PDA

View Full Version : Router security log messages

Fletchers Left Boot
8th Nov 2009, 20:44
Getting this on my security log on my router... can anyone tell me what is going on?

Is this being originated by my machine 192.168.2.2 (my laptop) or from outside?

11/08/2009 20:56:54 **UDP Flood to Host** 192.168.2.2, 65428->> 192.168.56.1, 57183 (from ATM1 Outbound)
11/08/2009 20:51:46 **UDP Flood to Host** 192.168.2.2, 50943->> 192.168.56.1, 57183 (from ATM1 Outbound)
11/08/2009 20:45:55 **UDP Flood to Host** 192.168.2.2, 59314->> 192.168.56.1, 57183 (from ATM1 Outbound)
11/08/2009 20:40:03 **UDP Flood to Host** 192.168.2.2, 52650->> 192.168.56.1, 57183 (from ATM1 Outbound)
11/08/2009 20:34:54 **UDP Flood to Host** 192.168.2.2, 52526->> 192.168.56.1, 57183 (from ATM1 Outbound)
11/08/2009 20:29:45 **UDP Flood to Host** 192.168.2.2, 53768->> 192.168.56.1, 57183 (from ATM1 Outbound)
11/08/2009 20:24:17 **UDP Flood to Host** 192.168.2.2, 53199->> 192.168.56.1, 57183 (from ATM1 Outbound)
11/08/2009 20:18:47 **UDP Flood to Host** 192.168.2.2, 60004->> 192.168.56.1, 57183 (from ATM1 Outbound)
11/08/2009 20:13:27 **UDP Flood to Host** 192.168.2.2, 64558->> 192.168.56.1, 57183 (from ATM1 Outbound)
11/08/2009 20:07:57 **UDP Flood to Host** 192.168.2.2, 53375->> 192.168.56.1, 57183 (from ATM1 Outbound)
green granite
8th Nov 2009, 21:33
Since you are originating it then it's probably not a DoS attack. do you use P2P by any chance as that can cause it?
Fletchers Left Boot
9th Nov 2009, 12:52
Ok, so it's being originated by my laptop. THere is no P2p running on it. I shut all the programs down, only Spybot and Adaware are running in the background.

I don't know what the target address 192.168.56.1 is? It is none of the other machines in the local network.

I just tried to install Zonealarm but it won't work on this machine for some reason (Windows firewall does not screen outgoing connections as we know).
Simonta
9th Nov 2009, 18:34
Run "wf.msc" You can set up the outbound filtering from there.

Hope that helps
Fletchers Left Boot
9th Nov 2009, 20:54
Thanks for that - will have a look.

In any case, problem solved, I think. This machine had a rogue BHO which Spybot picked up. Took some getting rid of, but since I did I have not had a single instance such as the ones above.