Results 1 to 7 of 7

Thread: Portscanned???

  1. #1
    Join Date
    Mar 2004
    Location
    Norway
    Posts
    26

    Portscanned???

    Hi.
    I was just browsing through the system log on my wl500g (using the 1.7.5.6-2 firmware (thanks Oleg )) when I noticed a whole bunch of
    "...WL500g user.warn klogd: ALERTIN=eth1..." entries.
    I'm not really savvy enough to understand all of the codes in the log, but doesn't it seem like I've had som sort of a portscan attack or something?

    I've uploaded a bit from today's log, if anyone want's to take a look... couldn't upload the whole log as it's more than 1.5MB of text.. and that's only after 3 days...

    Edit: I know that I don't know anyone at those addresses, and I know that I have port 21 and 22 open...

    Royan
    Attached Files Attached Files
    Last edited by Royan; 13-04-2004 at 18:00.

  2. #2
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    Yes, this is a port scans. Welcome to the internet.

  3. #3
    Join Date
    Mar 2004
    Location
    Norway
    Posts
    26
    Yeah... I figured...
    I've just never had a router with open ports before...

    Royan

  4. #4
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    The ports are "closed", but built-in firewall logs all attempts to use them.

  5. #5
    Join Date
    Mar 2004
    Location
    Norway
    Posts
    26
    According to the portcheck at grc.com, both port 21 and 22 are open... ?
    I know that port 21 is open, since i have an ftp server on it (Asus-usbdisk), and 22 is accessible as well....
    Another thing I noticed from the grc.com check was that it said that the router responded to pings from the wan port, even though it is set to off in router setup.

    I'm not trying to be negative about your firmware, because I think it's great... I've actually only had the official firmware on my router for about 3 hours total...

    I expected that ports 21 and 22 were open, but I also think that you should know about other stuff such as the ping responses in case it is something that shouldn't be there.

    Edit: http://wl500g.info/showthread.php?s=&threadid=268

    Edit2: One thing I was thinking about... I'm not really concerned about the portscanning, but I'm am a bit annoyed that Asus doesn't allow changing admin user id... In some respects that cut's the security in half, as it's only the password anyone who wants to get in has to find.
    I remember reading that someone in this forum had made a fix for that... maybe something to add in your next release?
    Royan
    Last edited by Royan; 13-04-2004 at 22:48.

  6. #6
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    I mean other ports are closed. You can close port 21 by disabling ftp. As for port 22 - wait for the next firmware.

  7. #7
    Join Date
    Mar 2004
    Location
    Norway
    Posts
    26
    ah.. ok, thats what you ment...
    I figured that port 21 would be closed by disabling the ftp.
    I didn't know that port 22 couldn't be closed yet, but it doesn't matter... I want to keep both of them open anyways...

    keep up the terriffic work that you do Oleg.

    Royan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •