Log events (check my log please)

Hi all,

I found this in my logs. It’s doing this every minute.

Date/Time :2007-07-24 23:34:23
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.x.x, Port = 8008)
Protocol: UDP Incoming
Source: 192.168.x.x:3073 own network / router
Destination: 192.168.x.x:8008 my notebook
Reason: Network Control Rule ID = 8

Can someone shine a light on this for me ???

Thanks :smiley:

Port 8008 is known as the HTTP Alternative port… which doesn’t help much. Are you running any sort of HTTP Server on your Notebook? Also can you confirm that the source (192.168.x.x:3073) is your router. If so, the source port of 3073 UDP (aka. VCRP Very simple Chat Room Protocol) might be relevant. What type/model is your router?

On my notebook is IIS on.
The IP adress was the one of my router as far is I know. It’s a Sitecom WL-143.
Will check my logs later to see if it happens again.

OK, some more questions in the mean time. ;D Do you use a LAN URL to access the WL-143? Have you set-up any Port Forwarding on the WL-143? Do you use any P2P applications?

First: Today I didn’t see the notice in the logs anymore.

  1. What do you mean by a LAN URL ? The IP to access the router (configuration) ?
    2/3. Yes I’ve got some Port Forwarding (Utorrent / Azureus / E-mule).

Today I didn’t used Azureus/Utorrent, yesterday I did. Could it be that ? I forwarded the correct port, but I couldn’t connect yesterday. NAT was false.

Yes, the NAT could easily be the cause, its certainly in the right area. As you probably know, the NAT should allow the router to “transparently” route External Internet IP packets to the PC(s). ie. CFP would not be aware the IP packets had been routed. Does the router generate logs of… events?

No to bad, it doesn’t log anything. Just a simple home router ;D
But I guess the NAT was the ‘bad guy’ then. At least I know what it presumably was.

Thanks for the help kail :■■■■