Yes I monitored that stuff for a while and there was a constant stream of it from various sources - I turned it off, assuming the router was doing its job by detecting the 'attacks'
PM pete...@amnet.net.au 0408 902 349 On 31/01/2012, at 10:52 AM, Ray Forma wrote: > Ronda, > > I have never used torrent or file-sharing apps, and have WPA2 security set on > my Wireless Network. > > I have since done a Whois on the IP address of the source, and it gave me the > following interesting info: > > netname: CHINANET-JS > descr: CHINANET jiangsu province network > descr: China Telecom > address: 260 Zhongyang Road,Nanjing 210037 > country: CN > phone: +86-25-86588231 > phone: +86-25-86588745 > fax-no: +86-25-86588104 > e-mail: i...@jsinfo.net > remarks: send anti-spam reports to s...@jsinfo.net > remarks: send abuse reports to ab...@jsinfo.net > > Is this an example of China's trainee electronic warfare students doing their > homework? > > Do any other Wamuggers who have their router set to provide notification of > DNS packets and Port Scans get similar attacks, or are these things sliding > past most users' radars? > > On 31/01/2012, at 9:15 AM, Ronda Brown wrote: > >> Hi Ray, >> >> Have you been using a P2P (peer to peer) type application e.g. torrents, or >> file sharing application? >> When the application is closed you may well see the router firewall kick in >> by blocking access since the application is no longer running to accept the >> connection. >> >> As long as you have WPA2 security on your Wireless Network I don’t think you >> need worry about these messages. >> >> Cheers, >> Ronni >> >> 17" MacBook Pro 2.3GHz Quad-Core i7 “Thunderbolt" >> 2.3GHz / 8GB / 750GB @ 7200rpm HD >> >> OS X 10.7.2 Lion >> Windows 7 Ultimate (under sufferance) >> >> On 30/01/2012, at 9:55 AM, Ray Forma wrote: >> >>> My NETGEAR DG834G router is starting to send me lots of emailed messages >>> similar to the following: >>> >>> TCP Packet - Source:58.218.199.227,12200 Destination:59.100.232.231,6588 - >>> [DOS] >>> TCP Packet - Source:58.218.199.227,12200 Destination:59.100.232.231,7212 - >>> [DOS] >>> TCP Packet - Source:58.218.199.227,12200 Destination:59.100.232.231,5390 - >>> [DOS] >>> TCP Packet - Source:58.218.199.227,12200 Destination:59.100.232.231,8080 - >>> [DOS] >>> TCP Packet - Source:58.218.199.147,12200 Destination:59.100.232.231,8008 - >>> [DOS] >>> >>> Occasionally there is a message that ends with [Port Scan] instead of [DOS] >>> >>> Are these notifications of 'Denial Of Service' attacks? >>> >>> My Mac is not serving anything to the Internet. >>> >>> If so, is there anything I should do besides making sure I have a firewall >>> in place? >>> >>> Regards, >>> >>> Ray Forma >>> Mob +61 (0) 428 596938 > > > Regards, > > Ray Forma > Mob +61 (0) 428 596938 > > -- The WA Macintosh User Group Mailing List -- > Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> > Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> > Settings & Unsubscribe - > <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug> -- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>