1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Strange MSG From Kernel Log <--- Hacked Router ?

Discussion in 'Tomato Firmware' started by rshakin, Sep 30, 2007.

  1. rshakin

    rshakin Network Guru Member

    Hello All, I have a serious problem once in a while my router cpu usage goes up all the way to 2.0. I am using Tomato, version 0.7

    Sep 30 14:40:53 unknown user.notice kernel: klogd started: BusyBox v1.2.2 (2007.05.06-15:48+0000)
    Sep 30 14:40:54 unknown user.warn kernel: DROP IN=vlan1 OUT= MAC=00:16:b6:28:55:30:00:09:7b:89:20:01:08:00:45:00:00:30 SRC=189.12.88.45 DST=76.87.86.11 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=47882 DF PROTO=TCP SPT=3456 DPT=5279 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405
    Sep 30 14:40:56 unknown user.warn kernel: DROP IN=vlan1 OUT= MAC=00:16:b6:28:55:30:00:09:7b:89:20:01:08:00:45:00:00:30 SRC=201.91.254.237 DST=76.87.86.11 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=11766 DF PROTO=TCP SPT=2285 DPT=5279 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204

    This is the log from kernel contains alot of these msgs any ideas on whats going on. I checked everything with antivirus on my pc's they came out clean...


    Please Help
     
  2. mraneri

    mraneri LI Guru Member

    Seems as though you have turned on Logging Dropped packets.. It is pretty normal to see a ton of dropped packets hitting the router, some from your ISP, some from probably scary PC's trying to attack you. Your router is working properly, and you should be protected.

    When I keep logging on, I record probably an average of 5-10 dropped packets per minute...

    You probably just want to turn off this logging...

    If you want to see if your PC is safe, go to www.grc.com and click on Shields UP! and run their port scans. This will let you know if you have anything to worry about..

    For fun, leave the dropped packet logs on until your done with the port scanning, and see what shows up in your router log...
     
  3. der_Kief

    der_Kief Super Moderator Staff Member Member

    if you're really using 0.7 then it's time for a update :wink:

    der_Kief
     
  4. danix71

    danix71 LI Guru Member

    der_Kief, give the man the link too...:)
     
  5. rshakin

    rshakin Network Guru Member

    no sorry i meant 1.07
     
  6. danix71

    danix71 LI Guru Member

    I have the same Tomato 1.07. Never logging errors, never such a CPU high-usage. Ok, question: problems with the router beside errors ?
     
  7. roadkill

    roadkill Super Moderator Staff Member Member

    you can upgrade anyway.. 1.09 is out
     
  8. danix71

    danix71 LI Guru Member

    roadkill, do you have 1.09 on your GL's ? How is it ?
     
  9. roadkill

    roadkill Super Moderator Staff Member Member

    I installed my mod based on 1.09 but it shouldn't be that different I think conntrack is behaving better... and dnsmasq got upgraded to version 2.4.0
     
  10. danix71

    danix71 LI Guru Member

    Ahh, oke. So, not much different (I don't even use Dnsmasq...).
     
  11. roadkill

    roadkill Super Moderator Staff Member Member

    Dnsmasq is used for DNS,DHCP..
    :grin:
     

Share This Page