WNDR4000 Log File Entry

grg2323 · #1 April 9th, 2012, 06:39 PM

I am getting a lot of the kind of entry shown below in the log file of my WNDR4000. The IP address changes but a lot of these types of entries. Is this something to be worried about? Thanks!

[Service blocked: ICMP_echo_req] from source 209.249.181.21

jmizoguchi · #2 April 10th, 2012, 06:38 PM

[Service blocked: ICMP_echo_req] from source 209.249.181.21

did not penetrate .... so means you should not worried about it.

virtually impossible to have not traffic hidden on WAN unless you unplug from the broadband if you do not want to see any of logs.

grg2323 · #3 April 11th, 2012, 04:37 PM

What does this log entry mean?

[DoS attack: ACK Scan] attack packets in last 20 sec from ip [66.220.146.100], Wednesday, Apr 11,2012 17:02:05

jmizoguchi · #4 April 11th, 2012, 04:44 PM

source IP 66 hit the firewall on router and DROPPED by the router

grg2323 · #5 April 15th, 2012, 11:26 AM

Is this entry in the router log something to be concerned about? Thanks

USB remote access] from 67.228.110.115 through FTP, Sunday, Apr 15,2012 13:04:58

jmizoguchi · #6 April 15th, 2012, 11:37 AM

if you are or known people the someone is trying to access via FTP

ip is originated as below

Quote:

whois 67.228.110.115
#
# Query terms are ambiguous. The query is assumed to be:
# "n 67.228.110.115"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=67...se&ext=netref2
#

NetRange: 67.228.0.0 - 67.228.255.255
CIDR: 67.228.0.0/16
OriginAS: AS36351
NetName: SOFTLAYER-4-5
NetHandle: NET-67-228-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
Comment: The IP addresses in this block are the envy of all of their IP address neighbors... The SoftLayer network is where all IPs want to be.
RegDate: 2007-11-07
Updated: 2012-03-28
Ref: http://whois.arin.net/rest/net/NET-67-228-0-0-1

OrgName: SoftLayer Technologies Inc.
OrgId: SOFTL
Address: 4849 Alpha Rd.
City: Dallas
StateProv: TX
PostalCode: 75244
Country: US
RegDate: 2005-10-26
Updated: 2012-01-27
Ref: http://whois.arin.net/rest/org/SOFTL

ReferralServer: rwhois://rwhois.softlayer.com:4321

OrgAbuseHandle: ABUSE1025-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-442-0601
OrgAbuseEmail: abuse@softlayer.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE1025-ARIN

OrgTechHandle: IPADM258-ARIN
OrgTechName: IP Admin
OrgTechPhone: +1-214-442-0601
OrgTechEmail: ipadmin@softlayer.com
OrgTechRef: http://whois.arin.net/rest/poc/IPADM258-ARIN

RTechHandle: IPADM258-ARIN
RTechName: IP Admin
RTechPhone: +1-214-442-0601
RTechEmail: ipadmin@softlayer.com
RTechRef: http://whois.arin.net/rest/poc/IPADM258-ARIN

RAbuseHandle: ABUSE1025-ARIN
RAbuseName: Abuse
RAbusePhone: +1-214-442-0601
RAbuseEmail: abuse@softlayer.com
RAbuseRef: http://whois.arin.net/rest/poc/ABUSE1025-ARIN

RNOCHandle: IPADM258-ARIN
RNOCName: IP Admin
RNOCPhone: +1-214-442-0601
RNOCEmail: ipadmin@softlayer.com
RNOCRef: http://whois.arin.net/rest/poc/IPADM258-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

Junes-iMac:~ Junebug$

grg2323 · #7 April 16th, 2012, 06:41 AM

I never access my FTP so it must have been a hacker. Is there anyway to tell if they were successful in getting to the data on my ReadyShare USB?

jmizoguchi · #8 April 16th, 2012, 07:31 AM

if I where you uncheck the readyshare section for FTP.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode