Jump to content
SingaporeBikes.com Telegram Now LIVE! Join NOW for the Last Reviews, News, Promotions & Offers in Singapore! ×

  • Join SingaporeBikes.com today! Where Singapore Bikers Unite!

    Thank you for visiting SingaporeBikes.com - the largest website in Singapore dedicated to all things related to motorcycles and biking in general.

    Join us today as a member to enjoy all the features of the website for FREE such as:

    Registering is free and takes less than 30 seconds! Join us today to share information, discuss about your modifications, and ask questions about your bike in general.

    Thank you for being a part of SingaporeBikes.com!

Security Log

MiCmAsTa

By MiCmAsTa
in TCSS Kopitiam Corner

 Share

Recommended Posts

MiCmAsTa Newbie

MiCmAsTa

Posted
Posted

Security Log

View any attempts that have been made to gain access to your network.

 

Can someone please enlighten me about the above topic? Will it some how affect my connection? I have many blocked attempts. What does it mean?

 

2006/12/20 02:11:28 : Blocked access attempt from 61.213.156.135
2006/12/20 02:11:22 : Blocked access attempt from 202.172.54.79
2006/12/20 02:11:01 : Blocked access attempt from 203.117.134.208
2006/12/20 02:11:00 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:59 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:57 : Blocked access attempt from 203.84.209.99
2006/12/20 02:10:57 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:54 : Blocked access attempt from 64.4.21.61
2006/12/20 02:10:52 : Blocked access attempt from 202.27.17.40
2006/12/20 02:10:51 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:49 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:48 : Blocked access attempt from 203.84.209.99
2006/12/20 02:10:47 : Blocked access attempt from 203.117.134.201
2006/12/20 02:10:45 : Blocked access attempt from 202.27.17.40
2006/12/20 02:10:45 : Blocked access attempt from 64.4.21.61
2006/12/20 02:10:44 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:44 : Blocked access attempt from 202.27.17.40
2006/12/20 02:10:43 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:43 : Blocked access attempt from 203.84.209.99
2006/12/20 02:10:41 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:41 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:41 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:40 : Blocked access attempt from 64.4.21.61
2006/12/20 02:10:40 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:40 : Blocked access attempt from 203.84.209.99
2006/12/20 02:10:40 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:39 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:39 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:39 : Blocked access attempt from 203.117.134.201
2006/12/20 02:10:39 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:39 : Blocked access attempt from 203.84.209.99
2006/12/20 02:10:38 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:38 : Blocked access attempt from 64.4.21.61
2006/12/20 02:10:38 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:38 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:38 : Blocked access attempt from 203.84.209.99
2006/12/20 02:10:38 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:38 : Blocked access attempt from 202.27.17.40
2006/12/20 02:10:38 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:38 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:38 : Blocked access attempt from 203.84.209.99
2006/12/20 02:10:38 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:37 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:37 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:37 : Blocked access attempt from 203.84.209.211
2006/12/20 02:10:37 : Blocked access attempt from 203.117.134.208
2006/12/20 02:10:37 : Blocked access attempt from 64.4.21.61
2006/12/20 02:10:37 : Blocked access attempt from 202.27.17.40
2006/12/20 02:10:36 : Blocked access attempt from 64.4.21.61
2006/12/20 02:10:36 : Blocked access attempt from 202.172.54.79
2006/12/20 02:10:34 : Blocked access attempt from 202.27.17.40
2006/12/20 02:10:34 : Blocked access attempt from 203.117.134.201
2006/12/20 02:10:31 : Blocked access attempt from 202.27.17.40
2006/12/20 02:10:31 : Blocked access attempt from 203.117.134.201
2006/12/20 02:10:31 : Blocked access attempt from 202.27.17.40
2006/12/20 02:10:29 : Blocked access attempt from 203.117.134.201
2006/12/20 02:10:23 : Blocked access attempt from 66.249.89.104
2006/12/20 02:10:22 : Blocked access attempt from 38.99.76.147
2006/12/20 02:10:21 : Blocked access attempt from 203.116.95.213
2006/12/20 02:10:15 : Blocked access attempt from 202.172.54.79
2006/12/20 02:10:15 : Blocked access attempt from 66.249.89.104
2006/12/20 02:10:14 : Blocked access attempt from 38.99.76.147
2006/12/20 02:10:13 : Blocked access attempt from 203.116.95.213
2006/12/20 02:10:13 : Blocked access attempt from 66.249.89.99
2006/12/20 02:10:12 : Blocked access attempt from 202.172.54.79
2006/12/20 02:10:06 : Blocked access attempt from 66.249.89.104
2006/12/20 02:10:06 : Blocked access attempt from 202.172.54.79
2006/12/20 02:10:06 : Blocked access attempt from 66.249.89.104
2006/12/20 02:10:06 : Blocked access attempt from 38.99.76.147
2006/12/20 02:10:05 : Blocked access attempt from 66.249.89.104
2006/12/20 02:10:05 : Blocked access attempt from 66.249.89.99
2006/12/20 02:10:04 : Blocked access attempt from 203.116.95.213
2006/12/20 02:10:03 : Blocked access attempt from 202.172.54.79
2006/12/20 02:10:02 : Blocked access attempt from 38.99.76.147
2006/12/20 02:10:00 : Blocked access attempt from 202.172.54.79
2006/12/20 02:10:00 : Blocked access attempt from 203.116.95.213
2006/12/20 02:10:00 : Blocked access attempt from 38.99.76.147
2006/12/20 02:09:59 : Blocked access attempt from 202.172.54.79
2006/12/20 02:09:58 : Blocked access attempt from 38.99.76.147
2006/12/20 02:09:58 : Blocked access attempt from 203.116.95.213
2006/12/20 02:09:58 : Blocked access attempt from 38.99.76.147
2006/12/20 02:09:57 : Blocked access attempt from 202.172.54.79
2006/12/20 02:09:57 : Blocked access attempt from 66.249.89.99
2006/12/20 02:09:57 : Blocked access attempt from 202.172.54.79
2006/12/20 02:09:56 : Blocked access attempt from 203.116.95.213
2006/12/20 02:09:55 : Blocked access attempt from 202.172.54.79
2006/12/20 02:09:53 : Blocked access attempt from 66.249.89.99
2006/12/20 02:09:52 : Blocked access attempt from 202.172.54.79
2006/12/20 02:09:51 : Blocked access attempt from 66.249.89.99
2006/12/20 02:09:51 : Blocked access attempt from 202.172.54.79
2006/12/20 02:09:50 : Blocked access attempt from 66.249.89.99
2006/12/20 02:09:50 : Blocked access attempt from 202.172.54.79
2006/12/20 02:09:50 : Blocked access attempt from 66.249.89.99
2006/12/20 02:09:50 : Blocked access attempt from 202.172.54.79
2006/12/20 02:09:50 : Blocked access attempt from 66.249.89.99

  • Replies 5
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

WildCard Newbie

WildCard

Posted
Posted

Okiez, here's what I found.

I cannot tell what kind of "access" attempt is made. But my guesstimation is PING or ICMP probe for most of them.

 

You might want to pay attention to those with IP address starting with 202 or 203.

Most of the 202 addresses I can see are from Qala, an ISP that offers services here.

202.172.54.79

Using 26 day old cached answer (or, you can get fresh results).

Hiding E-mail address (you can get results with the E-mail address).

 

% [whois.apnic.net node-2]

% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

 

inetnum: 202.172.32.0 - 202.172.63.255

netname: QALA-SG

descr: QALA Singapore Pte Ltd (Acquired Goodwill

descr: Int'l Network Solutions Pte Ltd)

country: SG

admin-c: QSNR1-AP

tech-c: QSNR1-AP

remarks: ---------------------------------------------------

remarks: This object can only be modified by APNIC hostmaster

remarks: If you wish to modify this object details please

remarks: send email to **********@apnic.net with your organisation

remarks: account name in the subject line.

remarks: ----------------------------------------------------

mnt-by: APNIC-HM

mnt-lower: MAINT-SG-QALA

mnt-routes: MAINT-SG-QALA

changed: *********@apnic.net 20020924

status: ALLOCATED PORTABLE

changed: **********@apnic.net 20040830

source: APNIC

 

role: QALA SG NOC ROLE

address: 10 Science Park Road #03-28

address: The Alpha, Singapore Science Park 2

address: Singapore 117684

country: SG

phone: +65-6-796-0382

fax-no: +65-6-796-0330

e-mail: ***@qalacom.com

trouble: Spam and security issues - *****@qala.com.sg

trouble: Network issues - ***@qala.com.sg

trouble: Tech support issues - **@qala.com.sg

admin-c: FH4-AP

admin-c: TKC4-AP

tech-c: FH4-AP

tech-c: TKC4-AP

nic-hdl: QSNR1-AP

remarks: 24 hour tech support within Singapore 1800-7252877

remarks: 24 hour tech support out of Singapore +65-67689831

notify: ***@qalacom.com

changed: ***@qalacom.com 20051229

mnt-by: MAINT-SG-QALA

source: APNIC

 

Most of the 203 addresses are Starhub

203.117.134.208

Using 27 day old cached answer (or, you can get fresh results).

Hiding E-mail address (you can get results with the E-mail address).

 

% [whois.apnic.net node-1]

% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

 

inetnum: 203.117.134.192 - 203.117.134.255

netname: AKAMAI-Technologies

country: SG

descr: AKAMAI Technologies

admin-c: NS110-AP

tech-c: NS110-AP

status: ASSIGNED NON-PORTABLE

changed: *******@starhub.com 20050617

mnt-by: MAINT-AS4657-AP

source: APNIC

 

person: NOC SHI

nic-hdl: NS110-AP

e-mail: ***@starhub.com

address: 19 TaiSeng Drive

address: Singapore 535222

phone: +65 6825 7878

fax-no: +65 6821 6012

country: SG

changed: *******@starhub.com 20060607

mnt-by: MAINT-AS4657-AP

source: APNIC

 

Depending on your ISP, you might want to call both and have these sets of addresses checked.

If your ISP is Starhub, chances are, some of them are their DHCP machines which will query your system once a day to check if its still alive and whether to re-lease the expired IP address. I asked them before. Same with Qala.

But the rest might be Starhub users using port-scanning tools to probe any open ports on your PC / system. May need to extract a log of all 203 & 202 addresses and pass to them to analyze.

 

As for some of the rest:

66.249.89.99

Using 11 day old cached answer (or, you can get fresh results).

Hiding E-mail address (you can get results with the E-mail address).

 

 

OrgName: Google Inc.

OrgID: GOGL

Address: 1600 Amphitheatre Parkway

City: Mountain View

StateProv: CA

PostalCode: 94043

Country: US

 

NetRange: 66.249.64.0 - 66.249.95.255

CIDR: 66.249.64.0/19

NetName: GOOGLE

NetHandle: NET-66-249-64-0-1

Parent: NET-66-0-0-0-0

NetType: Direct Allocation

NameServer: NS1.GOOGLE.COM

NameServer: NS2.GOOGLE.COM

Comment:

RegDate: 2004-03-05

Updated: 2004-11-10

 

OrgTechHandle: ZG39-ARIN

OrgTechName: Google Inc.

OrgTechPhone: +1-650-318-0200

OrgTechEmail: ************@google.com

 

Are you using any Google tools like Google toolbar or something related and you forgot to allow access thru your firewall for them?

 

64.4.21.61

# ARIN WHOIS database, last updated 2006-12-07 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.

 

 

OrgName: MS Hotmail

OrgID: MSHOTM

Address: One Microsoft Way

City: Redmond

StateProv: WA

PostalCode: 98052

Country: US

 

NetRange: 64.4.0.0 - 64.4.63.255

CIDR: 64.4.0.0/18

NetName: HOTMAIL

NetHandle: NET-64-4-0-0-1

Parent: NET-64-0-0-0-0

NetType: Direct Assignment

NameServer: NS1.MSFT.NET

NameServer: NS2.MSFT.NET

NameServer: NS3.MSFT.NET

NameServer: NS4.MSFT.NET

NameServer: NS5.MSFT.NET

Comment: Abuse complaints will only be responded to if sent to

Comment: *****@microsoft.com and *****@msn.com.

RegDate: 1999-11-24

Updated: 2006-01-23

 

RTechHandle: MSFTP-ARIN

RTechName: MSFT-POC

RTechPhone: +1-425-882-8080

RTechEmail: ******@microsoft.com

 

OrgAbuseHandle: ABUSE231-ARIN

OrgAbuseName: Abuse

OrgAbusePhone: +1-425-882-8080

OrgAbuseEmail: *****@microsoft.com

 

OrgTechHandle: MSFTP-ARIN

OrgTechName: MSFT-POC

OrgTechPhone: +1-425-882-8080

OrgTechEmail: ******@microsoft.com

 

# ARIN WHOIS database, last updated 2006-12-18 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database

 

Same for MSN or similar Microsoft tools. Forgot to allow them access?

 

Hope this helps...

MiCmAsTa Newbie

MiCmAsTa

Posted
  • Author
Posted

WOoOooOooW!!!

 

Great one. I'm currently using STARHUB MAXONLINE and only recently my connection became very bad. =(

 

Keep facing disconnection. Damn pissed. I dun have google tool in my laptop. I'll call the starhub guys to check. THANKS a MILLION......

E.V.ilyn Newbie

E.V.ilyn

Posted
Posted

Can you obtain more information about the? What firewall log is this? Unless you provided more information like TCP/UDP packets, ports, etc. this log is not really meaningful.

 

You say of disconnection. Disconnection from? If you're getting disconnected from certain sessions or data connections, you could be under what is termed as truncation attack.

WildCard Newbie

WildCard

Posted
Posted
Originally posted by MiCmAsTa@Dec 21 2006, 02:00 PM

WOoOooOooW!!!

 

Great one. I'm currently using STARHUB MAXONLINE and only recently my connection became very bad. =(

 

Keep facing disconnection. Damn pissed. I dun have google tool in my laptop. I'll call the starhub guys to check. THANKS a MILLION......

erm, what kind of connection?

Are you connected directly to the Starhub modem or you go through a router?

 

If through a router, try connecting directly to the modem.

 

If you only face the constant disconnection only through the router, prolly means your router is working too hard to stop all these connection attempts.

You may have to go through the exception list and sieve through which ones are the safe sites to allow access....

Murphy Newbie

Murphy

Posted
Posted

try to get a list of logs tat states which are the ports, type connection etc like TCP/UDP....from there we can know more...like wat wildcard has say it been some ppl usin port scanning tools. do u use any download client like limewire n bit torrent...it might be ur p2p files

25 Nov 2003 - 24 Nov 2004 (FS6087P) (NSR SP)

24 Nov 2004 - 28 Feb 2006 (FJ7457X & FJ*5**) (Hurricane & Vespa PX200)

01 Mar 2006 - 04 Jul 2006 (FS9367L, FJ7457X & FJ*5**)(CBR 919 RRW, Hurricane &Vespa PX200)

04 Jul 2006 - 13 Jun 2011 (FV8507R & FJ*5**)(Suzuki K2 & Vespa PX200)

13 Jun 2011 - Till Now (X1)

15 Jan 2013 - 10 Sept 2015 (FBG9588B)(GTR1400 2013)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • DAIS_ShellBAU2024_Motorcycle_SingaporeBikesBanner_300x250.jpg

     
×
×
  • Create New...