Help interpreting firewall log

fagun

I've got almost non-existent interent connectivity following LLU by TalkTalk, though my Safecom router implies a theoretical 5MB connection.

The firewall log has a large number of blocked access attempts. I am taking comfort that they're being blocked, but could this result in some sort of denial of service, explaining my lack of connectivity?

Please can someone technical have a quick look:

14 November 2006 20:05:27 Blocked access attempt from 89.241.158.213:2600 to TCP port 5900
14 November 2006 20:05:59 Blocked access attempt from 89.241.158.213:3846 to TCP port 5900
14 November 2006 20:06:02 Blocked access attempt from 89.241.158.213:3846 to TCP port 5900
14 November 2006 20:06:07 Blocked access attempt from 89.241.65.24:1315 to TCP port 445
14 November 2006 20:06:10 Blocked access attempt from 89.241.104.209:2486 to TCP port 445
14 November 2006 20:06:13 Blocked access attempt from 89.241.104.209:2486 to TCP port 445
14 November 2006 20:06:20 Blocked access attempt from 82.129.177.91:2945 to TCP port 4484
14 November 2006 20:06:20 Blocked access attempt from 84.13.6.154:3201 to TCP port 135
14 November 2006 20:06:23 Blocked access attempt from 82.129.177.91:2945 to TCP port 4484
14 November 2006 20:06:35 Blocked access attempt from 89.241.94.244:2771 to TCP port 445
14 November 2006 20:06:39 Blocked access attempt from 89.241.94.244:2771 to TCP port 445
14 November 2006 20:06:54 Blocked access attempt from 89.241.77.173:3104 to TCP port 445
14 November 2006 20:06:57 Blocked access attempt from 89.241.77.173:3104 to TCP port 445
14 November 2006 20:06:58 Blocked access attempt from 89.173.65.227:1077 to TCP port 135
14 November 2006 20:07:26 Blocked access attempt from 89.241.110.139:2415 to TCP port 135
14 November 2006 20:07:35 Blocked access attempt from 89.241.124.174:2391 to TCP port 135
14 November 2006 20:08:07 Blocked access attempt from 89.241.24.29:3707 to TCP port 445
14 November 2006 20:08:10 Blocked access attempt from 89.241.95.205:25529 to TCP port 135
14 November 2006 20:08:19 Blocked access attempt from 89.241.225.142:2770 to TCP port 445
14 November 2006 20:08:32 Blocked access attempt from 81.137.59.236:2892 to TCP port 4484
14 November 2006 20:08:49 Blocked access attempt from 71.164.162.190:3447 to TCP port 4484
14 November 2006 20:08:52 Blocked access attempt from 71.164.162.190:3447 to TCP port 4484
14 November 2006 20:09:01 Blocked access attempt from 84.13.6.154:2142 to TCP port 135
14 November 2006 20:09:12 Blocked access attempt from 89.241.33.23:1468 to TCP port 445
14 November 2006 20:09:15 Blocked access attempt from 89.241.33.23:1468 to TCP port 445
14 November 2006 20:09:18 Blocked access attempt from 121.82.134.54:2607 to TCP port 445
14 November 2006 20:09:21 Blocked access attempt from 121.82.134.54:2607 to TCP port 445
14 November 2006 20:09:27 Blocked access attempt from 121.82.134.54:2607 to TCP port 445
14 November 2006 20:09:29 Blocked access attempt from 89.241.159.133:2415 to TCP port 445
14 November 2006 20:09:36 Blocked access attempt from 89.241.65.24:2404 to TCP port 445
14 November 2006 20:09:39 Blocked access attempt from 89.241.65.24:2404 to TCP port 445
14 November 2006 20:10:26 Blocked access attempt from 89.241.124.174:1717 to TCP port 445
14 November 2006 20:10:50 Blocked access attempt from 89.241.23.46:4488 to TCP port 135
14 November 2006 20:11:14 Blocked access attempt from 69.151.97.93:3814 to TCP port 4484
14 November 2006 20:11:26 Blocked access attempt from 89.241.124.174:2726 to TCP port 135
14 November 2006 20:11:52 Blocked access attempt from 89.241.137.172:3056 to TCP port 445
14 November 2006 20:12:32 Blocked access attempt from 89.241.111.247:1677 to TCP port 445
14 November 2006 20:12:35 Blocked access attempt from 89.241.111.247:1677 to TCP port 445
14 November 2006 20:13:34 Blocked access attempt from 14.67.23.64:31032 to UDP port 1026
14 November 2006 20:14:28 Blocked access attempt from 89.241.72.158:2748 to TCP port 135
14 November 2006 20:14:30 Blocked access attempt from 89.241.70.132:4630 to TCP port 135
14 November 2006 20:14:31 Blocked access attempt from 89.241.72.158:2748 to TCP port 135
14 November 2006 20:14:33 Blocked access attempt from 89.241.70.132:4630 to TCP port 135
14 November 2006 20:14:53 Blocked access attempt from 89.241.186.204:3287 to TCP port 445
14 November 2006 20:14:54 Blocked access attempt from 89.241.115.40:3463 to TCP port 135
14 November 2006 20:14:56 Blocked access attempt from 89.241.186.204:3287 to TCP port 445
14 November 2006 20:14:56 Blocked access attempt from 89.241.115.40:3463 to TCP port 135
14 November 2006 20:15:15 Blocked access attempt from 89.241.231.237:1733 to TCP port 135
14 November 2006 20:15:18 Blocked access attempt from 89.241.231.237:1733 to TCP port 135
14 November 2006 20:15:20 Blocked access attempt from 89.241.65.24:3809 to TCP port 445
14 November 2006 20:15:41 Blocked access attempt from 89.241.186.204:1524 to TCP port 445
14 November 2006 20:15:42 Blocked access attempt from 89.241.153.3:2109 to TCP port 135
14 November 2006 20:15:44 Blocked access attempt from 89.241.186.204:1524 to TCP port 445
14 November 2006 20:15:48 Blocked access attempt from 89.241.106.223:2431 to TCP port 445
14 November 2006 20:15:50 Blocked access attempt from 84.227.248.127:28297 to UDP port 4484
14 November 2006 20:15:51 Blocked access attempt from 89.241.106.223:2431 to TCP port 445
14 November 2006 20:15:53 Blocked access attempt from 210.233.204.11:12989 to UDP port 4484
14 November 2006 20:15:54 Blocked access attempt from 216.93.154.4:46772 to UDP port 4484
14 November 2006 20:15:56 Blocked access attempt from 68.49.115.220:39791 to UDP port 4484
14 November 2006 20:15:57 Blocked access attempt from 81.214.252.239:50402 to UDP port 4484
14 November 2006 20:16:00 Blocked access attempt from 71.247.99.88:50494 to UDP port 4484
14 November 2006 20:16:00 Blocked access attempt from 67.170.191.222:45191 to UDP port 4484
14 November 2006 20:16:03 Blocked access attempt from 82.21.23.145:3568 to UDP port 4484
14 November 2006 20:16:06 Blocked access attempt from 68.170.168.42:11097 to UDP port 4484
14 November 2006 20:16:09 Blocked access attempt from 202.125.143.65:25803 to UDP port 4484
14 November 2006 20:16:09 Blocked access attempt from 81.99.250.30:23683 to UDP port 4484
14 November 2006 20:16:17 Blocked access attempt from 202.125.143.65:14520 to TCP port 4484
14 November 2006 20:16:20 Blocked access attempt from 202.125.143.65:14520 to TCP port 4484
14 November 2006 20:16:26 Blocked access attempt from 202.125.143.65:14521 to TCP port 4484
14 November 2006 20:16:46 Blocked access attempt from 89.241.80.105:4910 to TCP port 135
14 November 2006 20:16:59 Blocked access attempt from 89.241.33.23:2360 to TCP port 445
14 November 2006 20:17:23 Blocked access attempt from 89.240.140.119:2679 to TCP port 445
14 November 2006 20:17:27 Blocked access attempt from 64.145.129.114:41010 to UDP port 4484
14 November 2006 20:18:04 Blocked access attempt from 84.13.6.154:2081 to TCP port 135
14 November 2006 20:18:16 Blocked access attempt from 89.241.144.212:3777 to TCP port 135
14 November 2006 20:18:16 Blocked access attempt from 89.241.126.189:4753 to TCP port 135
14 November 2006 20:18:18 Blocked access attempt from 89.241.54.152:4714 to TCP port 135
14 November 2006 20:18:19 Blocked access attempt from 89.241.126.189:4753 to TCP port 135
14 November 2006 20:18:27 Blocked access attempt from 84.13.33.251:2984 to TCP port 445
14 November 2006 20:18:29 Blocked access attempt from 84.13.33.251:2984 to TCP port 445
14 November 2006 20:18:37 Blocked access attempt from 89.241.53.178:2653 to TCP port 445
14 November 2006 20:18:40 Blocked access attempt from 89.241.53.178:2653 to TCP port 445
14 November 2006 20:18:48 Blocked access attempt from 89.241.118.51:4861 to TCP port 135
14 November 2006 20:19:00 Blocked access attempt from 89.241.74.50:2644 to TCP port 135
14 November 2006 20:19:02 Blocked access attempt from 89.240.142.59:3122 to TCP port 135
14 November 2006 20:19:12 Blocked access attempt from 89.241.16.39:2953 to TCP port 445
14 November 2006 20:19:15 Blocked access attempt from 89.241.16.39:2953 to TCP port 445
14 November 2006 20:19:37 Blocked access attempt from 87.123.19.120:1684 to TCP port 4484
14 November 2006 20:19:40 Blocked access attempt from 87.123.19.120:1684 to TCP port 4484
14 November 2006 20:19:46 Blocked access attempt from 87.123.19.120:1684 to TCP port 4484
14 November 2006 20:19:52 Blocked access attempt from 89.241.152.213:4568 to TCP port 445
14 November 2006 20:19:55 Blocked access attempt from 89.241.152.213:4568 to TCP port 445
14 November 2006 20:20:06 Blocked access attempt from 89.241.95.205:33985 to TCP port 135
14 November 2006 20:20:10 Blocked access attempt from 89.241.95.205:33985 to TCP port 135
14 November 2006 20:20:46 Blocked access attempt from 84.13.6.154:4942 to TCP port 135
14 November 2006 20:20:46 Blocked access attempt from 204.16.210.10:54635 to UDP port 1026
14 November 2006 20:20:46 Blocked access attempt from 204.16.210.10:54635 to UDP port 1027
14 November 2006 20:20:59 Blocked access attempt from 89.241.110.139:4888 to TCP port 135
14 November 2006 20:21:03 Blocked access attempt from 89.241.118.51:4418 to TCP port 135
14 November 2006 20:21:06 Blocked access attempt from 89.241.23.46:1701 to TCP port 135
14 November 2006 20:21:10 Blocked access attempt from 89.241.110.139:2169 to TCP port 135
14 November 2006 20:21:12 Blocked access attempt from 89.241.231.237:4985 to TCP port 135
14 November 2006 20:21:12 Blocked access attempt from 89.241.110.139:2169 to TCP port 135
14 November 2006 20:21:15 Blocked access attempt from 89.241.231.237:4985 to TCP port 135
14 November 2006 20:21:32 Blocked access attempt from 89.241.124.174:2975 to TCP port 135
14 November 2006 20:21:35 Blocked access attempt from 89.241.124.174:2975 to TCP port 135
14 November 2006 20:21:44 Blocked access attempt from 89.241.106.223:3898 to TCP port 445
14 November 2006 20:21:47 Blocked access attempt from 89.241.106.223:3898 to TCP port 445
14 November 2006 20:21:57 Blocked access attempt from 89.241.95.205:22561 to TCP port 135
14 November 2006 20:22:15 Blocked access attempt from 84.13.6.154:1701 to TCP port 445
14 November 2006 20:22:18 Blocked access attempt from 84.13.6.154:1701 to TCP port 445
14 November 2006 20:22:37 Blocked access attempt from 89.241.72.158:2486 to TCP port 445
14 November 2006 20:22:39 Blocked access attempt from 89.241.126.189:1580 to TCP port 135
14 November 2006 20:22:40 Blocked access attempt from 89.241.72.158:2486 to TCP port 445
14 November 2006 20:22:42 Blocked access attempt from 89.241.126.189:1580 to TCP port 135
14 November 2006 20:22:57 Blocked access attempt from 89.240.233.205:1505 to TCP port 135
14 November 2006 20:23:00 Blocked access attempt from 89.240.233.205:1505 to TCP port 135
14 November 2006 20:23:26 Blocked access attempt from 204.16.210.42:49725 to UDP port 1026
14 November 2006 20:23:26 Blocked access attempt from 204.16.210.42:49725 to UDP port 1027
14 November 2006 20:23:26 Blocked access attempt from 204.16.210.42:49726 to UDP port 1026
14 November 2006 20:23:31 Blocked access attempt from 89.241.29.217:47552 to TCP port 135
14 November 2006 20:23:34 Blocked access attempt from 89.241.29.217:47552 to TCP port 135
14 November 2006 20:23:34 Blocked access attempt from 24.236.105.243:3148 to TCP port 4484
14 November 2006 20:23:35 Blocked access attempt from 89.241.110.139:2447 to TCP port 135
14 November 2006 20:23:37 Blocked access attempt from 24.236.105.243:3148 to TCP port 4484
14 November 2006 20:23:47 Blocked access attempt from 89.241.124.2:1794 to TCP port 139
14 November 2006 20:23:50 Blocked access attempt from 89.241.124.2:1794 to TCP port 139
14 November 2006 20:24:02 Blocked access attempt from 89.240.142.59:3887 to TCP port 135
14 November 2006 20:24:09 Blocked access attempt from 89.241.115.253:2135 to TCP port 135
14 November 2006 20:24:12 Blocked access attempt from 89.241.72.158:2399 to TCP port 445
14 November 2006 20:24:15 Blocked access attempt from 89.241.72.158:2399 to TCP port 445
14 November 2006 20:24:30 Blocked access attempt from 89.241.133.55:1520 to TCP port 445
14 November 2006 20:24:33 Blocked access attempt from 89.241.133.55:1520 to TCP port 445
14 November 2006 20:24:54 Blocked access attempt from 89.241.86.58:4973 to TCP port 445
14 November 2006 20:24:57 Blocked access attempt from 89.241.86.58:4973 to TCP port 445
14 November 2006 20:25:12 Blocked access attempt from 89.241.153.3:2595 to TCP port 135
14 November 2006 20:25:29 Blocked access attempt from 89.241.67.9:3068 to TCP port 135
14 November 2006 20:25:34 Blocked access attempt from 172.159.220.106:55968 to TCP port 4484
14 November 2006 20:25:37 Blocked access attempt from 172.159.220.106:55968 to TCP port 4484
14 November 2006 20:25:59 Blocked access attempt from 89.241.186.204:3159 to TCP port 135
14 November 2006 20:26:02 Blocked access attempt from 89.241.186.204:3159 to TCP port 135
14 November 2006 20:26:05 Blocked access attempt from 89.241.74.50:3703 to TCP port 445
14 November 2006 20:26:08 Blocked access attempt from 89.241.74.50:3703 to TCP port 445
14 November 2006 20:26:40 Blocked access attempt from 89.241.133.55:4794 to TCP port 445
14 November 2006 20:26:43 Blocked access attempt from 89.241.133.55:4794 to TCP port 445
14 November 2006 20:27:18 Blocked access attempt from 89.241.147.112:3818 to TCP port 135
14 November 2006 20:27:21 Blocked access attempt from 89.241.147.112:3818 to TCP port 135
14 November 2006 20:27:35 Blocked access attempt from 89.241.56.93:1689 to TCP port 445
14 November 2006 20:27:38 Blocked access attempt from 89.241.56.93:1689 to TCP port 445
14 November 2006 20:27:56 Blocked access attempt from 89.240.99.184:3128 to TCP port 139
14 November 2006 20:27:59 Blocked access attempt from 89.240.99.184:3128 to TCP port 139
14 November 2006 20:28:01 Blocked access attempt from 84.112.18.206:2313 to TCP port 4484
14 November 2006 20:28:04 Blocked access attempt from 84.112.18.206:2313 to TCP port 4484
14 November 2006 20:28:04 Blocked access attempt from 89.149.59.47:4297 to TCP port 135
14 November 2006 20:28:07 Blocked access attempt from 89.149.59.47:4297 to TCP port 135
14 November 2006 20:28:17 Blocked access attempt from 89.241.144.212:3379 to TCP port 135
14 November 2006 20:28:27 Blocked access attempt from 201.253.144.210:63466 to UDP port 137
14 November 2006 20:28:31 Blocked access attempt from 89.241.113.144:1537 to TCP port 1433
14 November 2006 20:28:35 Blocked access attempt from 89.241.113.144:1537 to TCP port 1433
14 November 2006 20:28:36 Blocked access attempt from 89.241.74.50:3961 to TCP port 135
14 November 2006 20:28:52 Blocked access attempt from 89.100.23.241:1692 to TCP port 80
14 November 2006 20:28:55 Blocked access attempt from 89.100.23.241:1692 to TCP port 80
14 November 2006 20:28:57 Blocked access attempt from 204.16.210.80:32932 to UDP port 1026
14 November 2006 20:29:36 Blocked access attempt from 89.241.130.17:1342 to TCP port 445
14 November 2006 20:29:39 Blocked access attempt from 89.241.130.17:1342 to TCP port 445
14 November 2006 20:29:58 Blocked access attempt from 84.13.6.154:3348 to TCP port 135
14 November 2006 20:30:02 Blocked access attempt from 89.241.72.183:1177 to TCP port 139
14 November 2006 20:30:10 Blocked access attempt from 89.241.130.17:2650 to TCP port 445
14 November 2006 20:30:13 Blocked access attempt from 89.241.130.17:2650 to TCP port 445
14 November 2006 20:30:32 Blocked access attempt from 89.241.85.125:4048 to TCP port 135
14 November 2006 20:30:32 Blocked access attempt from 89.241.85.125:4054 to TCP port 445
14 November 2006 20:30:37 Blocked access attempt from 89.241.67.9:2749 to TCP port 445
14 November 2006 20:30:40 Blocked access attempt from 89.241.67.9:2749 to TCP port 445
14 November 2006 20:30:58 Blocked access attempt from 89.241.116.243:4251 to TCP port 445
14 November 2006 20:31:01 Blocked access attempt from 89.241.116.243:4251 to TCP port 445
14 November 2006 20:31:15 Blocked access attempt from 89.241.30.79:3592 to TCP port 135
14 November 2006 20:31:28 Blocked access attempt from 89.241.215.231:4087 to TCP port 135
14 November 2006 20:31:28 Blocked access attempt from 89.241.215.231:4093 to TCP port 135
14 November 2006 20:31:29 Blocked access attempt from 89.241.23.46:2859 to TCP port 135
14 November 2006 20:31:32 Blocked access attempt from 89.241.124.2:3827 to TCP port 139

moneyuser

Seems unlikely it's a dos attack. I suggest you run the Norton security check and make sure your ports are in stealth mode rather than just closed.

Your problem is more likely to be your dodgy ISP whose network can't cope.

Open a command prompt (Start->Run->Cmd) and do a tracert to see where things are slowing down e.g.

c:\>tracert https://www.moneysavingexpert.com

MadCowMan

It does seem like you'r getting a port scan , but as long as you dont have those ports forwarded to any internal machines with appropriate services running that I dont thin you'll have a problem. The fact that they are logged in your firewall means the connections are being sucessfully dropped. DoS attacks often requre the router not to drop the connection , but to hold them in a half open state to tie up more resources.

Traceroute could help , in addition to trying a speed test.

eg. http://www.adslguide.org.uk/tools/speedtest.asp

fagun

Speedtests are abysmal. I'll do a tracert this evening.

I've done a GRC Shields Up scan which shows that all ports are in stealth mode. I've got ZoneAlarm on my PC which has no logged items. Plus lots of antispyware software loaded.


Thanks for the reassurance

MadCowMan

I'd trust GRC about as much as I could sneeze it


however if you router isn't forwarding any morts, and you havn't selected a default 'DMZ' box , then you'll be fine.

Zonealarm should keep an eye open for any potential rogue software on yoru machine making outbound connections , so you have a good belt & braces setup.

However for completness sake , try connecting with Zonealarm disabled briefly and see if it makes any difference ( hopefully it wont' )

do you just have the one machine on your network ?

Do you run wireless ?

espresso

albertross wrote:

Consider buying a router, it gives an added layer of security..........

What another one?

albertross_2

espresso wrote:

What another one?

2 is always better than 1;)

I'll read the post better in future!

dawn_b

open DOS and type ipconfig to check out what your IP address is, to find out if it is on this list. A lot of them seem to be coming from 89.241.xxx.xxx, belonging to Opal Telecoms ISP in Manchester according to RIPE; their users probably have trojans or worms.

fagun

MadCowMan wrote:

I'd trust GRC about as much as I could sneeze it

Oh? Is there a better scanner?

MadCowMan wrote:

however if you router isn't forwarding any morts, and you havn't selected a default 'DMZ' box , then you'll be fine.

Since both Zonealarm and Safecom logs are only logging failed attempts, how do I check to see if there are successful ones? I've not touched the default router settings for the DMZ - so I'm assuming there isn't one running.

MadCowMan wrote:

do you just have the one machine on your network ?
Do you run wireless ?

Ethernet for home computer. Other half uses wireless for work, but this is through VPN. I've got WPA-PSK with a 64 character randomly generated key. And I've MAC-restricted access to the router, so in theory only those two computers should be able to access it.

MadCowMan

I presume both machines see the same symptoms ?

Do you have zonealarm set to ask before it allows a given application external access ?

In terms of scanners , its depends on what you are going to look for, but you'd be better off getting someone else to run a port scan for you.

albertross_2

If your router is configured properly, ZA should log any failed attempts from the outside world, the fact that you are not getting anything in ZA, means you are safe.

The is an alternative scanner at http://www.dslreports.com/tools (currently down)
but grc is fine imo.

Assuming that you are using NAT, then it will be testing your router rather than your PC.

VPN may need you to drop your mtu to 1400 or so, because of the extra packet length.

Do you get the same slowness if you plug it in and use a wired ethernet connection?