Does anyone know if there is a utility that can analyse the logifile from the BTHomeHubs? I am interested to see in plain language whats really happening. I can see numerous acccess attemps from all over the globe trying to get in. At this time the internal firewall is dropping these access attempts and logging them.
Presently i have to trawl through the logiles ans perform a "whois" look up to see where the remote access attempt originates from.Whilst i acknowledge this is normal behaviours for an internet facing devices i am looking to obtain a more verbose view of whats happening.
Ultimately looking to see if i should use a 3rd party firewall in front of the BThomeHUBx. Again acknowledge that the ftrewall would have to be configured to work with the BT domestic presentation.
It would be a futile exercise, as you will just waste lots of time looking up IP addresses, which may be spoofed anyway.
Certain Far Eastern countries will keep showing up on a regular basis anyway, usually running port scanners.
The firewall is doing its job, so I would worry. Nobody can access your network unless you have opened any incoming ports, or have an application running which is opening ports.
Disabling uPnP on the home hub is a good idea, so applications cannot open ports themselves.
As Keith says there is nothing out there to quickly analyse the data. As this is just a simple device there are no logging options to send it to another device for analysis. Ultimately so long as the packets are dropped by the firewall whats the problem? Like Keith says those packets are likely sourced from spoofed sources or are from compromised machines participating in a botnet. Additionally dont forget so long as you dont have any port forwards in place there is nowhere for the traffic to goto when it reaches your homehub. The NAT function on the router means that unless you forward a port (either manually or via uPNP) then there is on route to your internal network from the internet. All the packets would terminate on the router which even without either isnt listening on the destination port or if its the port for the web interface its filtered within the process.