Solved

Router Log - LAN access from remote

Posted on 2009-04-04
7
1,043 Views
Last Modified: 2012-08-13
My Router log gives me the following informaion:

-------------------------------
[LAN access from remote] from 198.175.112.105:41587 to XXX.XXX.XXX:25, Friday, April 03,2009 23:56:08 [LAN access from remote] from 83.240.154.46:19641 to XXX.XXX.XXX:25, Friday, April 03,2009 23:50:05 [LAN access from remote] from 92.80.195.77:1858 to XXX.XXX.XXX:25, Friday, April 03,2009 23:38:54 [LAN access from remote] from 201.236.173.91:13502 to XXX.XXX.XXX:25,
------------------------------

XXX.XXX.XXX is the IP of my SBS2003.

I do not recognize the remote IPs. Should I be worried? Does this mean remote access was attempted or succeeded?

If so, what can I do to stop it?
0
Comment
Question by:hgj1357
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 4

Assisted Solution

by:blissbear
blissbear earned 300 total points
ID: 24068772
Port 25 is used to run SMTP servers. There are many email spammers out on the internet which regularly scan for open SMTP ports with misconfigured SMTP servers through which they can relay their spam email through.

If you have your SBS2003 box set up to receive email messages for a subnet or dns entry this activity is normal behavior.

If you don't receive email through your SBS2003 box, you can stop this activity by either setting up a firewall filter at your router or through disabling your SMTP server on your SBS2003 box.

If you are using a NAT router for your LAN, it's also likely that the SBS2003 is setting up a uPNP port forward for port 25 to itself.
0
 
LVL 2

Author Comment

by:hgj1357
ID: 24068779
SBS is running exchange and accepts email. You're right, port 25.

I'm I correct in thinking that if the SBS is set up correctly I should be ok?
0
 
LVL 4

Assisted Solution

by:blissbear
blissbear earned 300 total points
ID: 24068826
If your SBS is set up correctly and you have the most recent updates from Microsoft, then you should be fine in my opinion. :)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 10

Expert Comment

by:ampranti
ID: 24072083
Check your mail server if is an open relay. Apply latest patches.
Use a more sophisticated firewall (doing smtp inspection) and you are fine
0
 
LVL 7

Expert Comment

by:Maeros
ID: 24080320
A surefire way to check to see if your SMTP is restricted properly would be to run a quick SMTP test externally.

Try going to the following link and enter your mail server's address.  If your SMTP has been set up correctly, all parts of the test should pass.  The results shouldn't be too difficult to interpret, however to be sure please post the test results.
0
 
LVL 7

Accepted Solution

by:
Maeros earned 200 total points
ID: 24080328
Well I suppose it would help if I actually posted the link.  My goof ;)

http://www.mxtoolbox.com/diagnostic.aspx
0
 
LVL 2

Author Closing Comment

by:hgj1357
ID: 31566627
I was concerned with the router logs than the mail server but the responses were useful
0

Featured Post

Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question