1

Is this normal or is someone trying to hack/attack me? How can I stop this? My router is a Cg3000v2 netgear provided to me by Optus.

[TCP- or UDP-based Port Scan]411
Wed Aug 26 00:28:08 2015
27.253.92.28:59553
199.85.126.20:53
[IP Fragmented Packet]
1
Wed Aug 26 00:32:18 2015
27.253.92.28:32618
66.49.150.89:10332
[TCP- or UDP-based Port Scan]
245
Wed Aug 26 18:54:10 2015
27.253.92.28:57333
199.85.126.20:53
jay
  • 11
  • 1
  • 2
  • 1
    Is this your first time looking at your router logs? All this is very normal for everyone connected to the Internet. – schroeder Aug 26 '15 at 19:08
  • If you're not familiar with the concept of [port scanning](https://en.wikipedia.org/wiki/Port_scanner), I suggest you take a look at [nmap](https://nmap.org/), a truly wonderful piece of security software. – Nic Barker Aug 27 '15 at 03:27
  • Unfortunately, port scanning is normal, but only because 100's of hacking group routinely scan the whole internet. I average 100 scans a day and have accumulated 64,000 unique ip scanning the external part of my network. This is called Recon and is the 1st step in hacking as it identifies starting points. If they know you run Apache then they hit you with apache attacks. As long as your router is dropping these packets(better double check this) it is ok. – cybernard Aug 27 '15 at 04:06

2 Answers2

3

IP Fragmented Packets are a form of evasion against network devices. It consists of submitting the payload through smaller pieces to make it more difficult for firewalls and IPS to identify the scan or even an attack.

Networking scanning is pretty normal and you have to get prepared to it. Important is to have a firewall well configured in place, limit the open ports and have the services listening to them (ports) well hardened.

0
 [IP Fragmented Packet]

IP fragmentation attacks are rather old fashioned ones. Your logs show that an attacker has been attempting a denial-of-service (DoS) attack. Note that CheckPoint Firewall-1 was vulnerable to such attacks in its previous versions. 

[TCP- or UDP-based Port Scan]

That is port scanning. In stealth mode, an attacker can scan the ports over a long period, which reduces the chance that the firewall will trigger an alert for you. Use Nmap, to see what an attacker would see in a port scan of your router.

You need to follow the approach of layered security, no solution is magic by itself, but an intelligent combination of different solutions will protect you better.

Is this normal ?

As you may guess, that is not normal.

or is someone trying to hack/attack me?

You have been attacked, for sure. Whether you have been hacked or not, we can not know given the information you provided.