Home page logo

basics logo Security Basics mailing list archives

RE: Home firewall Hits
From: "Preston, Tony" <Tony.Preston () acs-inc com>
Date: Thu, 6 Nov 2003 16:19:08 -0500

Actually, I found that I had turned on the logging feature on the Linksys
router and it was sending me the messages, not a port scan.  It is
interesting to use WallWatcher to see what it going on on my home network...
I can see where my son is surfing ...:)  It did look like a port scan to me
which was why I asked my questions.

BTW... I do have a firewall on my Win/ME system.  As for the 67/68 hits, I
guess I may have misconfigured my firewall to block those, my question  was 
What did the hit mean:

31/Oct/2003 00:00:02] Rule 'Packet to unopened port received': Blocked: In
UDP,>localhost:67, Owner: no owner

I think I know now from doing a bit of research that one of my firewall
rules was blocking something that maybe I should let through...   I am
tempted to leave it blocked since it doesn't seem to be needed.

Everyone was pretty helpful... thanks again.

Tony Preston
Systems Engineer, AS&T Inc.
Division of L3 Corporation
(609) 485-0205 x 181

-----Original Message-----
From: me null [mailto:me_null () hotmail com] 
Sent: Thursday, November 06, 2003 3:27 PM
To: Tony.Preston () acs-inc com; security-basics () securityfocus com
Subject: Re: Home firewall Hits

hello, i havent read through the replys you have got but ill chime in non 
the less. i would amagine some have sayed part of what i will.

1 im not sure what u ment here bout it sounds like a port scan

">From reading the firewall log, I would think that my router is 
Port 162  with a UDP message.  The odd thing is that it is doing this by
using an
incrementing port from, I see many of these every day, it is

2 these are DHCP ports 67 / 68 UDP a DHCP server would tell DHCP clients 
where thay are and info regarding you network.

3 is this is EXACTLY your setup ...
" [cable modem] <----> [ Linksys Wireless Router] ~~~ [ Windows ME W/
firewall ]"
than theres nothing blocking access from the internet to your router. witch 
means some 1 can (if thay havent yet) crack you routers password. you would 
be amased at how easy this can be like a user name of "admin" and a password

of "admin" and BAM thay have CONTROL of your router. either put a fire wall 
between your router and the internet or ATLEAST change you login credintals 
for your router

hope this helps and wasnt too redundant

The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]