# Network, computer sending weird packets.



## join993

Hello. We've been having issues here at home with our network for some time. We've tried many different routers, and now we're tierd of it and decided to get to the bottom of the issue.

Now, after looking in the logs, we found out that there is a computer that's sending around all kinds of different packets etc, the latest being netBIOS'. I think this is why the router randomly shuts all of us out of the network, these netBIOS' get sent around nearly all the time, sometimes with up to 3 in 1 second. Now, after just having a quick look at the problem, what we can make of the logs, it's a mac computer sending out all these packets and whatnot. Is this not weird? The person using this mac is careful about what he downloads, so to get spyware/maleware/whatever like this is VERY unlikely.

Not sure how all the other people on the network uses their computer, but I know that more than one of them are careless and will download pretty much anything.

Anyone had the same kind of issue? Can someone help? I'd prefer if we don't have to reformat most computers, but if we have to we'll do it.

I can post some screenshots of the logs, if anyone wants a better idea of what I mean.


----------



## donadoni

netbios is used for name resolution so depending on your set-up you may cause your self some problems disableing it

i found this on another forum

_*Use the built in firewall to stop the broadcasts.


sudo ipfw add 1 deny tcp from any to any 137 out
sudo ipfw add 2 deny udp from any to any 137 out*_

http://www.dslreports.com/forum/r19785490-OS-X-Disabling-NetBIOS-broadcasts-in-Leopard


----------



## join993

Ohh, thanks a lot! I will try this soon! The mac actually doesn't have a name on the routers client list... 

Another thing, while I'm at it. I see in the log of the router now, things like this "Router reply ICMP packet: ICMP(type:4, code:0)", the router allows this access. I also get "Unsupported/out-of-order ICMP: ICMP(type:3, code:3)", the router blocks this. Anyone that can shed some light onto this?


----------



## tlarkin

Can you post these logs?  OS X is very DNS dependent and can do some weird things, however netBIOS is an older technology.  What else is on the network, what is running DNS?


----------



## join993

Hmm... From my very limited knowledge of networking and such, nothing is running DNS. We have maybe 2 websites, but both of them are on a paid hoster. I don't know really how to check it though, as I said, I'm not very good with this. 

Here is the log. I know it doesn't look good, because it's a copy-paste. Johan-Dator is my computer, and the one without any name is probably the mac. Though this time there are only NetBIOS packets in the log, it's because the router restarted not to long ago. I can post another bit of log when I start to get other packets. 

The first IP number is the source, the second is the destination, the last piece of text is just a note. 

 1  	 02/09/2010 20:13:03 	 Successful WEB login 	 192.168.1.36 	   	 User:admin
2 	02/09/2010 20:09:50 	DHCP server assigns 192.168.1.38 to 	  	  	 
3 	02/09/2010 20:09:49 	DHCP server assigns 192.168.1.38 to 	  	  	 
4 	02/09/2010 20:09:49 	DHCP server assigns 192.168.1.38 to 	  	  	 
5 	02/09/2010 20:09:49 	DHCP server assigns 192.168.1.38 to 	  	  	 
6 	02/09/2010 20:09:49 	DHCP server assigns 192.168.1.38 to 	  	  	 
7 	02/09/2010 20:09:38 	DHCP server assigns 192.168.1.36 to Johan-Dator 	  	  	 
8 	02/09/2010 20:05:08 	DHCP server assigns 192.168.1.38 to 	  	  	 
9 	02/09/2010 20:05:07 	DHCP server assigns 192.168.1.38 to 	  	  	 
10 	02/09/2010 20:05:07 	DHCP server assigns 192.168.1.38 to 	  	  	 
11 	02/09/2010 20:05:06 	DHCP server assigns 192.168.1.38 to 	  	  	 
12 	02/09/2010 20:05:06 	DHCP server assigns 192.168.1.38 to 	  	  	 
13 	02/09/2010 20:02:26 	DHCP server assigns 192.168.1.38 to 	  	  	 
14 	02/09/2010 20:02:25 	DHCP server assigns 192.168.1.38 to 	  	  	 
15 	02/09/2010 20:02:25 	DHCP server assigns 192.168.1.38 to 	  	  	 
16 	02/09/2010 20:02:25 	DHCP server assigns 192.168.1.38 to 	  	  	 
17 	02/09/2010 20:02:25 	DHCP server assigns 192.168.1.38 to 	  	  	 
18 	02/09/2010 20:00:20 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
19 	02/09/2010 20:00:16 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
20 	02/09/2010 20:00:14 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
21 	02/09/2010 20:00:13 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
22 	02/09/2010 20:00:12 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
23 	02/09/2010 20:00:11 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
24 	02/09/2010 20:00:10 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
25 	02/09/2010 20:00:09 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
26 	02/09/2010 20:00:01 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
27 	02/09/2010 19:59:57 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
28 	02/09/2010 19:59:55 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
29 	02/09/2010 19:59:54 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
30 	02/09/2010 19:59:53 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
31 	02/09/2010 19:59:52 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
32 	02/09/2010 19:59:52 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
33 	02/09/2010 19:59:51 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
34 	02/09/2010 19:54:02 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
35 	02/09/2010 19:53:58 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
36 	02/09/2010 19:53:56 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
37 	02/09/2010 19:53:55 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
38 	02/09/2010 19:53:54 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
39 	02/09/2010 19:53:53 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
40 	02/09/2010 19:53:52 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
41 	02/09/2010 19:53:51 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
42 	02/09/2010 19:48:21 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
43 	02/09/2010 19:48:17 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
44 	02/09/2010 19:48:15 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
45 	02/09/2010 19:48:14 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
46 	02/09/2010 19:48:13 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
47 	02/09/2010 19:48:12 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
48 	02/09/2010 19:48:11 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
49 	02/09/2010 19:48:10 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
50 	02/09/2010 19:48:04 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
51 	02/09/2010 19:48:00 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
52 	02/09/2010 19:47:58 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
53 	02/09/2010 19:47:57 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
54 	02/09/2010 19:47:56 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
55 	02/09/2010 19:47:55 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
56 	02/09/2010 19:47:54 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
57 	02/09/2010 19:47:53 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
58 	02/09/2010 19:36:19 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
59 	02/09/2010 19:36:15 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
60 	02/09/2010 19:36:13 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
61 	02/09/2010 19:36:12 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
62 	02/09/2010 19:36:11 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
63 	02/09/2010 19:36:10 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
64 	02/09/2010 19:36:09 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
65 	02/09/2010 19:36:08 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
66 	02/09/2010 19:36:01 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
67 	02/09/2010 19:35:57 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
68 	02/09/2010 19:35:55 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
69 	02/09/2010 19:35:54 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
70 	02/09/2010 19:35:53 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
71 	02/09/2010 19:35:52 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
72 	02/09/2010 19:35:51 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
73 	02/09/2010 19:35:51 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
74 	02/09/2010 19:30:19 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
75 	02/09/2010 19:30:15 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
76 	02/09/2010 19:30:13 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
77 	02/09/2010 19:30:12 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
78 	02/09/2010 19:30:11 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
79 	02/09/2010 19:30:10 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
80 	02/09/2010 19:30:09 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
81 	02/09/2010 19:30:09 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
82 	02/09/2010 19:30:02 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
83 	02/09/2010 19:29:58 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
84 	02/09/2010 19:29:56 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
85 	02/09/2010 19:29:55 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
86 	02/09/2010 19:29:54 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
87 	02/09/2010 19:29:53 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
88 	02/09/2010 19:29:52 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
89 	02/09/2010 19:29:51 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
90 	02/09/2010 19:24:19 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
91 	02/09/2010 19:24:15 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
92 	02/09/2010 19:24:13 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
93 	02/09/2010 19:24:12 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
94 	02/09/2010 19:24:11 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
95 	02/09/2010 19:24:10 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
96 	02/09/2010 19:24:09 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
97 	02/09/2010 19:24:08 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
98 	02/09/2010 19:24:02 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
99 	02/09/2010 19:23:58 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
100 	02/09/2010 19:23:56 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
101 	02/09/2010 19:23:55 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
102 	02/09/2010 19:23:54 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
103 	02/09/2010 19:23:53 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
104 	02/09/2010 19:23:52 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
105 	02/09/2010 19:23:51 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
106 	02/09/2010 19:18:19 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
107 	02/09/2010 19:18:15 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
108 	02/09/2010 19:18:13 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
109 	02/09/2010 19:18:12 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
110 	02/09/2010 19:18:11 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
111 	02/09/2010 19:18:10 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
112 	02/09/2010 19:18:09 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
113 	02/09/2010 19:18:08 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
114 	02/09/2010 19:18:02 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
115 	02/09/2010 19:17:58 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
116 	02/09/2010 19:17:55 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
117 	02/09/2010 19:17:54 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
118 	02/09/2010 19:17:53 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
119 	02/09/2010 19:17:52 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
120 	02/09/2010 19:17:51 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
121 	02/09/2010 19:17:51 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
122 	02/09/2010 19:12:20 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
123 	02/09/2010 19:12:16 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
124 	02/09/2010 19:12:14 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
125 	02/09/2010 19:12:13 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
126 	02/09/2010 19:12:12 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
127 	02/09/2010 19:12:11 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK
128 	02/09/2010 19:12:10 	NetBIOS packet filtered! 	192.168.1.35 	192.168.137.1 	ACCESS BLOCK


----------



## tlarkin

Those are all coming from with in your network.  All 192.x.x.x are private IPs and would not ever come from the outside world.   Is your router running DNS?  DNS does not just do with websites, and I assume that IP 192.168.137.1 is your router?

It is probably trying to push netBIOS settings to the mac client over the port it uses and by default the ipfw is blocking that port.

What machine is 192.168.1.35?  Is it some kind of Windows server?


----------



## join993

We don't have any kind of server on the network. All computers on our network has a computer name when you look at the client list, except for the mac, there it's just an IP number and a MAC adress. 

I'll look into it, since the router changes the IP of the clients when we connect. 

I know that those all come from within the network, but from time to time we do have packets that have both source and destination as an outside IP.


----------



## join993

Okay, so after looking around and comparing the mac adresses, yes, the 192.168.1.35 is the mac. The 192.168.137.1, I think that's my xbox. And, I just found out it has something with DNS on it, the xbox's primary DNS server is at 192.168.137.1. Ahh, I do feel a bit stupid now. 

But still, that doesn't explain this I found in the log now. 

 1  	 02/09/2010 21:46:14 	 Unsupported/out-of-order ICMP: ICMP(type:3, code:3) 	 192.168.1.35 	 195.67.199.34 	 ACCESS BLOCK
2 	02/09/2010 21:46:13 	Unsupported/out-of-order ICMP: ICMP(type:3, code:3) 	192.168.1.35 	195.67.199.34 	ACCESS BLOCK
3 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
4 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
5 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
6 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
7 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
8 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
9 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
10 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
11 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
12 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
13 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
14 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
15 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
16 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
17 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
18 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
19 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
20 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
21 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
22 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
23 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
24 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
25 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
26 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
27 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
28 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
29 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
30 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
31 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
32 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
33 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
34 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
35 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
36 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
37 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
38 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
39 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK
40 	02/09/2010 21:43:47 	Packet without a NAT table entry blocked: ICMP(type:5, code:1) 	80.250.51.71 	213.64.51.239 	ACCESS BLOCK

EDIT: Oh, and I think that 192.168.1.1 is the router. That is the IP number I enter into my browser to access the router anyway. And, the second IP is the destination of the packet, so it'd still be a computer trying to send to the router, and not the other way around, I think.


----------



## tlarkin

Something from Amsterdam is hitting your router, or is that log from your Mac?  Are you running NAT on your router?

Perhaps Archangel is hacking you?


----------



## join993

Enable Network Address Translation, that box is checked, other than that, no other settings are entered, I don't know if it's on by default or if I have turned it on in my desperate attempts to fix the router by myself, though I don't think I have turned it on myself. 

That log is from my router, both the source and the destination of the packet is from outside the network. 

From looking at http://tools.whois.net/whoisbyip/, the destination is something that belongs to TeliaSonera AB Networks in Amsterdam, TeliaSonera is my ISP. 

And the source, I have no idea, it didn't make any sense to me on that site.

EDIT: Could it be any use to call my ISP and talk to them? Especially since the destination of these packets are to a TeliaSonera server or something in Amsterdam. I bought my router from them too, when my D-link was failing, so they should be able to give support for the router too. What do you think?


----------



## tlarkin

I would turn on NAT, by default it won't allow remote hosts to connect, in fact always keep it on.  That should stop those NetBIOS requests from coming in.  However, the strange part is that they are coming from your network??  I am wondering, do you have any older windows machines on the network?  NetBIOS really is not used anymore as everything is over TCP/IP


----------



## join993

I do have some XP machines, that are pretty old, but they still have XP. That's about the oldest on the network. If it's not the mac, then I don't really know.


----------



## join993

NAT is on by the way, and I still get weird packets. Might there be some kind of setting within NAT that I have to fiddle with?


----------



## tlarkin

Are you forwarding anything from the router to the Mac?


----------



## join993

Not sure, nothing that I know of anyway. Forwarding packets? I'm not very familiar with what you mean.


----------

