Bekijk de volledige versie : Portscanned???

13-04-2004, 17:55
I was just browsing through the system log on my wl500g (using the firmware (thanks Oleg :))) when I noticed a whole bunch of
"...WL500g user.warn klogd: ALERTIN=eth1..." entries.
I'm not really savvy enough to understand all of the codes in the log, but doesn't it seem like I've had som sort of a portscan attack or something?

I've uploaded a bit from today's log, if anyone want's to take a look... couldn't upload the whole log as it's more than 1.5MB of text.. and that's only after 3 days... :eek:

Edit: I know that I don't know anyone at those addresses, and I know that I have port 21 and 22 open...


13-04-2004, 18:27
Yes, this is a port scans. Welcome to the internet. :)

13-04-2004, 19:02
Yeah... I figured...
I've just never had a router with open ports before... :)


13-04-2004, 19:37
The ports are "closed", but built-in firewall logs all attempts to use them.

13-04-2004, 22:32
According to the portcheck at grc.com, both port 21 and 22 are open... ?
I know that port 21 is open, since i have an ftp server on it (Asus-usbdisk), and 22 is accessible as well....
Another thing I noticed from the grc.com check was that it said that the router responded to pings from the wan port, even though it is set to off in router setup.

I'm not trying to be negative about your firmware, because I think it's great... I've actually only had the official firmware on my router for about 3 hours total... :)

I expected that ports 21 and 22 were open, but I also think that you should know about other stuff such as the ping responses in case it is something that shouldn't be there.

Edit: http://wl500g.info/showthread.php?s=&threadid=268

Edit2: One thing I was thinking about... I'm not really concerned about the portscanning, but I'm am a bit annoyed that Asus doesn't allow changing admin user id... In some respects that cut's the security in half, as it's only the password anyone who wants to get in has to find.
I remember reading that someone in this forum had made a fix for that... maybe something to add in your next release? :)

14-04-2004, 08:19
I mean other ports are closed. You can close port 21 by disabling ftp. As for port 22 - wait for the next firmware.

14-04-2004, 08:48
ah.. ok, thats what you ment... :)
I figured that port 21 would be closed by disabling the ftp.
I didn't know that port 22 couldn't be closed yet, but it doesn't matter... I want to keep both of them open anyways... :)

keep up the terriffic work that you do Oleg. :D