What are all these TCP Packets Being Dropped by My Router?

[Preston]

Just bought a Netgear firewall (SPI)/Router. In the router's security log, there are several TCP packets that are listed as dropped. What are all these packets coming to me? Is someone pinging me? Or are these packets coming from my ISP?

BTW...using SBC DSL.

[jackjones]

It is totally impossible to tell you anything about the packets that your Router is dropping and why you are recieving them when you don't give us anymore information. I would whoever not give it a second thought if I were you. The internet is full of "noise".

[Preston]

Some of these packets are UDP and some TCP....there are several entries in the log saying that a packet was dropped from an IP address (several different ones) because of default inbound rule (which says to block all inbound services)...

Some of the sources are:

Source:12.7.210.242
Source:12.211.244.219
Source:61.6.137.46

Is this a normal to see all these inbound packets being dropped by the firewall? (This is my first SPI firewall).


Preston

[jackjones]

yes, it's very normal.

[Preston]

Are thes 'pings' from other people, the so called door rattlers? Or something from my ISP?

[Redo40]

Could be both. In most cases, it's not anything to worry about.

[mbossman2]

with stateful firewalls, most unsolicited packets are just dropped as the can not pass the security checks of the firewall unless you allow for such traffic (like you are hosting a website).

Don't get too obsessed with the security logs, there is so much traffic out there that just plain old does not concern you that if you investigate every entry in the log, you will never have time to do anything else.

(of course you can ignore this unless your ultimate goal is to become an internet security guru and then, by all means dig thru the logs and find out everything that you can).

[jeresimo]

If you want to verify those IP numbers, you could DL a free utility called Neo Express and satisfy your curiousity.

[Preston]

Neo Express...do you have link for that one? Couldn't find it...

[jeresimo]

http://web.utanet.at/peuker/schutz.htm

Scroll down and look for NEO TRACE EXPRESS (but I suggest you scan it with your AV before installing it. I can not vouch for the integrity of the site though)

(Note to Moderator: Pls feel free to delete this post if you think this is not proper to be posted here)

[Preston]

Wow....don't get me wrong, I'm not obsessing over these security logs (just trying to understand what's going on out there), but there have been a couple of hundred of dropped packets over the past 24 hours!

Even if they are harmless, it's darn nice to have this firewall! Should have gotten one a long time ago. Have to say I second all the recommendations for firewalls.

I didn't have any luck finding Neo Trace, but I did grab 'nslook' from the PC Pitstop website....these packets are coming from all over the place....many of them from non-english websites.....