Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
WHS Prob with internet access? WAC Spoof or what? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    I keep getting this log on my D-Link DIR-655 router.  It looks like someone is try to access my network but I can't figure out how?  The MAC addresses change but the message remains the same.  I've noticed it for the last few weeks and it is a few times a day.  I turn off the wireless and it is still happening so I think it might be users trying to access my "server" through it's internet access?
    Any Ideas?

    Thanks
    Gary

    [INFO] Sat Feb 14 10:14:41 2009 Access denied to LAN system with MAC address 1EC736DC1EC7
    [INFO] Sat Feb 14 10:14:39 2009 Access denied to LAN system with MAC address 1ECA36DC1ECA
    [INFO] Sat Feb 14 10:14:38 2009 Access denied to LAN system with MAC address 1ECB36DC1ECB
    [INFO] Sat Feb 14 10:14:37 2009 Access denied to LAN system with MAC address 1ECC36DC1ECC
    [INFO] Sat Feb 14 10:14:27 2009 Access denied to LAN system with MAC address F64E36DCF64E
    [INFO] Sat Feb 14 10:14:23 2009 Access denied to LAN system with MAC address F64F36DCF64F
    [INFO] Sat Feb 14 10:14:21 2009 Access denied to LAN system with MAC address F65036DCF650
    [INFO] Sat Feb 14 10:14:20 2009 Access denied to LAN system with MAC address F65136DCF651
    [INFO] Sat Feb 14 10:14:19 2009 Access denied to LAN system with MAC address F65236DCF652
    [INFO] Sat Feb 14 10:14:17 2009 Access denied to LAN system with MAC address 001636DC4AC0
    [INFO] Sat Feb 14 10:14:15 2009 Access denied to LAN system with MAC address E88236DCE882
    [INFO] Sat Feb 14 10:14:11 2009 Access denied to LAN system with MAC address E88336DCE883
    [INFO] Sat Feb 14 10:14:09 2009 Access denied to LAN system with MAC address E88436DCE884
    [INFO] Sat Feb 14 10:14:08 2009 Access denied to LAN system with MAC address E88536DCE885
    [INFO] Sat Feb 14 10:14:07 2009 Access denied to LAN system with MAC address E88636DCE886
    [INFO] Sat Feb 14 10:14:05 2009 Access denied to LAN system with MAC address 001636DC03A5
    Saturday, February 14, 2009 4:28 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Gary,
    while this is not a specific home server matter, this log shows the importance of a Firewall protecting your network.
    At any time malware bots are roaming through the Internet and trying to break in to PCs and take them over. This is why a PC, which is put unprotected to the Internet (without Firewall enabled, via direct modem connection) is usually infected within a few minutes.
    That your router denies the access seems to show, that the access is attempted over ports, which do not belong to Windows Home Server, but are known for vulneribilities of Windows or other software.
    Best greetings from Germany
    Olaf
    Sunday, February 15, 2009 6:37 AM
    Moderator

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Gary,
    while this is not a specific home server matter, this log shows the importance of a Firewall protecting your network.
    At any time malware bots are roaming through the Internet and trying to break in to PCs and take them over. This is why a PC, which is put unprotected to the Internet (without Firewall enabled, via direct modem connection) is usually infected within a few minutes.
    That your router denies the access seems to show, that the access is attempted over ports, which do not belong to Windows Home Server, but are known for vulneribilities of Windows or other software.
    Best greetings from Germany
    Olaf
    Sunday, February 15, 2009 6:37 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    Olaf:Thank you for the input!  I was just kinda curious if the WHS internet access had any thing to do with it...  They are back at it today! I have 1600 entries in my log for "access denied for MAC address...", and that is in just 14 hours!
    Gary
    Monday, February 16, 2009 8:12 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    OK..I j just ran "Shields Up" and port 443 is open.  I think it is ope n for WHS.   Is this ok? Is that why the hacker can "see" me and are trying a MAC spoof?
    What do you think?
    Thanks
    Gary
    Monday, February 16, 2009 8:29 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Windows Home Server uses the ports 80 (sort of optional; WHS will function even if it's blocked, though it's inconvenient), 443, and 4125 (required for the "Computers" tab in the Remote Access web site to function). So yes, 443 should be open.

    They're trying to spoof a MAC address because they would like to penetrate your network and see what they can get their hands on. Almost certainly WHS has nothing to do with it.
    I'm not on the WHS team, I just post a lot. :)
    Monday, February 16, 2009 8:55 PM
    Moderator