[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Router packet storm

Posted on 2011-04-19
12
Medium Priority
?
420 Views
Last Modified: 2012-05-11
Every couple of daysmy routers firwall blocks thousands of these packets:
[INFO] Fri Oct 22 01:02:11 2010 Blocked outgoing TCP packet from 72.95.138.176:52078 to 209.195.152.229:80 with unexpected acknowledgement 4059630299 (expected 4059632577 to 4059698113)

How can I find out what is causing this?
0
Comment
Question by:whiwex
  • 6
  • 4
11 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 35432892
Do you know what these ip addresses are? Looks like a host accessing a website or something.
0
 

Author Comment

by:whiwex
ID: 35432923
This router is my gateway to the internet and the address belong to verizion.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 35432992
Does your acl limit http outbound traffic.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:whiwex
ID: 35440977
I don't have any acl setup. I'm using a dlink 724GU router. The only thing I am blocking with the routers firewall are some networks from other countrys. Otherwise I am using the defaults.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 35441103
The only thing I can come up with is the destination isn't valid. Try connecting to the site and see if it comes up. Maybe a host in your network is trying to connect to it. Could be a trojan horse or something on one of your hosts trying to hit a no longer valid destination.
0
 

Author Comment

by:whiwex
ID: 35443670
My router is the 209 address so doesn't this indicate that the router is blocking the packet from the the 72.95.138.176 which is somewhere in verizon?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 35443748
Oh, okay. I thought the 72 address was your router. Yes, this is some ip address trying to access your network on port 80.
0
 
LVL 26

Accepted Solution

by:
Soulja earned 2000 total points
ID: 35443760
Are you hosting anything on port 80? Nevertheless, that ip address is attacking your device. Fortunately, it isn't succeeding.
0
 

Author Comment

by:whiwex
ID: 35447705
yes I am hosting a couple of web sites.
0
 
LVL 26

Assisted Solution

by:Soulja
Soulja earned 2000 total points
ID: 35448254
Okay, so that confirms that your firewall is just blocking strange traffic from that ip address for some apparent reason.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35791883
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question