NETGEAR Security Log [53:d9:e1]

Malware detection, cleaning and prevention

NETGEAR Security Log [53:d9:e1]

Postby technophobe on Sat May 25, 2013 12:01 pm

I have just been inundated with the below security alerts.
Does this mean someone is trying to hack into my system?
Is it something to be concerned about or is it just a one off & my router has done it's job & told whoever it is to bugger off?!
So as to attempt to get my head around this weirdness, could someone please explain what "UDP Packet"; [DOS]; & the digits after the comma in the IP numbers are or refer to?
The Source number less the last 5 digits seem to be from China, the Destination is mine, again less the last digits after the comma.
Thanks in advance

Oh - apologies if this is a double posting - I previewed the first draft then it vanished from my screen! Weird...

Fri, 2013-05-24 14:30:20 - UDP Packet - Source:121.57.225.84,42296 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:30:21 - UDP Packet - Source:121.57.225.84,42299 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:30:21 - UDP Packet - Source:121.57.225.84,42300 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:30:21 - UDP Packet - Source:121.57.225.84,42305 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:30:21 - UDP Packet - Source:121.57.225.84,42308 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:30:21 - UDP Packet - Source:121.57.225.84,42331 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:21 - UDP Packet - Source:121.57.225.84,45568 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45569 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45570 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45572 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45574 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45587 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45615 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45636 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45655 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45679 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45700 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45721 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45743 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45765 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:22 - UDP Packet - Source:121.57.225.84,45785 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45804 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45829 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45851 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45867 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45891 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45909 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45930 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45948 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45969 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:23 - UDP Packet - Source:121.57.225.84,45994 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46009 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46028 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46049 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46068 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46089 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46110 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46130 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46150 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46171 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:24 - UDP Packet - Source:121.57.225.84,46203 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:25 - UDP Packet - Source:121.57.225.84,46248 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:25 - UDP Packet - Source:121.57.225.84,46277 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,46927 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,46929 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,46931 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,46933 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,46935 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,46951 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,46973 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,46995 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,47019 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,47041 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,47060 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:28 - UDP Packet - Source:121.57.225.84,47081 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:29 - UDP Packet - Source:121.57.225.84,47105 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:29 - UDP Packet - Source:121.57.225.84,47124 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:29 - UDP Packet - Source:121.57.225.84,47147 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:29 - UDP Packet - Source:121.57.225.84,47166 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:29 - UDP Packet - Source:121.57.225.84,47189 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:29 - UDP Packet - Source:121.57.225.84,47208 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:29 - UDP Packet - Source:121.57.225.84,47229 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:29 - UDP Packet - Source:121.57.225.84,47251 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:29 - UDP Packet - Source:121.57.225.84,47280 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47299 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47322 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47340 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47361 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47384 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47402 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47423 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47447 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47466 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47487 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:30 - UDP Packet - Source:121.57.225.84,47506 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:31 - UDP Packet - Source:121.57.225.84,47527 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:31 - UDP Packet - Source:121.57.225.84,47546 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:31 - UDP Packet - Source:121.57.225.84,47567 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:31 - UDP Packet - Source:121.57.225.84,47587 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:31 - UDP Packet - Source:121.57.225.84,47607 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:31 - UDP Packet - Source:121.57.225.84,47630 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:31 - UDP Packet - Source:121.57.225.84,47653 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:31 - UDP Packet - Source:121.57.225.84,47672 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47689 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47708 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47732 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47754 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47772 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47797 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47817 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47838 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47859 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47883 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47900 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:32 - UDP Packet - Source:121.57.225.84,47922 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:33 - UDP Packet - Source:121.57.225.84,47943 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:33 - UDP Packet - Source:121.57.225.84,47962 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:33 - UDP Packet - Source:121.57.225.84,47987 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:33 - UDP Packet - Source:121.57.225.84,48009 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:33 - UDP Packet - Source:121.57.225.84,48027 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:33 - UDP Packet - Source:121.57.225.84,48047 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:33 - UDP Packet - Source:121.57.225.84,48067 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48093 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48109 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48136 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48149 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48171 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48191 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48217 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48248 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48270 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48291 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48312 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48329 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:34 - UDP Packet - Source:121.57.225.84,48357 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48377 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48397 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48413 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48440 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48463 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48478 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48497 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48522 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48541 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:35 - UDP Packet - Source:121.57.225.84,48565 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48586 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48604 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48627 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48646 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48667 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48685 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48707 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48727 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48747 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:36 - UDP Packet - Source:121.57.225.84,48767 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:37 - UDP Packet - Source:121.57.225.84,48786 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:37 - UDP Packet - Source:121.57.225.84,48807 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:37 - UDP Packet - Source:121.57.225.84,48829 Destination:220.233.165.5,1694 - [DOS]
Fri, 2013-05-24 14:33:37 - UDP Packet - Source:121.57.225.84,48849 Destination:220.233.165.5,1694 - [DOS]
technophobe
 
Posts: 10
Joined: Sat Jan 01, 2011 5:19 pm
Location: Sydney

Re: NETGEAR Security Log [53:d9:e1]

Postby Dazzled on Sat May 25, 2013 1:22 pm

You are being repeatedly probed from an IP address in China. The report is an abbreviation of the report given by iptables (the Linux firewall) usually as a result of being told to log denied entry attempts. UDP describes the kind of packet being sent in quick succession. Ordinary web data uses the TCP protocol. You'll notice that the destination port is the numbers after the comma. I'd like to see the full iptables log to get some more info. I don't immediately recognise the software doing this to you - there are plenty of possibilities.

[edit] I'm not up to date on Windows exploits (there are so many I wonder why it is used) , but Mr Google found this--
Port Number: 1694/udp (Windows 7/Windows Vista/ Windows XP/Windows Server family)
Protocol Used : rrimwm
Service Type : rrimwm
Known Port 1694/udp exploits: Yes
Known Port 1694/udp Security Risks: Yes

[edit 2] Netgears have a telnet interface. To read the actual firewall rules, in a terminal/DOS box:
telnet 192.168.0.1
then log in, admin name & password. You should see a Busybox help list. The typed command to see the rules is:
iptables -L
Each rule will be tested in order, and if a packet is not accepted, it passes to the next rule. There should be one called LOG.

The unasked-for packets that are bothering you will have failed the rule:
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
and dropped to the LOG rule.
User avatar
Dazzled
Volunteer Site Admin
 
Posts: 6525
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: NETGEAR Security Log [53:d9:e1]

Postby technophobe on Sun May 26, 2013 6:34 pm

Many thanks for that.
Just one of those things I guess.
Can't access Telnet commands as suggested in your post, obviously entering incorrect data in the cmd box.
Used to know a little about that stuff ages ago - unfortunately all forgotten now.
Not to worry - no more reports of being probed by China!
Thanks again
technophobe
 
Posts: 10
Joined: Sat Jan 01, 2011 5:19 pm
Location: Sydney

Re: NETGEAR Security Log [53:d9:e1]

Postby Dazzled on Sun May 26, 2013 9:01 pm

If it's any consolation, at home I get between 4 and 6 break-in attempts every hour.

In the last two hours some were from India, and no less than 8 from China. The ports of interest to the probers were 23 (telnet, for modem control), 80 (http), 445 (Windows file sharing), 8080 (remote management) and 1433 (Windows database). In other words these parasites are sometimes looking for unsecured modems but mostly for likely victims for a Windows exploit. Like yours, my modem-router is doing its job; the probe packets are simply logged and then ignored. It emphasises the need to disable external management of modems unless a strong password is in place.
User avatar
Dazzled
Volunteer Site Admin
 
Posts: 6525
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney


Return to Virus / spam / spyware issues

Who is online

Users browsing this forum: No registered users and 1 guest