Attached is a screenie of my firewall events log; I just set up my Dlink wireless router in conjunction with my cable modem and voIP router.
My feeling is that most if not all of these IPs listed as intrustion attempts are actually ok and should be allowed. My question is: how do I know for sure?
I ran ipconfigu /all and none of these IPs appeared. Is there any way to prove what I think is the case i.e. that these IPs should be part of my network?
Thanks for responding and yes my wireless router does have an enabled firewall. In fact, just yesterday I had do a major reworking because the Dlink firewall was blocking my voIP router.
My stealth ports wizard is using “Define a new trusted network” where I have listed all my current networks but none of those networks contain any of the IPs appearing on my firewall events log. Does that shed any light on this problem? I have 154 blocked intrusion attempts and counting . . . :o
I’m sorry to be so ignorant about this but, what exactly do you mean by “go over the settings” for the hardware firewall? I have access to an online admin site for the Dlink . . . is that were I need go?
The settings to your router. You can usually access it by typing 192.168.1.1 or 192.168.0.1 into your browser URL. You might need a password (you can look in the manual or look it up online).
Ok so that’s what I thought. Yes I do have access to that online. The question is: what must I do when I get there? I was just there a few minutes ago and I did not see any of the IPs listed on the Firewall events in those settings.
Look for firewall settings and see what you are blocking. It looks like your router is letting UDP requests through becuase CFP is blocking them.
None of those IPs look like they belong to your network.
You can use a “whois” to look up each Ip.
The IP 65.55.158.81 belongs to microsoft. http://whois.domaintools.com/65.55.158.81
Look for firewall settings and see what you are blocking.
For my Dlink router, under firewall settings/NAT endpoint filtering/UDP endpoint filtering it is set to address restricted. The other two selections in this area are a) Endpoint Indpendent and b) Port and Address restricted. Is the selected setting (address restricted) part of this problem?
It looks like your router is letting UDP requests through becuase CFP is blocking them.
I don’t quite understand the significance of this: Should my Dlink router be letting in UDP requests or is this a bad thing?
The IP 65.55.158.81 belongs to microsoft.
66.218.71.198 is Yahoo
216.181.134.16 is my voIP provider
195.214.255.243 is someone/company in Bulgaria
125.65.45.55 is someone/company in China
61.153.58.189 is a telecom company in China
Why is microsoft trying to get into my network? Could this be an attempt to update XP? Why is Yahoo trying to get into my network? Should I allow my voIP provider access to my network? I assume I should do this since they are providing my phone service. Is it likely that the IP intrusions from Bulgaria and China are examples of malicious intrusion attempts?
My main concern in all of this that CFP is blocking connections that aren’t malicious and should be allowed resulting in poor internet and/or voIP service.
It depends if you are have your router set to block UDP or not. For example, my router is set to block all incoming requests, so I don’t get any UDPs, TCPs, etc. Can i see a screenshot of what you’re describing above with your router settings?
Sorry, but I don’t why MS, Yahoo and voIP are sending those requests.
As for the China and Bulgaria requests, I wouldn’t let those in. Probably port scans and such.