Jump to content

Help me understand pls?

faulko

By faulko
in Off Topic

Recommended Posts

faulko

faulko

Posted
Posted
Jan 30 20:09:45 kernel: ACCEPT IN=ppp0 OUT=br0 SRC=1.228.24.104 DST=192.168.1.180 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=24917 DF PROTO=TCP SPT=57929 DPT=59193 SEQ=1015144689 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405AC01010402) 
 
 
 
I have a tonne of these kernels in my modem ive never noticed before.

Can someone explain to a simpleton like me what it means.
Link to comment
Share on other sites
Adam

Adam

Posted
Posted

 

Jan 30 20:09:45 kernel: ACCEPT IN=ppp0 OUT=br0 SRC=1.228.24.104 DST=192.168.1.180 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=24917 DF PROTO=TCP SPT=57929 DPT=59193 SEQ=1015144689 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405AC01010402) 
 
 
 
I have a tonne of these kernels in my modem ive never noticed before.

 

Can someone explain to a simpleton like me what it means.

 

 

 

Its a log of traffic going in and out..

i'll break it down for you

ACCEPTed INcomming from ppp0 means its coming from the wan ie the internet

src i source so its coming from the ip address 1.228.24.104

dst is destination so whatever device on your home network with the ip 192.168.1.180 is where the packet was headed

LEN is length in bytes of the packet

TOS and PRECidence relate to the type of service

TLL is time to live

ID /PROTO are the type of packet and datagram used

SPT is the source port where it enters on modem/router

DPT is the destination port on the device

SEQ is sequence

ACK is acknowledgement

 

 

and the rest is fluff,,,, 

that to me looks like either you were using a torrent or some other peer to peer system or streaming video, 

Link to comment
Share on other sites
Guest Netduma_Iain

Guest Netduma_Iain

Posted
Posted

For some reason its showing you kernel log file of TCP syn packets. For most connections you will have a syn packet to start the communication. So its a bit odd that its reporting it, best ask your modem company or ISP.

Link to comment
Share on other sites
faulko

faulko

Posted
  • Author
Posted

um....

 

that IP (src) is in south korean - https://db-ip.com/all/1.228.24

 

firewalls up

Thanks for the repsonse gang>

 

Im not so worried about the amount in the log actually, well i am but im more worried about 95% of the ip's are in South Korea and the fact there is a new kernel almost evry 10-20secs, sometimes at 2secs.

 

No torrents at all. I havent torrented in yrs.

 

This in conjunction with lot and lots of failed attempt recently to access my router im begining to wonder what the kids are doing, because its not me playing funny buggers

 

 

Link to comment
Share on other sites
  • Netduma Staff
Netduma Crossy

Netduma Crossy

Posted
  • Netduma Staff
Posted

Thanks for the repsonse gang>

 

Im not so worried about the amount in the log actually, well i am but im more worried about 95% of the ip's are in South Korea and the fact there is a new kernel almost evry 10-20secs, sometimes at 2secs.

 

No torrents at all. I havent torrented in yrs.

 

This in conjunction with lot and lots of failed attempt recently to access my router im begining to wonder what the kids are doing, because its not me playing funny buggers

 

 

 

Maybe you could change your WAN IP. If it carried on happening after that maybe you have malware on your computer?

 

I suppose you could think of it positively: at least its South Korean not North Korean. ;)

Link to comment
Share on other sites
faulko

faulko

Posted
  • Author
Posted

Maybe you could change your WAN IP.

And how do i do that?

 

I assume the kernels are at a request of a device on the duma.

 

Wouldnt changing the wan just alter the destination?

 

Being everything is blocked in the duma except my pc and the ps4 i can only assume it is 1 of these devices.

 

Is Malware Bytes still a alright program?

 

The only things changed over recent months is the duma i have chrome now.

Link to comment
Share on other sites
faulko

faulko

Posted
  • Author
Posted

Neither found anything nor did changing the wan ip.

i should mention too the ip's arent always south korea, i got stuff from everywhere, romania, russia, japan you name it i got it.

Many many of the ip's are to be black listed also.

 

Got onto my isp and they will arrange a call with microsoft tomorrow.

Link to comment
Share on other sites
faulko

faulko

Posted
  • Author
Posted

? why is your ISP pawning you off to Microsoft?

I dont know actually.

 

They cant help she said, it not in their support techniques or some crap.

 

Funnily enough exactly to the day 1 yr the isp stopped their own antivirus network watching thing.

 

Anyways the kernels are still there and the isp didnt call today.

 

Edit: i emailed Asus aswell so we will see what they can do.

Link to comment
Share on other sites
abc123

abc123

Posted
Posted

I dont know actually.

 

They cant help she said, it not in their support techniques or some crap.

 

Funnily enough exactly to the day 1 yr the isp stopped their own antivirus network watching thing.

 

Anyways the kernels are still there and the isp didnt call today.

 

Edit: i emailed Asus aswell so we will see what they can do.

 

Your ISP is responsible legally for all data that is sent and received by you, hints why they turn you into the internet police any chance they get...

 

 

side note they're antivirus was really malware (it always is)...

 

Download "Malwarebytes" and "Windows Defender" run scans...it isn't likely anything you are doing, next here are the following that don't care in no order:

 

* Microsoft

* ASUS

* your ram manufacturer

 

this is literally 1 of two things..

 

1. You have some virus/rootkit/malware

    1.1 It's your problem to fix

2. You are being the target of malicious attacks

    2.1 it's your ISPs problem and they should be banning IP blocks from your connection...

 

Don't bother with ASUS, or Microsoft that's like going to the grocery because your wife cooked your steak wrong...they don't care.

Link to comment
Share on other sites
faulko

faulko

Posted
  • Author
Posted

Your ISP is responsible legally for all data that is sent and received by you, hints why they turn you into the internet police any chance they get...

 

 

side note they're antivirus was really malware (it always is)...

 

Download "Malwarebytes" and "Windows Defender" run scans...it isn't likely anything you are doing, next here are the following that don't care in no order:

 

* Microsoft

* ASUS

* your ram manufacturer

 

this is literally 1 of two things..

 

1. You have some virus/rootkit/malware

    1.1 It's your problem to fix

2. You are being the target of malicious attacks

    2.1 it's your ISPs problem and they should be banning IP blocks from your connection...

 

Don't bother with ASUS, or Microsoft that's like going to the grocery because your wife cooked your steak wrong...they don't care.

Thanks and yes ive done as you suggested with malware and defender.

 

Nothing was found.

 

And for the record, i always cook my own steak ;-)

Link to comment
Share on other sites
faulko

faulko

Posted
  • Author
Posted

Test for stealth on the net via your router/router's, if you have two you might need to set up the security better on your 3rd party router and becareful with DMZ also.

 

https://www.grc.com/x/ne.dll?bh0bkyd2

 

Test the common ports or all ports.

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

 

That good i suppose.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...