Battling Peripherals

6 June 2006 16:08
den: (cranky)
[personal profile] den
The office ADSL modem won't hold a connection for more than a few minutes before dropping off. It reconnects when I reboot it, but then it loses the connection again. The router log tells me
"Unrecognized attempt blocked from 10.0.0.138:137 to 10.0.0.1 UDP:137" every 10-20 seconds, as the connection drops out. (10.0.0.138 is the modem) The weird part is that the BBC Radio2 stream isn't affected by this, just email, ftp and WWW.

I've changed nothing in the filters or firewall between yesterday and today.

Bloody hardware.

(reboots modem to post this)
Threaded | Top-Level Comments Only

Date: 6 Jun 2006 10:15 (UTC)
jamesb: (Default)
From: [personal profile] jamesb
It's a pretty good bet that your current WAN-side IP is being probed by a system infected with a trojan/virus.

Do you have any port filtering/firewall running on the router? My server has Port 137 permanently closed.

BTW, Just a wild stab, but are you running a SMC router?

Date: 6 Jun 2006 10:43 (UTC)
From: [identity profile] dewhitton.livejournal.com
I'm not running firewalls in the router, but I will be tomorrow. would IP range = * Port = 137 UDP = Deny do the job?

All the PCs have zonealarm so I'm not too concerned there.

The router is that little d-link you saw at the house.

Date: 6 Jun 2006 11:07 (UTC)
jamesb: (Default)
From: [personal profile] jamesb
I'd go the other way, and block everything and just open the ports you need.

In my D-Link, this is the setup for a system that's not providing a hole for a Web or Mail server:
Action	Name	Source	Dest	Protocol
Deny	Default	*,*	LAN,*	*,*	
Allow	Default	LAN,*	*,*	*,*

Date: 6 Jun 2006 21:58 (UTC)
From: [identity profile] quen-elf.livejournal.com
The BBC stream is different because it's UDP (connectionless) most likely. So that makes that part less weird. Hope you get it sorted anyhow.

Date: 6 Jun 2006 23:04 (UTC)
From: [identity profile] dewhitton.livejournal.com
That was already in there. D-link must install it as a default.

This is the router log from the moment I start the modem:


Wednesday June 07, 2006 08:56:51 DOD:triggered internally
Wednesday June 07, 2006 08:56:51 DHCP:discover()
Wednesday June 07, 2006 08:56:55 DHCP:discover()
Wednesday June 07, 2006 08:57:03 DHCP:discover()
Wednesday June 07, 2006 08:57:19 DHCP:discover()
Wednesday June 07, 2006 08:58:07 DOD:triggered internally
Wednesday June 07, 2006 08:58:07 DHCP:discover()
Wednesday June 07, 2006 08:58:07 DHCP:offer(10.0.0.138)
Wednesday June 07, 2006 08:58:07 DHCP:request(10.0.0.1)
Wednesday June 07, 2006 08:58:08 DHCP:ack(DOL=4294967295,T1=2147483647,T2=3758096384)
Wednesday June 07, 2006 08:58:56 Unrecognized attempt blocked from 10.0.0.138:137 to 10.0.0.1 UDP:137
Wednesday June 07, 2006 08:59:22 Unrecognized attempt blocked from 10.0.0.138:137 to 10.0.0.1 UDP:137
etc

and then I have to reboot the modem to continue my connection.

Date: 7 Jun 2006 00:27 (UTC)
jamesb: (Default)
From: [personal profile] jamesb
As it's your MODEM that keeps needing a reboot, I'd look for the source of the problem in the MODEM itself.

A lot of ADSL MODEMs include their own internal routers, and only need to be connected to a hub. Looking at your router logs, I suspect that your MODEM is running in router mode and is masking what's really going on (like the true source of the port 137 probes). It is usually possible to shut down the router system in the MODEM and rely on an external router instead.

Date: 7 Jun 2006 01:02 (UTC)
From: [identity profile] dewhitton.livejournal.com
I'm looking at it now.

The odd thing is that it's happening now, but the connection is not dropping out and doesn't need a reboot every 5 minutes.
Threaded | Top-Level Comments Only

Profile

den: (Default)
den

April 2023

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526 272829
30      

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated 16 January 2026 14:18
Powered by Dreamwidth Studios