Router log entries
 

A new thread to avoid 'contaminating' the AVG 8 thread.

The 'issues' with AVG/Avast have caused me to look at the router logs, something I rarely glanced at before. I see a load of 'TCP FIN SCAN' entries, presumably these are checking if I have 'finished' with the connection? I also have had a 'SYN Flood to Host' and a 'VECNA SCAN' entry. Does anyone have a link to a simple guide (or advice) on all these as I am in new territory. Basically I would like to be assured my router firewall ('High') is doing its job. I have run 'ShieldsUp' and it declares me 'invisible'. ZA Free and Avast running onthe desktop as well and ZA shows no inbound blocks.

I have 'Googled' but the answers seem to vary as to 'threat level'.

The usual advice to people who worry about what they find in their firewall / router / web server / etc logs is:

"Turn off logging. Then you won't see anything in the logs and you can stop worrying and get on with life."

Sometimes associated with P2P software. Does the log give an origin IP address? And what is "a load"? several times per second, or once a week? TCP fin scan could be someone doing a TCP reset on your traffic, in other words they think you're consuming too much bandwidth.

Going that way, Gertrude, but I'm finding it strangely addictive:rolleyes:

Bush5 - that seems to be the Vecna thing - don't have any P2P other than BBC Player. Finger Scan about every 5 mins on average - and I don't think I'm bandwidth greedy.

It would be unwise to condone such an idea !

Talk about a "hear no evil, see no evil,speak no evil" approach !

No, I'm not saying spend your life reporting ever single event you see in the logs. But once in a while, you should go through them and report to the relevant ISPs. Just as you would expect, and hope that some kind soul would make a report to your ISP if they found your network appeared to be originating attacks (whether due to viruses or otherwise).

There's no such thing as invisibility on the internet.

Security by obscurity maybe .... but just like embassies (or any other high security building) ..... you can put all the defences you like on the perimiter, but you cannot hide the building !

Seriously though, if you've got the normal domestic NAT/router in stealth mode, such that it doesn't reply to pings and silently ignores incoming connections, contrary to the behaviour specified in the RFCs, then it's really rather difficult for anything to get at you[1] that you don't invite in[2].

The building is pretty well hidden - anything that anyone outside sends to your IP address will produce absolutely nothing at all whatsoever in response - sounds like a successful attempt to "hide the building" to me.

[1] It's not impossible that there would be bugs in routers that would be targetted by malware, but it's not an everyday reality you have to worry about.

[2] Like, for example, choosing to download and install and run a virus, eg by deliberately opening an attachment in a spam email.