kernal intrusion

Discussion in 'BSNL broadband' started by closed circuit, Jun 1, 2010.

  1. closed circuit

    closed circuit New Member

    Hi ,

    I am getting these messages from my router log:
    Jan 1 00:07:18 user alert kernel: Intrusion -> IN=ppp_0_35_1 OUT= MAC= SRC=115.132.182.101 DST=59.93.79.192 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=12504 DF PROTO=TCP SPT=63844 DPT=33625 WINDOW=8192 RES=0x00 SYN URGP=0
    Jan 1 00:17:18 user alert kernel: Intrusion -> IN=ppp_0_35_1 OUT= MAC= SRC=24.118.216.34 DST=59.93.79.192 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=20121 DF PROTO=TCP SPT=55574 DPT=33625 WINDOW=8192 RES=0x00 SYN URGP=0

    Is this some kind of intrusion happening on my router? I am getting these alerts constantly. Before this my router was reset and all the settings are changed.
    Can anyone please clarify.

    Thanks,
    Deepak.
  2. essbebe

    essbebe LEARNER

    Enable Firewall in modem ( memntion make/model/number Are you in "Dialer Mode ?
    what is the Antivirus and Firewall applications you use?
    If you use Zone Alarm, you will be alerted about these intrusions
  3. closed circuit

    closed circuit New Member

    The firewall is enabled in the modem, my
    Connection Type: PPPoE
    Modem : UTStarcom (dataone)
    Model Name: WA3002G4
  4. essbebe

    essbebe LEARNER

    Firewall program? Antivirus malware applications used ?
    Presume you mean ,you are on "Dialer" mode, entering UserId and PW externally to modem.

    switch to "Always On" PPP/PPPoE mode
    Uncheck "Bridged" in WAN page and select above.
    Enter UserId/PW in wan page etc.
  5. closed circuit

    closed circuit New Member

    I don't think, malware program running on the router, and to my understanding this router will internally consists of the DSL. And the firewall program must be the same that come with the DSL itself.

    And I dont think we cant install any software on this router, since the machine comes closed.So no chance of installing the applications like Zone Alarm.

    And these are already configured and I am still getting the same alerts:
    switch to "Always On" PPP/PPPoE mode
    Uncheck "Bridged" in WAN page and select above.
    Enter UserId/PW in wan page etc.
  6. essbebe

    essbebe LEARNER

    check the IP address/es given in ModemSystem Log and confirm whether these "intrusions are needed or not.
    Free Product Demo, Tools and Sample Databases


    All applications are installed in the computer.
    Zone ALARM Free version will give you info about the intrusion IP's details..

    When you consult a Doctor, if you don't like his 'prescription" and feel the sickness will not go, you are free to consult another "specialist" etc.
    Same here. Most of us are "URMP" here!!
    Unregistered Modem Practioner"
    Please feel free to ignore/accept any member's comments/suggestions/ideas etc.
    No hard feelings. All try to help .

Share This Page