Hello TB'ers, Any ideals why my router firewall SMC7004FW would send an intrusion email alert on a SYN flood with a source in RU per the following URL:
http://www.ripe.net/perl/whois?form_type=simple&full_query_string=&searchtext=213.180.193.68&Advanced+search=Advanced+search with my IP address as the source, then followed shortly thereafter with another email alert where the source is my present IP address? Trojan, WinXP security hole, etc.? I sent this to 3 TB lists, not knowing which would be the most appropriate. Here are the whole messages in both email: ,----- [ 1st message with my IP as destination ] | Dear User | Your router has detected and protected you against an attempt to gain | access to your network. This may have been an attempted hacker intrusion, | or perhaps just your Internet Service Provider doing routine network | maintenance. | Most of these network probes are nothing to be worried about - these types | of random probes should NOT be reported, but you may want to report repeated | intrusions attempts. Save this email for comparison with future alert | messages. | Your router Alert Information | | Time: 07/18/2004, 11:17:23 | Message: SYN Flood to Host | Source: 213.180.193.68, 52433 | Destination:24.145.174.198, 8090 | | | Visit the UXN Combat Spam web site to get more detailed information about | the intruder - http://combat.uxn.com/ | 1. Type the intruder's IP address into the IP WHOIS search engine | 2. Click the Query Button | 3. Detailed network and administration information will be displayed `----- ,----- [ 2nd message with my IP as source? ] | Dear User | Your router has detected and protected you against an attempt to gain | access to your network. This may have been an attempted hacker intrusion, | or perhaps just your Internet Service Provider doing routine network | maintenance. | Most of these network probes are nothing to be worried about - these types | of random probes should NOT be reported, but you may want to report repeated | intrusions attempts. Save this email for comparison with future alert | messages. | Your router Alert Information | | Time: 07/18/2004, 11:17:48 | Message: TCP Null Scan | Source: 24.145.174.198, 32771 | Destination:63.99.224.63, 25 | | | Visit the UXN Combat Spam web site to get more detailed information about | the intruder - http://combat.uxn.com/ | 1. Type the intruder's IP address into the IP WHOIS search engine | 2. Click the Query Button | 3. Detailed network and administration information will be displayed `----- Please note that my IP address can be verified per TBUDL mid:[EMAIL PROTECTED] sent earlier today. Any ideals? TIA! -- Best Regards, Greg Strong Using The Bat! v2.12.00 on Windows XP 5.1 Build 2600 Service Pack 1 ________________________________________________________ http://www.silverstones.com/thebat/TBUDLInfo.html
