| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: Suggestions / Feedback
Thread: I don't think grid.worldcommunitygrid.org is attacking my router, but ... well, what is this? |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 10
|
|
| Author |
|
|
sgoll
Advanced Cruncher Joined: Oct 24, 2006 Post Count: 87 Status: Offline Project Badges: 
|
Hello,
----------------------------------------please don't get me wrong. I'm not complaining, I simply like to know why I get this entries in my routers iptables log. This router is crunching and also does NAT for some other crunchers behind him. alix02:~# fwlogwatch -d |grep 198.20.8.241 1 tcp packet from 198.20.8.241 to 91.38.219.38 port 55084 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 42897 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 44284 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 40894 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 54466 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 54499 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 54500 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 33313 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 33314 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 37572 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 52687 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 52689 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 52690 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 60356 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 38953 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 49305 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 47452 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 50193 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 50195 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 52418 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 52419 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 59206 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 40760 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 43610 1 tcp packet from 198.20.8.241 to 91.38.210.161 port 56083 alix02:~# nslookup 198.20.8.241 Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: 241.8.20.198.in-addr.arpa name = grid.worldcommunitygrid.org. The reason behind my question is: I like to tarpit some "attackers" that try to connect to port 445 (and maybe other ports) ... and I strongly dislike to be disconnected from the WCG as a "side effect". Thank you.  |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Hello sgoll,
Why did my firewall just log an attempt to access my computer right after I visited the World Community Grid website? Some users have noticed, via their software firewall, that trace-route scans apparently coming from IBM domains occur after communicating with the World Community Grid server. These are in fact normal and not someone trying to break into your machine. These are used to measure which of several paths through the Internet give the best communication performance to your machine. The servers are located in a massive hosting center, which regularly optimizes traffic between users and the servers by shifting communications among several Internet providers, depending on the destination and trace-route measurements. Your post does not look like the trace-route scans mentioned above. It looks like somebody trying a port scan. Apparently your firewall is doing it's job and bouncing them. If you like, try blocking that particular scan without totally blocking WCG. An attacker can spoof any identity, of course. Lawrence |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I think these are common valid entries, over what time do these occur (seems like you got the forced telekom disconnect in-between)?
If you download multiple files, the port of your firewall change with every file transferred, so this looks ok to me. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Plz see Help/Hilfe/Aiuto/Aide/Помощь link, 3rd item: http://www.worldcommunitygrid.org/help/viewSearch.do?searchString=scan
--//-- |
||
|
|
JollyJimmy
Advanced Cruncher USA Joined: Aug 23, 2005 Post Count: 115 Status: Offline Project Badges: 
|
Non-authoritative answer: Cool! Is this a tool one can find on the net?241.8.20.198.in-addr.arpa name = grid.worldcommunitygrid.org. |
||
|
|
JollyJimmy
Advanced Cruncher USA Joined: Aug 23, 2005 Post Count: 115 Status: Offline Project Badges:
|
This router is crunching And on second thought: Even cooler!How do you get a router (or net appliances in general, like NAS drives) to crunch? Is this one of those, umm, "corporate switchboards", or is this something I can also do at home? If the latter - Nowadays almost everybody with broadband access at home also has a router. We could unlock some serious crunching potential! |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Was recently reading of virtualization of DNS routers :O)
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
This router is crunching And on second thought: Even cooler!How do you get a router (or net appliances in general, like NAS drives) to crunch? |
||
|
|
pirogue
Veteran Cruncher USA Joined: Dec 8, 2008 Post Count: 685 Status: Offline Project Badges: 
|
This router is crunching And on second thought: Even cooler!How do you get a router (or net appliances in general, like NAS drives) to crunch? Based on the original post, it looks like he's using a linux machine as his router/firewall. |
||
|
|
sk..
Master Cruncher http://s17.rimg.info/ccb5d62bd3e856cc0d1df9b0ee2f7f6a.gif Joined: Mar 22, 2007 Post Count: 2324 Status: Offline Project Badges: 
|
I think he either means that the router is allowing WCG tasks in and out and acts as a NAT forwarder or it's a server with NAT and routing setup. I doubt he wants to install linux and Boinc to run WCG tasks on an average household router, or his watch.
|
||
|
|
|