At first I'd like to state that my knowledge in IP spoofing, DoS, networks and their security is very limited.
Though, I ve read on Wikipedia and got informed.
So the story is like this.
I ve lost my connection to WAN and ADSL for about 4-5 minutes.
I always want to check my logs on router when this happens so I can diagnose if it's me or the ISP.
But today I saw *SMURF* on my logs.
By my mistake, the log has been cleared But I ve made a quick look up on the IP that attempted (succeded?) the scan:
This log doesnt say much for me who dont have the knowledge so at first I'd like you to tell me what it says in plain english.
I suppose is the anti-forwarding of my router?
Secondly, I google for prevention, and my Firewall (on router) is configured right:
After reconnecting my log has been clear:
04/12/2011 18:58:48 192.168.2.4 login success 04/12/2011 18:44:53 192.168.2.4 login success 04/12/2011 18:23:05 NTP Date/Time updated. 08/01/2003 00:01:21 I/F(ATM1) PPP connection ok ! 08/01/2003 00:01:20 ATM1 get IP:220.127.116.11 08/01/2003 00:01:20 Username and Password: OK 08/01/2003 00:01:08 ATM1 start PPP 08/01/2003 00:01:08 ADSL Media Up ! 08/01/2003 00:00:42 192.168.2.4 login success 08/01/2003 00:00:08 sending ACK to 192.168.2.2 08/01/2003 00:00:08 sending OFFER to 192.168.2.2 08/01/2003 00:00:06 sending ACK to 192.168.2.4
Did Malwarebytes scan but came up clear.
How so we/I know that the hacker didnt succeed?
Where do these scans come from?
Thank you for all your help, and for reading.
Also did some netstat -b and netstat -n commands, they came up clear. Can post the log if you wish.
Edited by Shadowdance, 12 April 2011 - 12:02 PM.