kernal intrusion

**closed circuit** · 06-01-10, 11:12 PM

Hi ,

I am getting these messages from my router log:
Jan 1 00:07:18 user alert kernel: Intrusion -> IN=ppp_0_35_1 OUT= MAC= SRC=115.132.182.101 DST=59.93.79.192 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=12504 DF PROTO=TCP SPT=63844 DPT=33625 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 1 00:17:18 user alert kernel: Intrusion -> IN=ppp_0_35_1 OUT= MAC= SRC=24.118.216.34 DST=59.93.79.192 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=20121 DF PROTO=TCP SPT=55574 DPT=33625 WINDOW=8192 RES=0x00 SYN URGP=0

Is this some kind of intrusion happening on my router? I am getting these alerts constantly. Before this my router was reset and all the settings are changed.
Can anyone please clarify.

Thanks,
Deepak.

**essbebe** · 06-01-10, 11:16 PM

Enable Firewall in modem ( memntion make/model/number Are you in "Dialer Mode ?
what is the Antivirus and Firewall applications you use?
If you use Zone Alarm, you will be alerted about these intrusions

**closed circuit** · 06-01-10, 11:35 PM

The firewall is enabled in the modem, my
Connection Type: PPPoE
Modem : UTStarcom (dataone)
Model Name: WA3002G4

**essbebe** · 06-02-10, 12:11 AM

Firewall program? Antivirus malware applications used ?

Connection Type: PPPoE

Presume you mean ,you are on "Dialer" mode, entering UserId and PW externally to modem.

switch to "Always On" PPP/PPPoE mode
Uncheck "Bridged" in WAN page and select above.
Enter UserId/PW in wan page etc.

**closed circuit** · 06-02-10, 08:21 AM

I don't think, malware program running on the router, and to my understanding this router will internally consists of the DSL. And the firewall program must be the same that come with the DSL itself.

And I dont think we cant install any software on this router, since the machine comes closed.So no chance of installing the applications like Zone Alarm.

And these are already configured and I am still getting the same alerts:
switch to "Always On" PPP/PPPoE mode
Uncheck "Bridged" in WAN page and select above.
Enter UserId/PW in wan page etc.

**essbebe** · 06-02-10, 08:36 AM

check the IP address/es given in ModemSystem Log and confirm whether these "intrusions are needed or not.
Free Product Demo, Tools and Sample Databases

All applications are installed in the computer.
Zone ALARM Free version will give you info about the intrusion IP's details..

When you consult a Doctor, if you don't like his 'prescription" and feel the sickness will not go, you are free to consult another "specialist" etc.
Same here. Most of us are "URMP" here!!
Unregistered Modem Practioner"
Please feel free to ignore/accept any member's comments/suggestions/ideas etc.
No hard feelings. All try to help .

Thread: kernal intrusion

LinkBack

Thread Tools

Display

kernal intrusion

Thread Information

Users Browsing this Thread