Rummy Posted August 24, 2007 Posted August 24, 2007 So, it's not something new, but I KEEP getting a ton of dropped packets in my router's(D-Link DI-524 RevC) log. I googled it a while back and found out that it was apparently due to file sharing software, and so I dismissed it. Even if they aren't, the fact the router catches them is a good thing and it's doing its job as a firewall by dropping them. However, even after not using P2P stuff for a week or so, I'm still getting them. These things came in at crazy rates too, from varying IPs, I can clear my log and within seconds the thing is already filled back up to 20 pages worth. (blackedout my IP) I did some security tests on my router at ShieldsUP! and I passed it all and took action to make sure I passed what I failed including discarding ping from WAN side. Since I started getting theese in my log though, my connection seems to be dropping sometimes/my router spontaneously restarts, and it can get quite annoying. Are the two related? I notice as well that some stuff loads slowly, and sometimes I get shit transfer speeds in bittorrent, is that related at all? It also seems to think my ports aren't forwarded properly, but they are, because I forwarded it and it said that it was and I didn't change anything and now it's magically not. Anyway, that isn't the thing I'm most worried about. After some nosing around my router, looking at firewalls rules and stuff, I came across this entry in the firewall, and it had me quite perplexed as it looked rather specific. (blackedout my router's address) UTorm and IDENTStealth are port forwardings I set up under the Virtual Server, respectively for UTorrent and for stealthing responses to IDENT requests(basically something ShieldsUP told me to do, by forwarding requests to an non existent machine there'll be no response). The default Deny and Allow, as you may have guessed, are default deny and allow rules on the router. Now, my issue and question is, how did the highlighted MsnMsgr rule get there? I didn't set it, and I doubt my brother did, the local IP(.104) is what I've told the DHCP to give my sister's laptop, and she definitely didn't do it(she wouldn't know about all this stuff). So my question is, how the hell did it get there, and how the hell do I get rid of it? It's not listed anywhere under any of the tabs down the left, and in that part you see in the screen, I can't edit it! If I could, it'd have those icons next to it like the top rule, which is one I made after seeing it(because I have no idea what it is) exactly the same but set to Deny, hoping it might counteract it or something. So yeah, excuse my lengthy post, but anyone got any ideas?? P.S I left my addresses in, plz dont hax me Got paranoid.
Bogbas Posted August 25, 2007 Posted August 25, 2007 I'd guess that you have enabled uPnP on your router and those rules are set by windows live messenger that you apparently have on.
Rummy Posted August 26, 2007 Author Posted August 26, 2007 LOL! For some reason Jordan's post made me laugh quite alot! I was thinking that Bogbas, do you happen to know how I can turn of uPnP and/or remove that entry from the firewall? That's what's annoying me most, I can't find any way at all to remove the thing short of restting my router's settings, which is gonna involve effort setting stuff back up.
Bogbas Posted August 26, 2007 Posted August 26, 2007 Look around the router settings it should be there somewhere. Personally I just turn the firewall off on the router I use. Because whenever I use bittorrent the router dies because it hasn't got the power to inspect everything that's incoming and thinks it's being hacked. Having NAT enabled on it and a good software firewall on the pc should be enough.
Caris Posted August 27, 2007 Posted August 27, 2007 What sort of packets are they? like crisp packets or biscuit?
Recommended Posts