Review of my home broadband router logs (suspicious activity?)

Page 6 of 6  
On 12/25/2015 11:06 PM, Paul M. Cook wrote:

I didn't claim anything of the sort!
I grew up watching scenes from Vietnam every night on TV. Yet, I don't own a gun.
Rather, my comment (below) suggests my concern is that it desensitizes folks to violence.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 25 Dec 2015 23:17:19 -0700, Don Y wrote:

BTW, is that "millons of we kids?" or "millions of us kids?"
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 26 Dec 2015 06:24:50 -0000 (UTC), MWBradburne

Millions of us kids. Us is the object of the preposition "of". Kids is an appositive to us.
Millions of us played Millions of kids played.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/26/2015 12:06 AM, Paul M. Cook wrote:
[snip]

True, and it's almost impossible that could be cause and effect. People can be violent, and then play a game that they get ideas from.
I must have seen a lot of violent things in the last 55 years, and I don't have any desire to do those things.
[snip]
--
Mark Lloyd
http://notstupid.us/
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 25/12/15 21:29, Paul M. Cook wrote:

If you don't have much control what he does on the internet, then perhaps you might feel more secure getting yourself a different ISP.
That can't cost that much.
--
Adrian C

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 25 Dec 2015 23:12:49 +0000, Adrian Caspersz wrote:

I have no idea what that advice is trying to tell me.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 26/12/15 06:07, Paul M. Cook wrote:

Oh well. Bye.
--
Adrian C

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Adrian Caspersz wrote:

There is parental control feature, several blocking method for certain ip address or MAC address, etc. with router firmware. Some times 3rd party firmware is more robust. dd-wrt is one example.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Paul M. Cook wrote:

DMZ = "De-Militarized Zone" it is the name given to a port on your router that can be configured to be completely OPEN to the internet, no firewall, no port blocking, nothing. This may be advantageous for someone running a particular type of server on their home network - an FTP server or Web Server or something that they want to expose to the internet so that it can be accessed from the outside. In such configurations that device usually will have a software type firewall installed to prevent hackers from gaining access.
Most routers I have seen include this feature and it has is uses, but it must be used with extreme caution!
S Sinzig.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Paul M. Cook wrote:

Some one is connceting to one of your device connected. (192.168.1.5 what is this in your family?) using port 9000. You can trace route the other ip address to see what or who this belongs to. Trace route is a DOS command.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 24 Dec 2015 18:34:58 -0700, Tony Hwang wrote:

The 192.168.1.5 IP address belonged to the Sony Playstation. So, for some reason, the port 9000 was being used.
What does this mean though? Is this correct?
Assuming my static public IP address was 1.2.3.4, does this mean that someone, on the Internet, was going to 1.2.3.4:9000, which, somehow (via magic of upnp?) hit my router and then the router "port forwarded" it to the Sony Playstation at 192.168.1.5 at port 9000?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/24/2015 9:35 PM, Paul M. Cook wrote:

No, it means someone was *trying* to connect to port 9000 on the Playstation. If there isn't anything on the Playstation "listening" on port 9000, the connection will be refused/dropped. Note that the port on the remote device can be anything! It needn't be "9000". Ports are just sort of "circuits" and the device can either use a specific one *or* just use the next one that is CURRENTLY available.
Like when you make a call from your employer; most of the time, the PBX just gives you "an outside line"... you have no idea *which* line it will give you. And, you don't care!
OTOH, you *do* care about which line (telephone number) you *call*!

Essentially, yes. In detail... not so much. :>
The router performs Network Address Translation (NAT). "You" (your entire "house") have a single externally visible IP address assigned by your ISP. (it may be constant or may change from day to day; it also may be a PRIVATE address... one that *I* can't see "from here" because it is hiding behind some other NAT mechanism!)
Each of the machines inside your home have their own IP addresses ASSIGNED BY YOUR ROUTER (the DHCP service running therein). These are called "private addresses" and they are very specific. E.g., 192.168.xxx.yyy in your case. NOWHERE on The Internet will you find a machine with one of these addresses! Verbotten!
Because of this, your machines can talk to each other with these private addresses -- and *my* machines, here, can safely use the exact same addresses without any conflict!
[IP addresses that are VISIBLE on The Internet must be UNIQUE; no two machines can have the same IP address, there! But, there aren't enough addresses to handle all of the potential "connections" to The Internet. So, you put a box (router) between YOUR "internet" and The Internet which allows you to create an isolated address domain -- the addresses on YOUR internet are never seen by anyone outside of your house!]
When one of your machines wants to connect to the outside world (e.g., to visit google.com), the NAT software in the router takes the incoming connection from your computer -- let's say it's that playstation at 192.168.1.5 -- and TRANSLATES it to a connection that the *router* originates, using the adddress that your ISP assigned to you (which technically has been assigned to the "out-side" of your router!).
When traffic comes back on that connection *to* the router (because the router is the originating entity, as far as google is concerned), the router massages the message and passes it on to your playstation -- at 192.168.1.5.
At the same time, your PC (using <whatever> *private* IP address the router has assigned to your PC) can also be trying to connect to google.com -- or anything else! The NAT software plays it's translation game and creates ANOTHER connection from the router to google.com. And, the reply that comes from google gets routed back to the PC, not the playstation.
Every connection is defined by a bunch of numbers: the IP address of the originator, the port number that is being used, the protocol, the IP address of the targeted device and the port on the targeted device. The router keeps track of all of this and magically tricks each party -- the "inside" device and the "outside" device -- to think that they are talking directly to each other WITHOUT it's presence in the middle!
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Paul M. Cook wrote:

In short, yes. Your game console or computer or whatever needs to "talk" to another computer on the internet, in this case is uses Port 9000. The router opens Port 9000 and the packets get through to that other computer out there on the internet. To reply, that other computer only knows your static public IP, ie. "1.2.3.4" and sends its packets back to you at that IP on the same port, 9000. Your router receives these packets, and does NAT (Network address translation) translating the packets from 1.2.3.4:9000 (Your public IP) to 192.168.1.5:9000 your private home network IP and sending them there. This happens all time when you are accessing the web, either through HTTP, FTP, SSL, whatever. They all use their own specific ports, (ie HTTP is usually port 80, FTP 20 or 21, etc.)
S Sinzig.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Thanks to everyone here, below is a summary I wrote of my current understanding of just the UPnP versus Port Forwarding issue for setting up the Transmission bittorrent client on Linux (Ubuntu) for optimal speed.
It's written in my words, so, if there are errors in my understanding, I'm fine with you pointing them out!
My summary of what was learned in this thread about UPnP & Port Forwarding
(0) The way things work is that an incoming request to WAN external IP 1.2.3.4 on port 12345 hits the SOHO router. Without port forwarding, the SOHO router will drop that request (or any request to any port).
But, with port forwarding, the router sees the external port WAN request for 1.2.3.4:43101 and it forwards that external port to a static LAN internal port of 192.168.1.10:43101, which the Transmission client is listening on for upload requests (which apparently require both TCP & UDP messages). (Transmission settings are in $HOME/.config/transmission/settings.json)
(1) Since bittorrent maintains two download queues, the first priority going to those who are uploading data and the second going to those who are not uploading data, if I'm not uploading data, then I will only download data when the first queue is empty.
(2) That means two different things if I don't open a port to the world: - For those people with public sockets, I will be in the first queue because they can get data from me even though I don't have a public socket myself. - For those people without public sockets, I will be in the second queue because, to them, I'm not uploading any data because I don't have a public upload socket open.
(3) Overall, not opening a port will probably increase my download times (depending on a combination of how many other people have public sockets open and on how full that first queue is).
(4) The *easiest* way to open a port for those external clients who do not have a public socket is to simply turn on UPnP on both the SOHO router and in Transmission. Optionally, if UPnP is turned on in Transmission, I can set Transmission to use a random port each time the application is started.
(5) The *safest* way to open a port is to turn off UPnP in both the SOHO router and in the Transmission app, and just manually forward a port in the router & set that same port in Transmission. Pick a random port between 49152 & 65535. The default is 51413. https://trac.transmissionbt.com/wiki/PortForwardingGuide However, there are a bunch of things you have to do in order to accomplish that task: (a) You'll need to have your computer on a static IP address on the LAN (e.g., 192.168.1.10). This can be set (based on the computer wlan0 MAC address) by the router, or, this can be set on the Ubuntu computer. (b) You'll need to select an unused external/internal port set to forward UDP & TCP packets to (e.g., port 51413) (This port needs to be between 1025 and 65535.) (c) You'll want to doublecheck your /etc/services files to ensure whatever port you chose is not being otherwise used. In my case, there are no ports in /etc/services between port 27374 & 30865, and only 3 ports higher than 30865 , so, all other ports are fair game. Application = trans
NOTE: There are other things you can set to improve Transmission speeds! http://falkhusemann.de/blog/2012/07/transmission-utp-and-udp-buffer-optimizations/
REFERENCES: http://portforward.com/help/portforwarding.htm http://portforward.com/english/routers/port_forwarding http://portforward.com/english/routers/port_forwarding/Netgear/WNDR3400v2/Transmission.htm http://techsupportalert.com/content/optimizing-transmission-bittorrent-client-speed.htm https://trac.transmissionbt.com/wiki/PortClosed
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.