concerns about router log entries+connection brake-downs

Hi everyone,

I have two questions/problems. Both with my adsl connection, but not related in any way to cpf or any comodo stuff (I think so).

I have a MSI rg54g3 wireless router, connected to a D-Link adsl modem provided by my ISP.
The first, and more problematic thing is that recently my connection brakes down very often (between the router and the modem) This was a problem when my net was new, aprox. one year ago, but it disapeared. I thought forever, but since 4-5 days ago it started again, and there are periods when it brakes down every 3 minute. I couldn’t find any logical cause or solution to this yet. The only thing that I can do, is to go downstairs, unplug the modem (cut off the power=restart it) then replug and go upstairs, check the connection and realize that its still broken. Than repeat step one, sometimes I also restart the router the same way (not reset) and pray that it reconnects and it eventualy does it. And its never the same. Sometimes it needs only one modem restart, other times router+modem restart…And I couldn’t make out definitively who is guilty in this (the modem or the router) The fact that a router reboot from its web interface is ineffective in the 95% of cases, I would blame the modem. But on the other hand, when one year ago when this first started, I called the ISP and they told me that I am online, even though my router couldn’t connect to the modem. So the problem is between the modem and the router. (a cable change hadn’t helped btw) The exact cause is still a mistery for me. It seems that sometimes the modem doesn’t respond to the routers connection query. If I look up the logs on the router the scenario is usually sth similar to the following:

Wed Jun 01 23:18:44 2005 Unrecognized attempt blocked from 86.35.247.143:20458 to 213.178.112.94 UDP:36734
Wed Jun 01 23:18:47 2005 Unrecognized attempt blocked from 84.0.101.93:1942 to 213.178.112.94 TCP:36734
Wed Jun 01 23:18:48 2005 Unrecognized attempt blocked from 86.35.247.143:20458 to 213.178.112.94 UDP:36734
Wed Jun 01 23:18:50 2005 Unrecognized attempt blocked from 86.35.247.143:31451 to 213.178.112.94 TCP:36734
Wed Jun 01 23:18:51 2005 Unrecognized attempt blocked from 86.35.247.143:20458 to 213.178.112.94 UDP:36734
Wed Jun 01 23:18:53 2005 Unrecognized attempt blocked from 84.0.101.93:1942 to 213.178.112.94 TCP:36734
Wed Jun 01 23:20:36 2005 Unallowed access from 00-17-3F-0D-B9-86
Wed Jun 01 23:20:41 2005 Unallowed access from 00-17-3F-0D-B9-86
Wed Jun 01 23:20:43 2005 Connection is broken
Wed Jun 01 23:20:43 2005 PPPoE start to hang-up
Wed Jun 01 23:20:48 2005 PADT sent
Wed Jun 01 23:20:51 2005 Unallowed access from 00-17-3F-0D-B9-86
Wed Jun 01 23:20:52 2005 DOD:192.168.1.112 query DNS for gateway.messenger.hotmail.com
Wed Jun 01 23:20:52 2005 PPPoE start to dial-up
Wed Jun 01 23:20:52 2005 PADI sent interware
Wed Jun 01 23:20:52 2005 PADI sent interware
Wed Jun 01 23:20:53 2005 PADI sent interware
Wed Jun 01 23:20:56 2005 Unallowed access from 00-17-3F-0D-B9-86
Wed Jun 01 23:20:58 2005 DOD:TCP trigger from 192.168.1.112:2542 to 72.14.211.99:80
Wed Jun 01 23:20:58 2005 PPPoE start to dial-up
Wed Jun 01 23:20:58 2005 PADI sent interware
Wed Jun 01 23:20:58 2005 PADI sent interware
Wed Jun 01 23:20:59 2005 PADI sent interware
Wed Jun 01 23:21:03 2005 DOD:192.168.1.112 query DNS for gateway.messenger.hotmail.com
Wed Jun 01 23:21:03 2005 PPPoE start to dial-up
Wed Jun 01 23:21:03 2005 PADI sent interware
Wed Jun 01 23:21:03 2005 PADI sent interware
Wed Jun 01 23:21:04 2005 PADI sent interware
Wed Jun 01 23:21:07 2005 DOD:192.168.1.112 query DNS for gateway.messenger.hotmail.com

213.178.112.94 was my actual IP address asigned by my ISP. Do you see the repeating sequence after the connection brake down? (the reconection attempts?) Well this can continue on forever, it can’t reconnect. And where the WAN Ip should be displayed there is a message: gateway unreachable. As if the router couldn’t see the modem. Its really annoying btw…Do you know the cause? Or any solution? All help is appreciated.

My second question is about those “Unrecognized attempt blocked” entries in my routers log…followed by the source IP and the destination IP (me). If I have time I use to do a whois lookup, just by curiosity. Sometimes I can relate the entries to one of my browsed sites, but mostly there are not related, as these “attempts” appear also if I don’t even open any internet enabled apps. And at least 2 (usually more) of 5 IPs are from China. While I was typing this post my router catched an attempt from a chinese IP (only one browser window is open, the comodo forums one, which is AFAIK is hosted in the UK) WTF?
The wois search gave this:

netname: HANGZHOU-FOREIGNLANGUAGE-COLLEGE
country: CN
descr: Hangzhou Foreign language college
descr: NULL
admin-c: LZ390-AP
tech-c: CH122-AP
status: ASSIGNED NON-PORTABLE
changed: Whois Privacy and Spam Prevention by DomainTools.com 20040611
mnt-by: MAINT-CN-CHINANET-ZJ-HZ
source: APNIC

role: CHINANET-ZJ Hangzhou
address: No.352 Tiyuchang Road,Hangzhou,Zhejiang.310003
country: CN
phone: +86-571-85157929
fax-no: +86-571-85102776
e-mail: anti_Whois Privacy and Spam Prevention by DomainTools.com
trouble: send spam reports to anti_Whois Privacy and Spam Prevention by DomainTools.com
trouble: and abuse reports to anti_Whois Privacy and Spam Prevention by DomainTools.com
trouble: Please include detailed information and times in UTC
admin-c: CH54-AP
tech-c: CH54-AP
nic-hdl: CH122-AP
mnt-by: MAINT-CHINANET-ZJ
changed: Whois Privacy and Spam Prevention by DomainTools.com 20031204
source: APNIC

person: Luping Zhang
nic-hdl: LZ390-AP
e-mail: Whois Privacy and Spam Prevention by DomainTools.com
address: Xiaoheshan High Teach Park Area Hangzhou
phone: +86-13606642506
country: CN
changed: Whois Privacy and Spam Prevention by DomainTools.com 20040611
mnt-by: MAINT-CN-CHINANET-ZJ-HZ
source: APNIC

What the hell? A fing y*w script kiddie?
And there are also entries of “server host” organization like server4you, theplanet.com etc. I never visited any of them, first saw these after a whois lookup. And the most important thing is that I wasn’t browsing when these appeared…
This kind of stuff has been in the logs ever since I have internet, and I feel that its a really common sympthom these days… but I think it reached the limit: Im fed up with them. (:AGY) (:AGY) (:AGY)

Sorry for the long post, and being a bit hars at some point…any help appreciated. Or tips, opinions…

Well thats sure a long post (phew). It is difficult to diagonise your problem as there are so many things that can go wrong…

Question 1: Suggestions - Check your router’s configuration - it might help to assign each pc with a static ip… Your modem might be trying to assign an IP address to your router and your router doing the same causing a conflict. This can be fixed by changin the mode the router is running in.

Your modems firewall could be blocking the computers attached to your router connecting as they have a different MAC address. Maybe enable UPnP???

Update the firmware on your router / modem maybe.

Question 2: Do you have P2P software running? This will result in many computers connecting to yours. If not, dont worry, your firewall is doing its job!

:■■■■

Hi,

Thanks for the reply. I didn’t try the static IP setting yet, the client addresses are distributed thru DHCP server. The router has to get the external IP from the modem. Its the same as if there wasn’t any router, than that IP would be assigned to my PC. I hope the router doesn’t want to assign anything to the modem…it shouldn’t. Regarding the configuration I tried everything…changeing the radio channel, always on mode to connect on demand, the router IP. The “problem” is that this disconnection issue is periodical and unexpected. I haven’t found the exact cause of it, nor any always-working solution. ???
No its ok btw.

AFAIK my modem doesn’t have any firewall, the MAC addresses blocked in the routers log are my neighbors’s. Some of them, sometimes more than one is trying to connect to MY router constantly… (:AGY)
They can’t do it btw, MAC address filter is on, and my router is the only one in the block that is “not in its default state” WPA-PSK AES encryption enabled, and the router is password protected. If they ■■■■ me off I may teach them a lesson (:WIN) They router is fully open to the air…

UPnP is enabled btw…the only thing fixed by the newer firmware is this: 1. Fix DHCP clients can’t get IP from external server of WDS through the WDS bridge. I dont use this function of the router, but I may try to upgrade…who knows…

No, I wasn’t running any p2p soft…that would have explained those log entries. I know that I can consider myself “safe” but Im fed up with them… OMG what if somebody doesn’t have any sort of firewall… Is the only working solution to just get used to it?
Is there any possibility to ban china with a global IP or IP range? I don’t have anything to do with them…they shouldn’t have to do anything with me either.