Flood of alert messages

Since this morning my Netgear firewall has been sending me many alert
mails, each with a long list of detailed alerts like the following (made
anonymous) sample:

Fri, 2006-09-22 11:52:30 - UDP packet - Source:221.12.26.aa,25353,WAN -
Destination:84.158.xx.yy,22030,LAN [Drop] - [Inbound Default rule match]

Fri, 2006-09-22 11:52:30 - UDP packet - Source:83.116.32.bb,52706,WAN -
Destination:84.158.xx.yy,22030,LAN [Drop] - [Inbound Default rule match]

Fri, 2006-09-22 11:52:33 - UDP packet - Source:217.165.30.cc,60777,WAN -
Destination:84.158.xx.yy,22030,LAN [Drop] - [Inbound Default rule match]

Fri, 2006-09-22 11:52:36 - UDP packet - Source:71.133.167.dd,22221,WAN -
Destination:84.158.xx.yy,22030,LAN [Drop] - [Inbound Default rule match]

(the IP address of my router is 84.158.xx.yy)

What may be the cause of these messages? Is there anything which I
should be worried about on my side?

Torsten Villnow

Re: Flood of alert messages

Torsten Villnow wrote:
> Since this morning my Netgear firewall has been sending me many alert
> mails, each with a long list of detailed alerts like the following (made
> anonymous) sample:
>
> Fri, 2006-09-22 11:52:30 - UDP packet - Source:221.12.26.aa,25353,WAN -
> Destination:84.158.xx.yy,22030,LAN [Drop] - [Inbound Default rule match]
>
> Fri, 2006-09-22 11:52:30 - UDP packet - Source:83.116.32.bb,52706,WAN -
> Destination:84.158.xx.yy,22030,LAN [Drop] - [Inbound Default rule match]
>
> Fri, 2006-09-22 11:52:33 - UDP packet - Source:217.165.30.cc,60777,WAN -
> Destination:84.158.xx.yy,22030,LAN [Drop] - [Inbound Default rule match]
>
> Fri, 2006-09-22 11:52:36 - UDP packet - Source:71.133.167.dd,22221,WAN -
> Destination:84.158.xx.yy,22030,LAN [Drop] - [Inbound Default rule match]
>
> (the IP address of my router is 84.158.xx.yy)
>
> What may be the cause of these messages? Is there anything which I
> should be worried about on my side?

A vast majority of MS machines used by dumbass users have been infected
recently and they are trying to reach out to other machines.

Your machines are behind a router and the unsolicited inbound traffic is
being dropped.

So why are you worried about dropped traffic? You shouldn't be and you
should go on about your business of using the computers behind the
router and forget about it.

Duane :)

Re: Flood of alert messages

Duane Arnold wrote:
> So why are you worried about dropped traffic? You shouldn't be and you
> should go on about your business of using the computers behind the
> router and forget about it.

My question was, whether I should be worried. Your answer stopped me
thinking about whether I should be worried ... :-)

Thanks!

Torsten Villnow

Re: Flood of alert messages

Torsten Villnow schrieb:

> Duane Arnold wrote:
> > So why are you worried about dropped traffic? You shouldn't be and you
> > should go on about your business of using the computers behind the
> > router and forget about it.
>
> My question was, whether I should be worried. Your answer stopped me
> thinking about whether I should be worried ... :-)

Actually you should be worried. Because you obviously do not understand
what is going on in your network and/or systems.

I am not trying to be rude here, but understanding the logs (and the
basics of IP) would be very helpful.

Regards
Thomas