Router Intrusion in firewall's log

1

Everytime my router connect to internet I am finding in my router's firewall log intrusion warnings. Could you please explain what it means? Is it actually someone hacking my router or is that connection dropped by the router?

e.g.

Mar 11 14:15:11     kernel  warning     kernel: [fwlog] Intrusion -> SRC=85.102.133.241 DST=109.78.126.234

Here is my router firewall full log

Mar 8 16:20:01  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.22 DST=109.78.153.90.
Mar 8 16:20:09  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.64 DST=109.78.153.90.
Mar 8 16:20:09  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.160 DST=109.78.153.90.
Mar 8 16:20:20  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.39 DST=109.78.153.90.
Mar 8 16:20:20  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.39 DST=109.78.153.90.
Mar 8 16:20:27  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.39 DST=109.78.153.90.
Mar 8 16:20:29  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.64 DST=109.78.153.90.
Mar 8 16:20:34  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.39 DST=109.78.153.90.
Mar 8 16:20:42  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.39 DST=109.78.153.90.
Mar 8 16:20:46  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.39 DST=109.78.153.90.
Mar 8 16:20:49  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.47 DST=109.78.153.90.
Mar 8 16:20:54  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.229.249.228 DST=109.78.153.90.
Mar 8 16:20:59  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.229.249.228 DST=109.78.153.90.
Mar 8 16:21:04  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.47 DST=109.78.153.90.
Mar 8 16:21:10  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.39 DST=109.78.153.90.
Mar 8 16:21:19  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.195.129.21 DST=109.78.153.90.
Mar 8 16:21:19  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.195.129.21 DST=109.78.153.90.
Mar 8 16:21:26  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.195.129.21 DST=109.78.153.90.
Mar 8 16:21:30  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.39 DST=109.78.153.90.
Mar 8 16:21:52  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.47 DST=109.78.153.90.
Mar 8 16:21:54  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.229.249.228 DST=109.78.153.90.
Mar 8 16:21:55  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.229.249.228 DST=109.78.153.90.
Mar 8 16:21:56  kernel  warning     kernel: [fwlog] Tcp port scan,SRC=54.229.249.228 DST=109.78.153.90. 
Mar 8 16:21:58  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.229.249.228 DST=109.78.153.90.
Mar 8 16:21:59  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.39 DST=109.78.153.90.
Mar 8 16:22:10  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.229.249.228 DST=109.78.153.90.
Mar 8 16:22:20  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.47 DST=109.78.153.90.
Mar 8 16:22:20  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.47 DST=109.78.153.90.
Mar 8 16:22:30  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.195.129.21 DST=109.78.153.90.
Mar 8 16:22:30  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.195.129.21 DST=109.78.153.90.
Mar 8 16:22:30  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.195.129.21 DST=109.78.153.90.
Mar 8 16:22:37  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.195.129.21 DST=109.78.153.90.
Mar 8 16:22:39  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.195.129.21 DST=109.78.153.90.
Mar 8 16:22:51  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.67.17 DST=109.78.153.90.
Mar 8 16:22:51  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.67.17 DST=109.78.153.90.
Mar 8 16:22:54  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.67.17 DST=109.78.153.90.
Mar 8 16:22:59  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.67.17 DST=109.78.153.90.
Mar 8 16:24:36  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:24:37  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:24:37  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:24:39  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:24:43  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:24:43  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:24:51  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:24:55  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:25:07  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:25:19  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:25:35  kernel  warning     kernel: [fwlog] Intrusion -> SRC=2.51.192.149 DST=109.78.153.90
Mar 8 16:25:39  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:25:44  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:45  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:46  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:46  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:47  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:48  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:48  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:48  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:52  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:52  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:25:53  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=144.76.139.143 DST=109.78.153.90.
Mar 8 16:26:07  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=92.123.72.206 DST=109.78.153.90.
Mar 8 16:26:56  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:26:56  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:26:56  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:26:56  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:26:56  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:26:56  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:26:56  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:26:57  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:26:57  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:26:57  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:27:03  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:27:11  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:27:11  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:27:16  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.35.30 DST=109.78.153.90.
Mar 8 16:27:24  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.35.30 DST=109.78.153.90.
Mar 8 16:27:27  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:27:37  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.35.30 DST=109.78.153.90.
Mar 8 16:27:39  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.35.30 DST=109.78.153.90.
Mar 8 16:27:45  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.35.30 DST=109.78.153.90.
Mar 8 16:27:46  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=54.220.35.30 DST=109.78.153.90.
Mar 8 16:27:59  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:27:59  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:01  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:32  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:32  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:32  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:32  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:32  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:32  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:39  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:48  kernel  warning     kernel: [fwlog] Tcp port scan, SRC=141.101.113.133 DST=109.78.153.90.
Mar 8 16:28:48  kernel  warning     kernel: [fwlog] Tcp port scan, SRCMar 11 14:10:52 kernel: [fwlog] Intrusion -> SRC=88.165.119.13 DST=109.78.126.234
Mar 11 14:15:11     kernel  warning     kernel: [fwlog] Intrusion -> SRC=85.102.133.241 DST=109.78.126.234
Mar 11 14:16:45     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:45     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:45     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:45     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:46     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:46     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:46     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:46     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:46     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:46     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:52     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:16:55     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:00     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:06     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:16     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:16     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:48     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:48     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:48     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:48     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:49     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:49     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:52     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:17:58     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:18:10     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:18:11     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.
Mar 11 14:18:11     kernel  warning     kernel: [fwlog] Tcp port scan, SRC=66.196.65.112 DST=109.78.126.234.

lunar

Posted 2014-03-11T14:36:40.817

Reputation: 137

Answers

1

It's perfectly normal to be subject to port scans at any and all times while online. This is the unfortunate truth. Still, this poses no risk unless you have vulnerable services exposed to the internet.

What you're seeing is merely an informational message. No harm is done and no hacking attempted.

Daniel B

Posted 2014-03-11T14:36:40.817

Reputation: 40 502

This is no harm as well: Mar 11 14:15:11 kernel warning kernel: [fwlog] Intrusion -> SRC=85.102.133.241 DST=109.78.126.234? – lunar – 2014-03-11T14:51:51.447

It is next to impossible to say what the developer meant when this message was programmed. Still, NAT cannot be circumvented from the outside. Just relax and get some tea. :) – Daniel B – 2014-03-11T15:01:41.043

1

Its not an intrusion, it mearly means someone has scanned your router from the outside to try and find an open port. I wouldn't worry about it too much :)

Normally on a router, the ports (think "gateways" for lack fo a better word) into your network are closed. These ports can manually be opened for a whole host of reasons (such as hosting your own website etc).

"Hackers" like to scan for these open ports to try and find a route into your PC. If you havent opened these manually, you should be perfectly fine. If you are unsure, you can run your own port scan Here and see for yourself if you have anything open :)

Fazer87

Posted 2014-03-11T14:36:40.817

Reputation: 11 177

I understand that port scan in not yet something to be worry about. But among these port scans is explicit log of src of intrusion and this is something I am worry about. – lunar – 2014-03-11T14:56:26.763

that one log line doesn't give enough information to see how far (if anywhere) the hacker got. Do you have an internal firewall like Zonealarm or similar which you can extract logs from? – Fazer87 – 2014-03-11T14:59:17.123

I use ubuntu which comes with firewall – lunar – 2014-03-11T15:04:09.687

Asked: 2014-03-11T14:36:40.817

Viewed: 7 380 times

Active: 2018-09-20T00:01:10.930