cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
philbranton
Beginner
833 Views
Message 1 of 7

Huge amount of firewall activity

Go to solution

Good evening all,

 

The last 3 or 4 days i've been experiencing a large amount of packet loss which is effecting my online gaming. My connection is dire, (max 1.9 down) and whilst im assuming if my connection was better i wouldn't even notice a difference im currently finding it almost impossible to play at the moment.

 

Now I'm sure you'll all tell me it's just my firewall doing its job, which is great, but it's rendering my connection effectively useless for what I mainly use it for.

 

What I'm after is some explanation as to what is going on and why this could be happening and any advice for minimising these attacks on my network.

 

Below is a 10 minute log from the HH4.This is an accurate representation of the constant activity.

 

22:59:19, 04 Jul.IN: BLOCK [16] Remote administration (TCP [190.214.213.246]:62554-​>[86.153.27.107]:22 on ppp0)
22:59:18, 04 Jul.IN: BLOCK [16] Remote administration (TCP [197.245.234.118]:52566-​>[86.153.27.107]:22 on ppp0)
22:56:16, 04 Jul.IN: BLOCK [16] Remote administration (TCP [222.186.190.122]:6000-​>[86.153.27.107]:80 on ppp0)
22:52:29, 04 Jul.BLOCKED 1 more packets (because of Packet invalid in connection)
22:52:28, 04 Jul.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [74.125.206.157]:443-​>[86.153.27.107]:53047 on ppp0)
22:51:49, 04 Jul.BLOCKED 3 more packets (because of Packet invalid in connection)
22:51:47, 04 Jul.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [77.234.43.54]:443-​>[86.153.27.107]:53098 on ppp0)
22:51:36, 04 Jul.(168939.850000) Admin login successful by 192.168.1.67 on HTTP
22:50:47, 04 Jul.BLOCKED 1 more packets (because of Packet invalid in connection)
22:50:46, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.212.104]:443-​>[86.153.27.107]:53106 on ppp0)
22:50:45, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.212.104]:443-​>[86.153.27.107]:53105 on ppp0)
22:50:42, 04 Jul.BLOCKED 1 more packets (because of Packet invalid in connection)
22:50:41, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.14]:443-​>[86.153.27.107]:53094 on ppp0)
22:49:54, 04 Jul.BLOCKED 3 more packets (because of Packet invalid in connection)
22:49:53, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [52.85.63.55]:80-​>[86.153.27.107]:53077 on ppp0)
22:49:52, 04 Jul.BLOCKED 3 more packets (because of Packet invalid in connection)
22:49:50, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [52.85.63.55]:80-​>[86.153.27.107]:53077 on ppp0)
22:49:46, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [178.255.83.1]:80-​>[86.153.27.107]:53051 on ppp0)
22:49:45, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [74.125.206.157]:443-​>[86.153.27.107]:53047 on ppp0)
22:49:43, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.198.174]:443-​>[86.153.27.107]:53035 on ppp0)
22:49:43, 04 Jul.BLOCKED 2 more packets (because of Packet invalid in connection)
22:49:43, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.67]:443-​>[86.153.27.107]:53027 on ppp0)
22:49:10, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [52.85.63.34]:80-​>[86.153.27.107]:52990 on ppp0)
22:49:09, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [52.85.63.34]:80-​>[86.153.27.107]:52984 on ppp0)
22:48:56, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [52.85.63.34]:80-​>[86.153.27.107]:52990 on ppp0)
22:48:41, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [52.85.63.34]:80-​>[86.153.27.107]:52984 on ppp0)
22:48:40, 04 Jul.BLOCKED 1 more packets (because of Packet invalid in connection)
22:48:38, 04 Jul.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.78]:443-​>[86.153.27.107]:52985 on ppp0)

 

Regards,

 

Phil

0 Ratings
6 REPLIES 6
Liam_
Recognised Expert
812 Views
Message 2 of 7

Re: Huge amount of firewall activity

Go to solution

It would seem to be pretty normal for a PC connected to the Internet.  From the IP addresses shown a couple appear to be the usual script kiddie scans from South America and China.

The rest of the packets look to be  from Google, Avast, Amazon, Comodo, which is not surprising if you have any services relating to those companies.  This sort of activity is so common that my router doesn't even log it, it merely blocks it all.

0 Ratings
philbranton
Beginner
802 Views
Message 3 of 7

Re: Huge amount of firewall activity

Go to solution
Thank you for your reply.

This is definitely an increase from what is usually logged and seems to be impacting my connection.

When you say services relating to these companies can you give me an example? I was unaware I had any such services. If i can disable them then I will try that and see if it makes a difference.

In terms of the script kiddies, can i expect them to stop? im unfamiliar with what to expect from this activity. im assuming it ebbs and flows? perhaps i just need to let it pass? Or is there something I can do to stop this?

Again, thankyou for your reply.
0 Ratings
john46
Distinguished Sage
797 Views
Message 4 of 7

Re: Huge amount of firewall activity

Go to solution
Personally I would not worry at all it will not affect packet loss
0 Ratings
philbranton
Beginner
793 Views
Message 5 of 7

Re: Huge amount of firewall activity

Go to solution
Hi John, Thanks for your reply.

So the packet loss im experiencing is unrelated to activity im seeing regarding the firewall?

I assumed the connection as they both started the same time.

I'd still appreciate an answer to my previous questions i asked in response to Liams reply

"When you say services relating to these companies can you give me an example? I was unaware I had any such services. If i can disable them then I will try that and see if it makes a difference.

In terms of the script kiddies, can i expect them to stop? im unfamiliar with what to expect from this activity. im assuming it ebbs and flows? perhaps i just need to let it pass? Or is there something I can do to stop this?"

Thanks for your time.
0 Ratings
Liam_
Recognised Expert
765 Views
Message 6 of 7

Re: Huge amount of firewall activity

Go to solution

There is nothing you can do to alleviate the activity.  Your IP will be scanned within seconds of making a new connection, it's just a fact of life when connected to the internet.

Avast & Comodo are internet security companies.  Antivirus etc.  So do you use them?

Google, well it's Google, they pervade the internet, so to be expected.

Amazon are likely involved in hosting the game servers.

The script kiddies, as to will they stop, not a chance and there is nothing you can do either.

As John said the packet loss is not caused by this, the port scans are normal and everyone is subject to them.

Packet loss is likely caused by network congestion.  You can search for 'cause of packet loss' and see if it sheds any more light for you.

I assume you have checked the line for noise by dialling 17070 option 2, should be no noise between announcements.

philbranton
Beginner
752 Views
Message 7 of 7

Re: Huge amount of firewall activity

Go to solution

Liam,

 

Yes I've tried the silent line test. I don't think I can hear anything. I'll scour my computer for Avast and Comodo remnants as to my knowledge I didnt think I had anything from those companies installed.

 

Many thanks for your replies. Very informative.

 

Regards,

 

Phl

0 Ratings