Log entry query

[sabre999uk]

Hi,
Does this entry indicate the packet was blocked by the router?
Dec 2 00:59:52 daemon alert kernel: Intrusion -> TCP packet from [pppoa0] 94.229.77.106:41677 to [redacted]:22
At the moment there are no incoming/outgoing firewall rules set up so I need to know if I need to worry.

Steve

[billion_fan]

Hi,
Does this entry indicate the packet was blocked by the router?
Dec 2 00:59:52 daemon alert kernel: Intrusion -> TCP packet from [pppoa0] 94.229.77.106:41677 to [redacted]:22
At the moment there are no incoming/outgoing firewall rules set up so I need to know if I need to worry.

Steve

I think that is blocked, you can run a port scan on port 22 using shields up to be sure

[sabre999uk]

Hi,
The router that had the entry I was looking at via a ipsec lan-lan vpn between two 7800DX's, accessed one of the pc's using teamviewer and did a shields up and it shows 22,23,139 & 445 open (all other ports closed) also says upnp is exposed to the outside world! How can I close the ports and remove the upnp exposure? Or is the fact I did the shields up via teamviewer muddying the water?

For reference I did a shields up & upnp exposure check on my pc with truestealth & not exposed results, only difference in router config is I have firewall rules setup.

Steve
Edited: to add word 'open'

[billion_fan]

Hi,
The router that had the entry I was looking at via a ipsec lan-lan vpn between two 7800DX's, accessed one of the pc's using teamviewer and did a shields up and it shows 22,23,139 & 445 (all other ports closed) also says upnp is exposed to the outside world! How can I close the ports and remove the upnp exposure? Or is the fact I did the shields up via teamviewer muddying the water?

For reference I did a shields up & upnp exposure check on my pc with truestealth & not exposed results, only difference in router config is I have firewall rules setup.

Steve

I assume port 22,23,139 etc are opened via UPNP (if they are open with the IP Filtering/virtual server section this needed to be adjusted) regarding the UPNP test, I just ran it on my 7800DX and got a message stating ''THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES" (for a test you can try and disable UPNP and see if that helps, on my 7800DX UPNP was enabled and still did not respond so it must be something on the sites config setup)

Not sure about the team viewer over IPsec test, never done that before.

[sabre999uk]

Hi,
In both routers upnp was enabled and neither have virtual server / ip filtering for any of the ports that are open, I'm awaiting the results of a further shieldsup at the remote site. Only other thing I can think of is the pc's at the remote end have different firewall software to me although I can't think of how that would affect the upnp exposure test.

Steve

[sabre999uk]

Hi,
New test done with upnp disabled in router results in THE EQUIPMENT AT THE TARGET IP ADDRESS
ACTIVELY REJECTED OUR UPnP PROBES! but ports 22,23,139,445 still open. Then noticed firewall is off under wan, have turned it on and asked the remote site to rerun the tests, just hope the it doesn't stop his software checking for valid license like a Billion 7402NX did.

Steve

[billion_fan]

Hi,
New test done with upnp disabled in router results in THE EQUIPMENT AT THE TARGET IP ADDRESS
ACTIVELY REJECTED OUR UPnP PROBES! but ports 22,23,139,445 still open. Then noticed firewall is off under wan, have turned it on and asked the remote site to rerun the tests, just hope the it doesn't stop his software checking for valid license like a Billion 7402NX did.

Steve

If the firewall was off this could be the issue, my firewall was on (if everything goes well you can try re-enabling UPNP with the firewall on, and see what happens)

I assume there must be a server that is opening the SSH, Telnet etc ports, if you disable UPNP on the server it self (so it doesn't open the ports) and then reboot the router and run another port scan this might help.