> 2004/01/28 07:18:27 Connection attempt to base station from WAN
>>> blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
>>> 2004/01/28 07:18:30 Connection attempt to base station from WAN
>>> blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
>>> 2004/01/28 07:18:30 Connection attempt to base station from WAN
>>> blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
>>> 2004/01/28 07:18:36 Connection attempt to base station from WAN
>>> blocked -- src:<63.119.58.122:36907> dst:<63.196.188.70:48191>
>>> 2004/01/28 07:18:36 Connection attempt to base station from WAN
>>> blocked -- src:<63.119.58.122:36908> dst:<63.196.188.70:48191>
>>> 2004/01/28 07:20:11 AddPortMapping: ExternalPort:25320, UDP,
>>> InternalPort:10963, InternalClient:192.168.2.25
>>> 2004/01/28 07:20:11 AddPortMapping: ExternalPort:38398, TCP,
>>> InternalPort:15396, InternalClient:192.168.2.25
>>> 2004/01/28 07:20:11 DeletePortMapping: ExternalPort:25320, UDP
>>> 2004/01/28 07:20:11 DeletePortMapping: ExternalPort:38398, TCP
>>> 2004/01/28 07:22:12 AddPortMapping: ExternalPort:2294, UDP,
>>> InternalPort:13497, InternalClient:192.168.2.25
>>> 2004/01/28 07:22:12 AddPortMapping: ExternalPort:46308, TCP,
>>> InternalPort:9733, InternalClient:192.168.2.25
>>> 2004/01/28 07:22:12 DeletePortMapping: ExternalPort:2294, UDP
>>> 2004/01/28 07:22:13 DeletePortMapping: ExternalPort:46308, TCP
>>> 2004/01/28 07:23:17 Client filtering settings blocked connection
>>> from IP address <63.194.169.21>
>>> 2004/01/28 07:24:00 Client filtering settings blocked connection
>>> from IP address <63.194.20.170>
>>> 2004/01/28 07:24:21 Connection attempt to base station from WAN
>>> blocked -- src:<61.6.93.23:220> dst:<63.196.188.70:6129>
>>> 2004/01/28 07:24:22 AddPortMapping: ExternalPort:58606, UDP,
>>> InternalPort:11349, InternalClient:192.168.2.25
>>> 2004/01/28 07:24:22 AddPortMapping: ExternalPort:19449, TCP,
>>> InternalPort:15354, InternalClient:192.168.2.25
>>> 2004/01/28 07:24:22 DeletePortMapping: ExternalPort:58606, UDP
>>> 2004/01/28 07:24:22 DeletePortMapping: ExternalPort:19449, TCP
>>> 2004/01/28 07:25:44 192.168.2.34 login successful
>>> 2004/01/28 07:26:23 AddPortMapping: ExternalPort:1783, UDP,
>>> InternalPort:13751, InternalClient:192.168.2.25
>>> 2004/01/28 07:26:23 AddPortMapping: ExternalPort:51967, TCP,
>>> InternalPort:15739, InternalClient:192.168.2.25
>>> 2004/01/28 07:26:23 DeletePortMapping: ExternalPort:1783, UDP
>>> 2004/01/28 07:26:23 DeletePortMapping: ExternalPort:51967, TCP
>>> 2004/01/28 07:26:54 Client filtering settings blocked connection
>>> from IP address <63.199.220.138>
>>> 2004/01/28 07:28:24 AddPortMapping: ExternalPort:61693, UDP,
>>> InternalPort:16193, InternalClient:192.168.2.25
>>> 2004/01/28 07:28:24 AddPortMapping: ExternalPort:4227, TCP,
>>> InternalPort:16801, InternalClient:192.168.2.25
>>> 2004/01/28 07:28:24 DeletePortMapping: ExternalPort:61693, UDP
>>> 2004/01/28 07:28:24 DeletePortMapping: ExternalPort:4227, TCP
>>> 2004/01/28 07:30:33 AddPortMapping: ExternalPort:55541, UDP,
>>> InternalPort:14185, InternalClient:192.168.2.25
>>> 2004/01/28 07:30:34 AddPortMapping: ExternalPort:43761, TCP,
>>> InternalPort:13083, InternalClient:192.168.2.25
>>> 2004/01/28 07:30:34 DeletePortMapping: ExternalPort:55541, UDP
>>> 2004/01/28 07:30:34 DeletePortMapping: ExternalPort:43761, TCP
>>> 2004/01/28 07:32:34 AddPortMapping: ExternalPort:39419, UDP,
>>> InternalPort:14632, InternalClient:192.168.2.25
>>> 2004/01/28 07:32:34 AddPortMapping: ExternalPort:21994, TCP,
>>> InternalPort:10468, InternalClient:192.168.2.25
>>> 2004/01/28 07:32:34 DeletePortMapping: ExternalPort:39419, UDP
>>> 2004/01/28 07:32:34 DeletePortMapping: ExternalPort:21994, TCP
>>> 2004/01/28 07:34:34 AddPortMapping: ExternalPort:48121, UDP,
>>> InternalPort:15114, InternalClient:192.168.2.25
>>> 2004/01/28 07:34:34 AddPortMapping: ExternalPort:55260, TCP,
>>> InternalPort:7782, InternalClient:192.168.2.25
>>> 2004/01/28 07:34:34 DeletePortMapping: ExternalPort:48121, UDP
>>> 2004/01/28 07:34:35 DeletePortMapping: ExternalPort:55260, TCP
>>>
>>>
>>> "Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> are you using the default 192.168.2.x IP range or did you change it
>>>> to something else? can you post the base station log here as a
>>>> reply?
>>>>
>>>> Brian W wrote:
>>>>> Hi All,
>>>>>
>>>>> Last night I went to log into the BMT and was denied, saying that
>>>>> someone was already logged in from 60.189.86.0, which, of course,
>>>>> is not an IP on my network. According to Whois the IP belongs to a
>>>>> company in Australia. (I know, IPs can be spoofed)
>>>>>
>>>>> I thought this sort of thing wasn't possible.
>>>>>
>>>>> On the wireless side I have 128 WEB encryption enabled, using a
>>>>> key that was randomly generated.
>>>>>
>>>>> There is at least one other wireless networn in my neighborhood
>>>>> (the broadcast their SID). Which bring up the question, I know I
>>>>> can tell if is on my router if someone grabs an IP using DHCP,but
>>>>> what if they are using a static IP, is there any way to tell who
>>>>> is connected to my router?
>>>>>
>>>>> Is it possible there is a backdoor through the firewall that MS
>>>>> isn't telling us about?
>>>>>
>>>>> As always, any insight/thoughts are greatly appreciated.
>>>>>
>>>>> Brian W
>>>>
>>>>
>>>> --
>>>> Barb Bowman
>>>> Expert Zone Columnist
>>>> http://www.microsoft.com/windowsxp/expertzone
>>>> MS-MVP (Windows)
>>
>>
>> --
>> Barb Bowman
>> Expert Zone Columnist
>> http://www.microsoft.com/windowsxp/expertzone
>> MS-MVP (Windows)


--
Barb Bowman
Expert Zone Columnist
http://www.microsoft.com/windowsxp/expertzone
MS-MVP (Windows)


Reply With Quote
  #8  
Old 01-28-2004, 05:27 PM
Brian W
Guest
  
Posts: n/a
Default Re: More MN-500 strangeness
Duh (smacks forehead on desk)

Sorry for my ignorance, but, Does changing to static IP's somehow help
prevent others from hacking my network? How? (I understand MAC filtering)

Regards
Brian W


"Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> yes, 192.168.x.x is non routable. But you were concerned about statics.
I'd
> change the range and then use the statics I gave you. Also use MAC address
> filtering.
>
> Brian W wrote:
> > Thanks, I was planning on changing all of that. So yopu answered my
> > next question about nonroutable IP's
> >
> > While we're on the topic, I thought 192.168.* was, itself, a
> > nonroutable IP?
> >
> > Regards
> > Brian W
> >
> >
> >
> >
> > "Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> >> The situation you describe with that routable IP logged on to the
> >> base station is pretty weird. I've never seen a report like this.
> >> However, you can and probably should change the IP addressing range
> >> on the MN-500.
> >>
> >> I'd use 172.16.0.1 for the base station address and I'd use
> >> 172.16.0.150-172.16.0.15x for your computers - the 172.16.0.* is
> >> another private class non routable addressing range.
> >>
> >> Brian W wrote:
> >>> WOW, That was fast!
> >>>
> >>> Yes, I am using the default IP range.
> >>>
> >>> The log is pasted below log but I know it doesn't show anything. The
> >>> only way I was able to log on to the BMT last night was to pull the
> >>> plug (and if someone was logged in to my basestation, I wanted them
> >>> off ASAP) which for some reason, reset the log, because the only
> >>> entries were for the PPPoE reconnecting, reassigning IP's etc, etc.
> >>> Not to mention all the blocked connect attempts I get, fills the log
> >>> pretty fast.
> >>>
&