faulko Posted January 30, 2015 Posted January 30, 2015 Jan 30 20:09:45 kernel: ACCEPT IN=ppp0 OUT=br0 SRC=1.228.24.104 DST=192.168.1.180 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=24917 DF PROTO=TCP SPT=57929 DPT=59193 SEQ=1015144689 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405AC01010402) I have a tonne of these kernels in my modem ive never noticed before.Can someone explain to a simpleton like me what it means.
faulko Posted January 30, 2015 Author Posted January 30, 2015 LOL me too.There is just so many of them.Mostly the IP's lead to South Korea.
Adam Posted January 30, 2015 Posted January 30, 2015 Jan 30 20:09:45 kernel: ACCEPT IN=ppp0 OUT=br0 SRC=1.228.24.104 DST=192.168.1.180 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=24917 DF PROTO=TCP SPT=57929 DPT=59193 SEQ=1015144689 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405AC01010402) I have a tonne of these kernels in my modem ive never noticed before. Can someone explain to a simpleton like me what it means. Its a log of traffic going in and out.. i'll break it down for you ACCEPTed INcomming from ppp0 means its coming from the wan ie the internet src i source so its coming from the ip address 1.228.24.104 dst is destination so whatever device on your home network with the ip 192.168.1.180 is where the packet was headed LEN is length in bytes of the packet TOS and PRECidence relate to the type of service TLL is time to live ID /PROTO are the type of packet and datagram used SPT is the source port where it enters on modem/router DPT is the destination port on the device SEQ is sequence ACK is acknowledgement and the rest is fluff,,,, that to me looks like either you were using a torrent or some other peer to peer system or streaming video,
Guest Netduma_Iain Posted January 30, 2015 Posted January 30, 2015 For some reason its showing you kernel log file of TCP syn packets. For most connections you will have a syn packet to start the communication. So its a bit odd that its reporting it, best ask your modem company or ISP.
II Z IE IR O II Posted January 30, 2015 Posted January 30, 2015 I think this post should have been placed in "TechnoBabble"
abc123 Posted January 30, 2015 Posted January 30, 2015 um.... that IP (src) is in south korean - https://db-ip.com/all/1.228.24 firewalls up
faulko Posted January 31, 2015 Author Posted January 31, 2015 um.... that IP (src) is in south korean - https://db-ip.com/all/1.228.24 firewalls up Thanks for the repsonse gang> Im not so worried about the amount in the log actually, well i am but im more worried about 95% of the ip's are in South Korea and the fact there is a new kernel almost evry 10-20secs, sometimes at 2secs. No torrents at all. I havent torrented in yrs. This in conjunction with lot and lots of failed attempt recently to access my router im begining to wonder what the kids are doing, because its not me playing funny buggers
Netduma Staff Netduma Crossy Posted January 31, 2015 Netduma Staff Posted January 31, 2015 Thanks for the repsonse gang> Im not so worried about the amount in the log actually, well i am but im more worried about 95% of the ip's are in South Korea and the fact there is a new kernel almost evry 10-20secs, sometimes at 2secs. No torrents at all. I havent torrented in yrs. This in conjunction with lot and lots of failed attempt recently to access my router im begining to wonder what the kids are doing, because its not me playing funny buggers Maybe you could change your WAN IP. If it carried on happening after that maybe you have malware on your computer? I suppose you could think of it positively: at least its South Korean not North Korean.
faulko Posted January 31, 2015 Author Posted January 31, 2015 Maybe you could change your WAN IP. And how do i do that? I assume the kernels are at a request of a device on the duma. Wouldnt changing the wan just alter the destination? Being everything is blocked in the duma except my pc and the ps4 i can only assume it is 1 of these devices. Is Malware Bytes still a alright program? The only things changed over recent months is the duma i have chrome now.
faulko Posted January 31, 2015 Author Posted January 31, 2015 Malware Bytes didn't find anything.Ill try a free antivirus.
faulko Posted January 31, 2015 Author Posted January 31, 2015 Neither found anything nor did changing the wan ip.i should mention too the ip's arent always south korea, i got stuff from everywhere, romania, russia, japan you name it i got it.Many many of the ip's are to be black listed also. Got onto my isp and they will arrange a call with microsoft tomorrow.
abc123 Posted January 31, 2015 Posted January 31, 2015 Got onto my isp and they will arrange a call with microsoft tomorrow. ? why is your ISP pawning you off to Microsoft?
faulko Posted February 1, 2015 Author Posted February 1, 2015 ? why is your ISP pawning you off to Microsoft? I dont know actually. They cant help she said, it not in their support techniques or some crap. Funnily enough exactly to the day 1 yr the isp stopped their own antivirus network watching thing. Anyways the kernels are still there and the isp didnt call today. Edit: i emailed Asus aswell so we will see what they can do.
Zennon Posted February 1, 2015 Posted February 1, 2015 Test for stealth on the net via your router/router's, if you have two you might need to set up the security better on your 3rd party router and becareful with DMZ also. https://www.grc.com/x/ne.dll?bh0bkyd2 Test the common ports or all ports.
abc123 Posted February 1, 2015 Posted February 1, 2015 I dont know actually. They cant help she said, it not in their support techniques or some crap. Funnily enough exactly to the day 1 yr the isp stopped their own antivirus network watching thing. Anyways the kernels are still there and the isp didnt call today. Edit: i emailed Asus aswell so we will see what they can do. Your ISP is responsible legally for all data that is sent and received by you, hints why they turn you into the internet police any chance they get... side note they're antivirus was really malware (it always is)... Download "Malwarebytes" and "Windows Defender" run scans...it isn't likely anything you are doing, next here are the following that don't care in no order: * Microsoft * ASUS * your ram manufacturer this is literally 1 of two things.. 1. You have some virus/rootkit/malware 1.1 It's your problem to fix 2. You are being the target of malicious attacks 2.1 it's your ISPs problem and they should be banning IP blocks from your connection... Don't bother with ASUS, or Microsoft that's like going to the grocery because your wife cooked your steak wrong...they don't care.
faulko Posted February 1, 2015 Author Posted February 1, 2015 Your ISP is responsible legally for all data that is sent and received by you, hints why they turn you into the internet police any chance they get... side note they're antivirus was really malware (it always is)... Download "Malwarebytes" and "Windows Defender" run scans...it isn't likely anything you are doing, next here are the following that don't care in no order: * Microsoft * ASUS * your ram manufacturer this is literally 1 of two things.. 1. You have some virus/rootkit/malware 1.1 It's your problem to fix 2. You are being the target of malicious attacks 2.1 it's your ISPs problem and they should be banning IP blocks from your connection... Don't bother with ASUS, or Microsoft that's like going to the grocery because your wife cooked your steak wrong...they don't care. Thanks and yes ive done as you suggested with malware and defender. Nothing was found. And for the record, i always cook my own steak ;-)
abc123 Posted February 1, 2015 Posted February 1, 2015 Thanks and yes ive done as you suggested with malware and defender. Nothing was found. And for the record, i always cook my own steak ;-) of course you do meat is a mans job.
faulko Posted February 2, 2015 Author Posted February 2, 2015 Test for stealth on the net via your router/router's, if you have two you might need to set up the security better on your 3rd party router and becareful with DMZ also. https://www.grc.com/x/ne.dll?bh0bkyd2 Test the common ports or all ports. THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES! That good i suppose.
abc123 Posted February 3, 2015 Posted February 3, 2015 i wouldn't worry about it, if you have done all those scans...the only thing let to run is: adwcleaner then just ignore it
faulko Posted February 3, 2015 Author Posted February 3, 2015 Yeah adwcleaner had somethings to remove, not heaps but there was stuff it found.
iAmMoDBoX Posted February 3, 2015 Posted February 3, 2015 Yeah adwcleaner had somethings to remove, not heaps but there was stuff it found. Do you happen to run a ddns on your asus router?
faulko Posted February 3, 2015 Author Posted February 3, 2015 Don't even know what that is but I remember seeing it, if it's on I didn't do it.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.