New Poster
•
1 Message
I've problems
I'm getting slow speeds an seems only my devices on my network continue to have malicious problems. Attached it the firewall log for the last week. How this look?
FW.IPv6 INPUT drop
, 2134
Attempts, 2021/3/12 05:40:56 Firewall Blocked
FW.IPv6 FORWARD drop
, 2061
Attempts, 2021/3/12 05:40:56 Firewall Blocked
FW.IPv6 FORWARD drop
, 4979
Attempts, 2021/3/11 18:58:01 Firewall Blocked
FW.IPv6 INPUT drop
, 4576
Attempts, 2021/3/11 18:58:01 Firewall Blocked
FW.WANATTACK DROP
, 157
Attempts, 2021/3/11 18:58:01 Firewall Blocked
FW.LAN2SELF DROP
, 25
Attempts, 2021/3/11 07:58:01 Firewall Blocked
FW.IPv6 INPUT drop
, 4439
Attempts, 2021/3/10 18:58:01 Firewall Blocked
FW.IPv6 FORWARD drop
, 3840
Attempts, 2021/3/10 18:58:01 Firewall Blocked
FW.LAN2SELF DROP
, 14
Attempts, 2021/3/10 18:58:01 Firewall Blocked
FW.IPv6 INPUT drop
, 6706
Attempts, 2021/3/09 18:58:01 Firewall Blocked
FW.IPv6 FORWARD drop
, 4348
Attempts, 2021/3/09 18:58:01 Firewall Blocked
FW.IPv6 INPUT drop
, 4886
Attempts, 2021/3/08 18:58:01 Firewall Blocked
FW.IPv6 FORWARD drop
, 4450
Attempts, 2021/3/08 18:58:01 Firewall Blocked
FW.WANATTACK DROP
, 46
Attempts, 2021/3/08 06:58:01 Firewall Blocked
FW.IPv6 INPUT drop
, 2134
Attempts, 2021/3/12 05:40:56 Firewall Blocked
FW.IPv6 FORWARD drop
, 2061
Attempts, 2021/3/12 05:40:56 Firewall Blocked
FW.IPv6 FORWARD drop
, 4979
Attempts, 2021/3/11 18:58:01 Firewall Blocked
FW.IPv6 INPUT drop
, 4576
Attempts, 2021/3/11 18:58:01 Firewall Blocked
FW.WANATTACK DROP
, 157
Attempts, 2021/3/11 18:58:01 Firewall Blocked
FW.LAN2SELF DROP
, 25
Attempts, 2021/3/11 07:58:01 Firewall Blocked
FW.IPv6 INPUT drop
, 4439
Attempts, 2021/3/10 18:58:01 Firewall Blocked
FW.IPv6 FORWARD drop
, 3840
Attempts, 2021/3/10 18:58:01 Firewall Blocked
FW.LAN2SELF DROP
, 14
Attempts, 2021/3/10 18:58:01 Firewall Blocked
FW.IPv6 INPUT drop
, 6706
Attempts, 2021/3/09 18:58:01 Firewall Blocked
FW.IPv6 FORWARD drop
, 4348
Attempts, 2021/3/09 18:58:01 Firewall Blocked
FW.IPv6 INPUT drop
, 4886
Attempts, 2021/3/08 18:58:01 Firewall Blocked
FW.IPv6 FORWARD drop
, 4450
Attempts, 2021/3/08 18:58:01 Firewall Blocked
FW.WANATTACK DROP
, 46
Attempts, 2021/3/08 06:58:01 Firewall Blocked
Responses
flatlander3
Contributor
•
176 Messages
6 m ago
Looks like your firewall might be working, but I'd have to know exactly what you are using, plus the logging syntax to tell you for sure. It 'may' be telling you there was traffic from both internal and external sources that got blocked, but it's all about the log format.
Below are all hostile actors tripping over my SNORT firewall trap. They are KNOWN compromised servers in this case, but it works with unknowns too. Anything that hits these ports. They are running portscans, and are using automated scripts. It's extremely common internet traffic. Some 3rd party gateways have a "portscan block" option too. Use it. The idea is that you 'kill state' and block all traffic from the offending source for a time to disrupt the scan. If their script doesn't have much for error control, you can hang the remote end too.
Turning off ICMP (responding to ping) on your gateway if you have the option is a good idea. They usually ping your external IP address before the portscan to see if anything is there before running the portscan.
Compromised servers in the nethernlands, cyprus and a cloud spammer named Eonix in the USA.
Mar 12 04:39:20
Mar 12 03:24:16
Mar 12 03:03:25
Mar 12 03:03:25
Mar 12 02:58:57
0
0
XFiniGuy
Contributor
•
23 Messages
4 m ago
This issue is posted so many times in the xfinity forums WITHOUT ANY RESOLUTION OR EVEN A RESPONSE FROM COMCAST. Unreal.
2