Hi,
I have a US Robotics ADSL2+ router, model number USR9111, set up working wirelessly to an XP desktop and a Vista Laptop, and also via an ethernet cable an original Xbox (not 360).
I didn't set up any security in the vain hope of gettign a Belkin wireless range extender to work. The range extender is shortly to appear on Ebay.
I belatedly went to set up a WPA password yesterday and noticed two worrying things on the status screen of my router homepage (192.168.2.1).
Firstly, under the 'security logs' section which claims to show attempts to access my network there was a long long entry. A sample is below (1).
Secondly, there are 7 DHCP clients listed (details below (2)).
I am happy with the 'tom' and 'lizlaptop' entries, as these are the names of my desktop and laptop. I assume that one of the others is the xbox, probably the 'w-0be3d686b9104' entry? But the other 4 are a bit worrying - Camilla-PC, shezza-PC, Jiri-PC and a blank one. These have persisted since I applied my WPA security.
Any suggestions on how to boot the rogues DHCP clients off? Is the security log anything I should worry about? Is WEP security 'better' than WPA security?
Thanks,
Tom
1 - Security log -
03/18/2008 11:50:29 **TCP FIN Scan** 192.168.2.7, 1347->> 216.239.59.104, 80 (from ATM1 Outbound)
03/18/2008 11:50:29 **TCP FIN Scan** 192.168.2.7, 1352->> 74.125.77.167, 80 (from ATM1 Outbound)
03/18/2008 11:50:29 **TCP FIN Scan** 192.168.2.7, 1353->> 207.211.65.18, 80 (from ATM1 Outbound)
03/18/2008 11:50:29 **TCP FIN Scan** 192.168.2.7, 1361->> 64.233.183.83, 443 (from ATM1 Outbound)
03/18/2008 11:43:28 **TCP FIN Scan** 192.168.2.7, 1249->> 74.125.77.167, 80 (from ATM1 Outbound)
03/18/2008 11:43:28 **TCP FIN Scan** 192.168.2.7, 1252->> 198.65.131.42, 80 (from ATM1 Outbound)
03/18/2008 11:40:29 192.168.2.7 login success
03/18/2008 11:40:21 sending ACK to 192.168.2.7
03/18/2008 11:40:21 sending OFFER to 192.168.2.7
03/18/2008 10:26:37 sending ACK to 192.168.2.9
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49232->> 216.73.84.17, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49297->> 62.41.80.80, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49281->> 62.41.80.81, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49279->> 213.200.110.71, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49214->> 213.200.110.80, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49271->> 78.33.6.11, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49264->> 217.243.192.25, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49263->> 78.33.6.75, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49307->> 69.63.176.38, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49209->> 213.200.110.79, 80 (from ATM1 Outbound)
03/18/2008 09:37:55 sending ACK to 192.168.2.6
03/18/2008 09:35:53 sending ACK to 192.168.2.6
03/18/2008 09:35:43 **TCP FIN Scan** 64.233.183.17, 443->> 192.168.2.6, 49191 (from ATM1 Inbound)
03/18/2008 09:34:11 sending ACK to 192.168.2.6
03/18/2008 09:33:09 sending ACK to 192.168.2.6
03/18/2008 09:14:34 NTP Date/Time updated.
03/18/2008 07:51:36 sending ACK to 192.168.2.6
03/18/2008 07:26:56 sending ACK to 192.168.2.6
03/18/2008 07:25:47 sending ACK to 192.168.2.6
03/18/2008 07:05:12 sending ACK to 192.168.2.6
03/18/2008 07:01:25 sending ACK to 192.168.2.6
03/18/2008 06:58:47 **SYN Flood to Host** 192.168.2.6, 49646->> 62.80.8.135, 80 (from ATM1 Outbound)
03/18/2008 06:58:46 sending ACK to 192.168.2.6
03/18/2008 06:47:26 sending ACK to 192.168.2.6
03/18/2008 06:46:27 sending ACK to 192.168.2.6
03/18/2008 06:42:27 sending ACK to 192.168.2.6
03/18/2008 06:36:55 **Vecna Scan** 192.168.2.6, 49213->>
2. DHCP clients
ip=192.168.2.2 mac=00-12-F0-E3-50-23 name=w-0be3d686b9104
ip=192.168.2.3 mac=00-13-E8-15-28-75 name=Jiri-PC
ip=192.168.2.5 mac=00-16-44-81-CB-F5 name=shezza-PC
ip=192.168.2.6 mac=00-C0-A8-D6-B2-E2 name=lizlaptop
ip=192.168.2.7 mac=00-19-E0-89-62-4E name=tom
ip=192.168.2.9 mac=00-50-F2-65-97-CB
ip=192.168.2.12 mac=00-C0-A8-DB-38-E1 name=Camilla-PC