kernel intrusion detected alert

[dopple]

My router is giving out the following alert in system log. whats this about?


kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=222.xxx.21.218 DST=59.xxx.100.xx LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=TCP SPT=77 DPT=9064 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000

 

[DragonNOA1]

SRC=222.xxx.21.218 DST=59.xxx.100.xx ... PROTO=TCP SPT=77 DPT=9064

D-link router? Looks to be someone scanning your router. Notice the source and destination IP's and ports.

 

[dopple]

D-link router? Looks to be someone scanning your router. Notice the source and destination IP's and ports.

is there some setting to prevent scanning?

 

[djflow195]

Unplug from the internet?

If you are connected to a world wide network, you are going to get scans. The important thing is to make sure the firewall is up and that you have no internet-facing open ports.

Run an internet firewall test (Shields Up) and if you pass, you should be ok.

 

[dopple]

Unplug from the internet?

If you are connected to a world wide network, you are going to get scans. The important thing is to make sure the firewall is up and that you have no internet-facing open ports.

Run an internet firewall test (Shields Up) and if you pass, you should be ok.

its passing. thanks for the link. its a new router, hadn't seen these entries in my previous router..