cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Aspiring Expert
2,366 Views
Message 1 of 9

IDS proto parser

last few days been getting loss of connection and checked my log to find these:

22:32:48  21 MayIDS proto parser : tcp data on syn segment (1 of 1) : 208.51.40.50 109.145.84.62 0048 TCP 80->30292 [S.A...] seq 2584009912 ack 2799536762 win 65535
22:17:26  21 MayIDS proto parser : tcp data on syn segment (1 of 1) : 208.51.40.50 109.145.84.62 0049 TCP 80->23626 [S.A...] seq 86295214 ack 303281271 win 65535
22:15:06  21 MayIDS proto parser : tcp data on syn segment (1 of 1) : 208.51.40.50 109.145.84.62 0045 TCP 80->32150 [S.A...] seq 3658408954 ack 763267955 win 65535

 

is this a bad thing and how do i stop it?

0 Ratings
8 REPLIES 8
Distinguished Sage
Distinguished Sage
2,346 Views
Message 2 of 9

Re: IDS proto parser

IDS is the intruder detection system which is part of the home hub software.
It just shows that it has blocked a possible incoming threat. Most of the time these are simply causes by Internet "noise", and are not really attacks.
They should not cause your connection to drop, unless you have one of the early home hubs which have a problem when the IDS log fills up.
0 Ratings
Aspiring Expert
2,341 Views
Message 3 of 9

Re: IDS proto parser

i tracked the ip address and it goes back to a us company bt use to prevent dos attacks so it looks ok to me
0 Ratings
Aspiring Expert
2,325 Views
Message 4 of 9

Re: IDS proto parser

it just happened again and i lost my connection
the ip 208.51.40.50 seems to be spamming my router
it traces back to Prolexic Technologies
is there a way to block their ip?
0 Ratings
Distinguished Sage
2,317 Views
Message 5 of 9

Re: IDS proto parser

the two are not related as if they were more people would be having your problem which is not the case disconnections can happen for many reasons
0 Ratings
Aspiring Contributor
2,311 Views
Message 6 of 9

Re: IDS proto parser

I've got exactly the same thing happening on my machine.  Thing is, I've been suffering from ever decreasing speeds and dropped connections for a few weeks now (think it could have been a faulty ASDL filter - but still monitoring).  Until about 0400 hours today, when I was asleep in bed, the Broadband Router had been running with no lost connections for 19 hours.

 

The IDS messages started four days ago, and on looking at Connections I don't have any for 21/05 - whole day missing, even though I was connecting.

 

I've looked everywhere to try and find how to clear these IDS logs out but there doesn't seem to be a way of doing it on Homehub 2.

 

I've run full security checks on my machine and nothing found.

 

Having now been up (ADSL connection running OK since 0400 hours, I'm loathe to restart the hub, if that is what is required, because BT will then lower my speeds ago.

 

Any ideas please?

 

Giselle

0 Ratings
Distinguished Sage
Distinguished Sage
2,305 Views
Message 7 of 9

Re: IDS proto parser

There is no way to clear the IDS stats unless you have a home hub 1 with version 6.2.2.6 firmware, which allows Telnet access.

I have disabled the IDS on my old version hub, as it gave too many false readings and caused losses of DNS when the log file filled up.

I do regular checks with Wireshark, to make sure nothing is getting into my network via the home hub, and no unauthorised data is being sent.
0 Ratings
Aspiring Contributor
2,298 Views
Message 8 of 9

Re: IDS proto parser

Thanks for replying so quickly.  I had a look at Wireshark and ran the demo video by Gerald Comb - but this is way above my level of comprehension!

 

I presume that I should not have someone trying to get in to my router, but that the router is stopping this behaviour (as far as it can?).  I also presume if they stop trying to get in to my computer, the logs will stop and run off the page eventually.  Is that right?

 

However, is it this intrusion which is slowing my machine down?  I've looked at everything else.

Tags (1)
0 Ratings
Distinguished Sage
Distinguished Sage
2,292 Views
Message 9 of 9

Re: IDS proto parser

The intrusions are not going to get past the firewall of the home hub, so they are not going to slow your machine down.

 

There are many reasons for computers to run slowly. If the computer runs slowly when it is not connected to the Internet, then the problem lies within your computer somewhere, depending on which operating system you are using.

 

The BT supplied software (on the CD) can make many computers run very slowly.

 

A common cause of slowdown is lots of temporary internet files caused by Internet Explorer allocating too much space. 5mb is more than enough on a broadband connection.

 

Wireshark is no use unless you have access to an Ethernet Hub (Not a switch), so you can intercept the Ethernet connection directly out of the Ethernet port on the home hub. It will not work on wireless connections.

 

You also need to know what to look for when using Wireshark.

 

I do not use the wireless on the home hub as it is too unreliable. I have a separate wireless access point using a spare BT Voyager modem.

 

 

0 Ratings