Whats this mean ? Xmas Port Scan Attack ?

[pwsincd]

so 10 min ago i lost all internet , after several reboots of all machines , i could see the router from my phone wirelessly but wouldnt connect , then eventually for no reason it all came back online. I couldnt see the routers setting or nothing , checked all wires etc etc like u do . When it came back i checked the router log to find this entry :

Dec 2 10:29:45 ,Xmas port scan attack from WAN (ip:173.194.78.188) detected.

now a whois search indicates this IP to be GOOGLE wtf is all that about ...????


anyone have a clue. EDIT : seems the GOOGLE IP is probably spoofed.

 

[nukeboy95]

Various hackers are scanning your public IP address (WAN). Those are the hacker's IP addresses.
This is fairly normal, every person on the Internet is scanned by hundreds of hackers every day. Your router is doing its job - blocking them. fyi that ip is goolge's

 

[McHaggis]

My BT home hub does this about 4 times per day and I'm on a dynamic IP.

 

[pwsincd]

yeah i figured its not uncommon , just more concerned that i seemed to lose all connectivity to the router at the time it happened

 

[Rydian]

anyone have a clue. EDIT : seems the GOOGLE IP is probably spoofed.

Can't spoof an IP like that, if the connection log shows that IP, then it came from that IP. However that's not to say that Google is responsible, just that the last place it came through before getting to you as one of google's locations... kind of like how a criminal can convince a different guy to deliver a message. The guy is the one that delivered the message to the final destination, but he's not the one that made it.

If you don't have any ports forwarded and have no servers running (web server, minecraft server, etc.) you can safely disable the port scan failure feature thing, since nothing will be able to reach your machines anyways (all incoming traffic denied by default).

 

[nukeboy95]

do you have clear wire because there servers where down for a while

 

[pwsincd]

Can't spoof an IP like that, if the connection log shows that IP, then it came from that IP. However that's not to say that Google is responsible, just that the last place it came through before getting to you as one of google's locations... kind of like how a criminal can convince a different guy to deliver a message. The guy is the one that delivered the message to the final destination, but he's not the one that made it.

If you don't have any ports forwarded and have no servers running (web server, minecraft server, etc.) you can safely disable the port scan failure feature thing, since nothing will be able to reach your machines anyways (all incoming traffic denied by default).

Yeah , i guess i used "spoof" as an uneducated term for the attacker masking their true ID .
No servers currently running , however come xmas day my son will be all over his new laptop/minecraft account and im sure he'll be messing with trying to have his own server , and my other son will be on his wiiu ( and probably i will be hosting a local server to trial this mp4 streaming feature)(not sure if that counts) , ill have a mooch through the router cofig for a disable port scan thingy-ma-jig . - would that disable the router going belly up on this sort of occurance.


@nukeboy : whats clear wire ?

 

[FAST6191]

Clearwire is a 3g ISP in the US.

Re spoofing an IP like that- you kind of can by altering the return address section ( http://nemesis.sourceforge.net/ or maybe hping as well as a whole bunch of others listed on http://linuxpoison.blogspot.com.ar/2008/10/tools-for-creating-tcpip-packets.html are relatively simple tools aimed at it) but if you want data returned it is utterly pointless unless you also control the "faked" return address. That said if you know such a router will effectively DOS itself as a result it could still be considered useful.

 

[Rydian]

Clearwire is an internet provider.

Wii U stuff wouldn't open you up, it's anything that needs port forwarding (like hosting a minecraft server). Streaming within your house is fine (no ports need to be open).

And yeah, if there's a way to disable it that'd likely help.

 

[pwsincd]

Thanks for the advice , no as im in the good ole U of K im not clearwire , just switched from SKY ( i hate them) to talk talk , router is actually a dlink router and not that shite sagem crap from sky. So hopefully it will have more settings/control for me .

 

[Originality]

TalkTalk... my condolences. They're the bastard child of Tiscali and AOL (and Carphone Warehouse for that matter). They're also the most complained about broadband provider in 2011 (Ofcom statistics), although that's probably because both AOL and Tiscali were the most complained about before that.
Also, TalkTalk use BT for broadband. Same as PlusNet and several others.

Anyway, that wasn't very helpful and has little to no relevance on the topic.

As a side note, things that can cause internet droppage include overheating routers (uncommon), cache crashing in routers (common for cheaper routers, especially when P2P is involved), power spikes (depends where you are), and hung telephony sessions (common with BT). Normally resetting the router is enough to fix most problems. If it's not you, then it's usually the telephone exchange or the ISP. In both cases, only a phonecall to the ISP can get that checked and resolved, and it only takes them minutes to do (if they know what they're doing).

 

[pyromaniac123]

Santa claus is trying to get into your computer.

Ho ho ho.

 

[pwsincd]

Talk talk i know , but i totally fell out with sky , i dont have much choice , im in a cable free street

 

[Arras]

Santa claus is trying to get into your computer.

Ho ho ho.

He's obviously just trying to get your wish list so he can give you a nice present.

 

[pwsincd]

thoughtful of him , that 50" tv i been eyeing up would go down well