Monday, June 28, 2010

Windows Firewall warnings; DoS RST warnings on logs from home routers

Today, I got an unusual warning from Windows Firewall and Internet Explorer when going to a particular television station website. I had to allow it, and then I restarted the machine. I did not get the warning again, and Webroot Spysweeper found no malware (other than the usual few spy cookies). I did not encounter any problems with Firefox or Chrome, and Web of Trust marks the site as green (good).

I went and looked at my home router logs, and found a few entries like this at about that time:

"[DoS Attack: RST Scan] from source: 65.55.197.115, port 80, Monday, June 28,2010 07:55:21"

Domain Tools showed that the IP address belongs to Microsoft, so I can only guess that an ad on the television station website tried to open an unusual and non-permitted port. Or perhaps it’s a real “Microslop” bug, since it’s not repeatable. The logs showed no evidence of neighborhood "wardriving."

NetGear’s own forum is here.

Apparently iPillion (here) collects complaints by ISP.

According to this writeup routers  normally warn of attempted attacks. But why the Firewall problem? The warnings are usually on Port 80.

No comments: