Network, computer sending weird packets.

J

join993

New Member
Hello. We've been having issues here at home with our network for some time. We've tried many different routers, and now we're tierd of it and decided to get to the bottom of the issue.

Now, after looking in the logs, we found out that there is a computer that's sending around all kinds of different packets etc, the latest being netBIOS'. I think this is why the router randomly shuts all of us out of the network, these netBIOS' get sent around nearly all the time, sometimes with up to 3 in 1 second. Now, after just having a quick look at the problem, what we can make of the logs, it's a mac computer sending out all these packets and whatnot. Is this not weird? The person using this mac is careful about what he downloads, so to get spyware/maleware/whatever like this is VERY unlikely.

Not sure how all the other people on the network uses their computer, but I know that more than one of them are careless and will download pretty much anything.

Anyone had the same kind of issue? Can someone help? I'd prefer if we don't have to reformat most computers, but if we have to we'll do it.

I can post some screenshots of the logs, if anyone wants a better idea of what I mean.
 
Ohh, thanks a lot! I will try this soon! The mac actually doesn't have a name on the routers client list...

Another thing, while I'm at it. I see in the log of the router now, things like this "Router reply ICMP packet: ICMP(type:4, code:0)", the router allows this access. I also get "Unsupported/out-of-order ICMP: ICMP(type:3, code:3)", the router blocks this. Anyone that can shed some light onto this?
 
Can you post these logs? OS X is very DNS dependent and can do some weird things, however netBIOS is an older technology. What else is on the network, what is running DNS?
 
Hmm... From my very limited knowledge of networking and such, nothing is running DNS. We have maybe 2 websites, but both of them are on a paid hoster. I don't know really how to check it though, as I said, I'm not very good with this.

Here is the log. I know it doesn't look good, because it's a copy-paste. Johan-Dator is my computer, and the one without any name is probably the mac. Though this time there are only NetBIOS packets in the log, it's because the router restarted not to long ago. I can post another bit of log when I start to get other packets.

The first IP number is the source, the second is the destination, the last piece of text is just a note.

1 02/09/2010 20:13:03 Successful WEB login 192.168.1.36 User:admin
2 02/09/2010 20:09:50 DHCP server assigns 192.168.1.38 to
3 02/09/2010 20:09:49 DHCP server assigns 192.168.1.38 to
4 02/09/2010 20:09:49 DHCP server assigns 192.168.1.38 to
5 02/09/2010 20:09:49 DHCP server assigns 192.168.1.38 to
6 02/09/2010 20:09:49 DHCP server assigns 192.168.1.38 to
7 02/09/2010 20:09:38 DHCP server assigns 192.168.1.36 to Johan-Dator
8 02/09/2010 20:05:08 DHCP server assigns 192.168.1.38 to
9 02/09/2010 20:05:07 DHCP server assigns 192.168.1.38 to
10 02/09/2010 20:05:07 DHCP server assigns 192.168.1.38 to
11 02/09/2010 20:05:06 DHCP server assigns 192.168.1.38 to
12 02/09/2010 20:05:06 DHCP server assigns 192.168.1.38 to
13 02/09/2010 20:02:26 DHCP server assigns 192.168.1.38 to
14 02/09/2010 20:02:25 DHCP server assigns 192.168.1.38 to
15 02/09/2010 20:02:25 DHCP server assigns 192.168.1.38 to
16 02/09/2010 20:02:25 DHCP server assigns 192.168.1.38 to
17 02/09/2010 20:02:25 DHCP server assigns 192.168.1.38 to
18 02/09/2010 20:00:20 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
19 02/09/2010 20:00:16 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
20 02/09/2010 20:00:14 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
21 02/09/2010 20:00:13 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
22 02/09/2010 20:00:12 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
23 02/09/2010 20:00:11 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
24 02/09/2010 20:00:10 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
25 02/09/2010 20:00:09 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
26 02/09/2010 20:00:01 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
27 02/09/2010 19:59:57 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
28 02/09/2010 19:59:55 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
29 02/09/2010 19:59:54 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
30 02/09/2010 19:59:53 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
31 02/09/2010 19:59:52 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
32 02/09/2010 19:59:52 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
33 02/09/2010 19:59:51 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
34 02/09/2010 19:54:02 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
35 02/09/2010 19:53:58 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
36 02/09/2010 19:53:56 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
37 02/09/2010 19:53:55 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
38 02/09/2010 19:53:54 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
39 02/09/2010 19:53:53 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
40 02/09/2010 19:53:52 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
41 02/09/2010 19:53:51 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
42 02/09/2010 19:48:21 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
43 02/09/2010 19:48:17 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
44 02/09/2010 19:48:15 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
45 02/09/2010 19:48:14 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
46 02/09/2010 19:48:13 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
47 02/09/2010 19:48:12 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
48 02/09/2010 19:48:11 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
49 02/09/2010 19:48:10 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
50 02/09/2010 19:48:04 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
51 02/09/2010 19:48:00 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
52 02/09/2010 19:47:58 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
53 02/09/2010 19:47:57 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
54 02/09/2010 19:47:56 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
55 02/09/2010 19:47:55 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
56 02/09/2010 19:47:54 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
57 02/09/2010 19:47:53 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
58 02/09/2010 19:36:19 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
59 02/09/2010 19:36:15 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
60 02/09/2010 19:36:13 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
61 02/09/2010 19:36:12 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
62 02/09/2010 19:36:11 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
63 02/09/2010 19:36:10 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
64 02/09/2010 19:36:09 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
65 02/09/2010 19:36:08 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
66 02/09/2010 19:36:01 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
67 02/09/2010 19:35:57 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
68 02/09/2010 19:35:55 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
69 02/09/2010 19:35:54 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
70 02/09/2010 19:35:53 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
71 02/09/2010 19:35:52 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
72 02/09/2010 19:35:51 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
73 02/09/2010 19:35:51 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
74 02/09/2010 19:30:19 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
75 02/09/2010 19:30:15 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
76 02/09/2010 19:30:13 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
77 02/09/2010 19:30:12 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
78 02/09/2010 19:30:11 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
79 02/09/2010 19:30:10 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
80 02/09/2010 19:30:09 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
81 02/09/2010 19:30:09 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
82 02/09/2010 19:30:02 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
83 02/09/2010 19:29:58 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
84 02/09/2010 19:29:56 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
85 02/09/2010 19:29:55 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
86 02/09/2010 19:29:54 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
87 02/09/2010 19:29:53 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
88 02/09/2010 19:29:52 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
89 02/09/2010 19:29:51 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
90 02/09/2010 19:24:19 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
91 02/09/2010 19:24:15 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
92 02/09/2010 19:24:13 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
93 02/09/2010 19:24:12 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
94 02/09/2010 19:24:11 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
95 02/09/2010 19:24:10 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
96 02/09/2010 19:24:09 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
97 02/09/2010 19:24:08 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
98 02/09/2010 19:24:02 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
99 02/09/2010 19:23:58 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
100 02/09/2010 19:23:56 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
101 02/09/2010 19:23:55 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
102 02/09/2010 19:23:54 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
103 02/09/2010 19:23:53 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
104 02/09/2010 19:23:52 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
105 02/09/2010 19:23:51 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
106 02/09/2010 19:18:19 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
107 02/09/2010 19:18:15 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
108 02/09/2010 19:18:13 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
109 02/09/2010 19:18:12 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
110 02/09/2010 19:18:11 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
111 02/09/2010 19:18:10 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
112 02/09/2010 19:18:09 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
113 02/09/2010 19:18:08 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
114 02/09/2010 19:18:02 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
115 02/09/2010 19:17:58 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
116 02/09/2010 19:17:55 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
117 02/09/2010 19:17:54 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
118 02/09/2010 19:17:53 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
119 02/09/2010 19:17:52 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
120 02/09/2010 19:17:51 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
121 02/09/2010 19:17:51 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
122 02/09/2010 19:12:20 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
123 02/09/2010 19:12:16 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
124 02/09/2010 19:12:14 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
125 02/09/2010 19:12:13 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
126 02/09/2010 19:12:12 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
127 02/09/2010 19:12:11 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
128 02/09/2010 19:12:10 NetBIOS packet filtered! 192.168.1.35 192.168.137.1 ACCESS BLOCK
 
Those are all coming from with in your network. All 192.x.x.x are private IPs and would not ever come from the outside world. Is your router running DNS? DNS does not just do with websites, and I assume that IP 192.168.137.1 is your router?

It is probably trying to push netBIOS settings to the mac client over the port it uses and by default the ipfw is blocking that port.

What machine is 192.168.1.35? Is it some kind of Windows server?
 
We don't have any kind of server on the network. All computers on our network has a computer name when you look at the client list, except for the mac, there it's just an IP number and a MAC adress.

I'll look into it, since the router changes the IP of the clients when we connect.

I know that those all come from within the network, but from time to time we do have packets that have both source and destination as an outside IP.
 
Okay, so after looking around and comparing the mac adresses, yes, the 192.168.1.35 is the mac. The 192.168.137.1, I think that's my xbox. And, I just found out it has something with DNS on it, the xbox's primary DNS server is at 192.168.137.1. Ahh, I do feel a bit stupid now.

But still, that doesn't explain this I found in the log now.

1 02/09/2010 21:46:14 Unsupported/out-of-order ICMP: ICMP(type:3, code:3) 192.168.1.35 195.67.199.34 ACCESS BLOCK
2 02/09/2010 21:46:13 Unsupported/out-of-order ICMP: ICMP(type:3, code:3) 192.168.1.35 195.67.199.34 ACCESS BLOCK
3 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
4 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
5 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
6 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
7 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
8 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
9 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
10 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
11 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
12 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
13 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
14 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
15 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
16 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
17 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
18 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
19 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
20 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
21 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
22 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
23 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
24 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
25 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
26 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
27 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
28 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
29 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
30 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
31 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
32 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
33 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
34 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
35 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
36 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
37 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
38 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
39 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK
40 02/09/2010 21:43:47 Packet without a NAT table entry blocked: ICMP(type:5, code:1) 80.250.51.71 213.64.51.239 ACCESS BLOCK

EDIT: Oh, and I think that 192.168.1.1 is the router. That is the IP number I enter into my browser to access the router anyway. And, the second IP is the destination of the packet, so it'd still be a computer trying to send to the router, and not the other way around, I think.
 
Last edited:
Something from Amsterdam is hitting your router, or is that log from your Mac? Are you running NAT on your router?

Perhaps Archangel is hacking you?
 
Enable Network Address Translation, that box is checked, other than that, no other settings are entered, I don't know if it's on by default or if I have turned it on in my desperate attempts to fix the router by myself, though I don't think I have turned it on myself.

That log is from my router, both the source and the destination of the packet is from outside the network.

From looking at http://tools.whois.net/whoisbyip/, the destination is something that belongs to TeliaSonera AB Networks in Amsterdam, TeliaSonera is my ISP.

And the source, I have no idea, it didn't make any sense to me on that site.

EDIT: Could it be any use to call my ISP and talk to them? Especially since the destination of these packets are to a TeliaSonera server or something in Amsterdam. I bought my router from them too, when my D-link was failing, so they should be able to give support for the router too. What do you think?
 
Last edited:
I would turn on NAT, by default it won't allow remote hosts to connect, in fact always keep it on. That should stop those NetBIOS requests from coming in. However, the strange part is that they are coming from your network?? I am wondering, do you have any older windows machines on the network? NetBIOS really is not used anymore as everything is over TCP/IP
 
I do have some XP machines, that are pretty old, but they still have XP. That's about the oldest on the network. If it's not the mac, then I don't really know.
 
NAT is on by the way, and I still get weird packets. Might there be some kind of setting within NAT that I have to fiddle with?
 
You must log in or register to reply here.
Back
Top