 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Microcontroller and PC projects : Router security alerts
| Author | Message | ||||
OA47 Guru  Joined: 11/04/2012 Location: AustraliaPosts: 986 |
Should I have concern about these alerts? I don't have a static ip and have not purposely opened the ports mentioned. OA47 |
||||
Grogster Admin Group  Joined: 31/12/2012 Location: New ZealandPosts: 9610 |
A quick search of the IP address on Mr. Google shows that it appears to be from the Netherlands, and it appears to be suspect: LINK I would be inclined to block that IP address in your router, now that you have discovered the odd behaviour. I am guessing your firewall reported this to you after repeated attempts by that IP address to access your machine, so you should have an option there somewhere to block any further access attempts from that IP address. Smoke makes things work. When the smoke gets out, it stops! |
||||
TassyJim Guru Joined: 07/08/2011 Location: AustraliaPosts: 6283 |
Port scans are a normal fact of life now-a-days. If the ports aren't open, it only uses up your data and slows down your internet a bit, or a lot of things get bad. Hopefully a bad DOS will be detected by your ISP and blocked further up the chain. Jim PS you should not have posted your IP address. VK7JH MMedit |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9610 |
If you want to block locally, go into your router's firewall, and then into IP filtering/blocking, and add a couple of rules to block both inward and outgoing traffic to that IP address:  "Rule Action" set to Deny, means the router will just bounce any attempts at incoming from that IP, or for your machine to try to send any response to that IP address. Agree about the personal IP address. I recommend you take this image down, and replace with plain text, or at least blurr your IP address as this makes you identifiable on the global internet to anyone. The destination address is you on the internet - YOUR IP address. Well, your router's IP address anyway, but it never a good idea to post your own IP address if you can avoid it. Smoke makes things work. When the smoke gets out, it stops! |
||||
| lizby Guru Joined: 17/05/2016 Location: United StatesPosts: 3378 |
I'm far from experienced at this, but I think "deny" is deprecated because it lets the attacker know that a router is there, providing reason for further exploitation attempts. It's quite old now, but from time to time I run Steve Gibson's "Shields Up", which probes your ports and reports the results to you: https://www.grc.com/x/ne.dll?rh1dkyd2 Steve Gibson has been around since the 80s--he wrote a disk compression program which I used then. I'd be happy to find out if others use more up-to-date scanners or other tools. PicoMite, Armmite F4, SensorKits, MMBasic Hardware, Games, etc. on fruitoftheshed |
||||
| greybeard Senior Member  Joined: 04/01/2010 Location: AustraliaPosts: 174 |
Whilst not posting your IP is a good security tip, it isn't as critical in this case as the OP stated that he does not have a static IP. |
||||
| lizby Guru Joined: 17/05/2016 Location: United StatesPosts: 3378 |
My provider doesn't guarantee a static IP, but it has only changed about once every two years for the past 10 years. PicoMite, Armmite F4, SensorKits, MMBasic Hardware, Games, etc. on fruitoftheshed |
||||
| OA47 Guru Joined: 11/04/2012 Location: AustraliaPosts: 986 |
Thanks for the concern about posting the IP, but I did reboot the router this morning and it did pick up a completely new IP address. OA47 |
||||
 Print this page |
 |
The Back Shed's forum code is written, and hosted, in Australia. | © JAQ Software 2025 |
