1. #1
    Junior Member

    Join Date
    Mar 2009
    Posts
    9

    Default kernal intrusion

    Hi ,

    I am getting these messages from my router log:
    Jan 1 00:07:18 user alert kernel: Intrusion -> IN=ppp_0_35_1 OUT= MAC= SRC=115.132.182.101 DST=59.93.79.192 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=12504 DF PROTO=TCP SPT=63844 DPT=33625 WINDOW=8192 RES=0x00 SYN URGP=0
    Jan 1 00:17:18 user alert kernel: Intrusion -> IN=ppp_0_35_1 OUT= MAC= SRC=24.118.216.34 DST=59.93.79.192 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=20121 DF PROTO=TCP SPT=55574 DPT=33625 WINDOW=8192 RES=0x00 SYN URGP=0

    Is this some kind of intrusion happening on my router? I am getting these alerts constantly. Before this my router was reset and all the settings are changed.
    Can anyone please clarify.

    Thanks,
    Deepak.

  2. #2
    LEARNER

    Join Date
    Aug 2007
    Posts
    15,283

    Default

    Enable Firewall in modem ( memntion make/model/number Are you in "Dialer Mode ?
    what is the Antivirus and Firewall applications you use?
    If you use Zone Alarm, you will be alerted about these intrusions

  3. #3
    Junior Member

    Join Date
    Mar 2009
    Posts
    9

    Default

    The firewall is enabled in the modem, my
    Connection Type: PPPoE
    Modem : UTStarcom (dataone)
    Model Name: WA3002G4

  4. #4
    LEARNER

    Join Date
    Aug 2007
    Posts
    15,283

    Default

    Firewall program? Antivirus malware applications used ?
    Connection Type: PPPoE
    Presume you mean ,you are on "Dialer" mode, entering UserId and PW externally to modem.

    switch to "Always On" PPP/PPPoE mode
    Uncheck "Bridged" in WAN page and select above.
    Enter UserId/PW in wan page etc.

  5. #5
    Junior Member

    Join Date
    Mar 2009
    Posts
    9

    Default

    I don't think, malware program running on the router, and to my understanding this router will internally consists of the DSL. And the firewall program must be the same that come with the DSL itself.

    And I dont think we cant install any software on this router, since the machine comes closed.So no chance of installing the applications like Zone Alarm.

    And these are already configured and I am still getting the same alerts:
    switch to "Always On" PPP/PPPoE mode
    Uncheck "Bridged" in WAN page and select above.
    Enter UserId/PW in wan page etc.

  6. #6
    LEARNER

    Join Date
    Aug 2007
    Posts
    15,283

    Default

    check the IP address/es given in ModemSystem Log and confirm whether these "intrusions are needed or not.
    Free Product Demo, Tools and Sample Databases


    All applications are installed in the computer.
    Zone ALARM Free version will give you info about the intrusion IP's details..

    When you consult a Doctor, if you don't like his 'prescription" and feel the sickness will not go, you are free to consult another "specialist" etc.
    Same here. Most of us are "URMP" here!!
    Unregistered Modem Practioner"
    Please feel free to ignore/accept any member's comments/suggestions/ideas etc.
    No hard feelings. All try to help .

Posting Permissions

Log in

Log in