Helping people with computers... one answer at a time.

Any device sitting on the internet is subject to a constant stream of "internet background noise". It's why you really want to be behind a firewall.

I went into my router to change my password from "admin", and checked the log. There were a lot of "unrecognized access" from random IP addresses, to a set of fairly random ports. Are these the pages I am reading on the internet, or random attempted hacks into my computer network?

You would be amazed at the amount of malicious network traffic on the internet. At least one security guru has coined the term "Internet Background Noise" for all this traffic.

What is it?

I'll put it this way: it's the reason you must have a firewall.

To put it bluntly, yes, those are most likely attempted hacks into your computer or computer network.

But please don't think that there's someone out trying to get to you. You are most definitely not alone. They're trying to get to anyone. Anyone who's not protected, not up to date, or otherwise has some kind of vulnerability.

Here's what's going on.

Computers can be really dumb, but they make up for it by being really fast and/or really persistent.

Malware authors can take advantage of that by writing malicious software that, effectively, goes out and checks every possible IP address for a computer with known vulnerabilities. If a vulnerability is found the malware then infects that computer and moves on to the next.

Now, "every possible IP address" is a lot of IP addresses. It's measured in the billions. And yes, checking each one is kind of a stupid way to go about it. But here's where persistence pays off - one computer starts scanning. It eventually finds one that's vulnerable to attack, so it infects that computer with a virus, and the scanning software. Now the first computer keeps looking for more, and the second computer starts looking as well. Each time another computer is found to be vulnerable, it's infected and added to the legion of computers that are out scanning for more vulnerable computers.

Eventually your IP will come up. If you're vulnerable, you'll be infected, and your computer will join the crowd. If, however, you're not vulnerable by virtue of being behind a firewall, being up-to-date on all your operating system patches, or both, then the computer attempting to infect you will see that it cannot, and move on.

Now you know why you need a firewall. Any machine sitting "naked" on the internet is subject to these constant attempts to exploit known vulnerabilities. Your router log is showing these attempts. Your router is acting as firewall and preventing them from reaching a "real machine".

"But the sad fact is that there are a large number of folks who still do not adequately protect themselves."

So where are all these vulnerability probes coming from? Infected machines. In fact, the owners of those machines probably have no idea that their machine is participating in this activity.

So why don't those folks just clean, patch and protect their machines?

Why indeed.

They should. But the sad fact is that there are a large number of folks who still do not adequately protect themselves. And these folks, in turn, are putting the rest of us at risk. In fact, much of this "internet background noise" are computers infected with viruses that are several years old, and for which patches have also been available for several years.

So, yes, as I and others have been preaching almost daily, it's critical to keep your machine up to date and get behind a firewall so as to avoid becoming one of those machines trying to infect everyone else.

And to protect yourself from everyone who doesn't.

Article C2949 - March 1, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

7 Comments
jerry seibel
March 2, 2007 9:30 PM

Hi Leo,I enjoy your newsletter. Especially the "to the point" answers and descriptions you give.My brain is getting quite old, but i do remember the Wireless tech telling me i don't need all those firewalls because their equipment keeps changing, the IP address? I did check and i have a Nate. Thanks,js

Leo A. Notenboom
March 3, 2007 10:01 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It depends on a lot of different things.

If you are on dial-up you get a new IP each time. I used to believe that
you didn't need a firewall in that case, but have since changed my mind.

MOST broadband connections also give you a new IP address occasionally,
but it's definitely not "changing all the time". Firewall of some sort
required.

What he *may* have been refering to is that you may already be behind a
net router which acts as a firewall. That's how I run here at home. My
router acts as my firewall for all my machines, and the machines
themselves do NOT run any additional firewall software.

But even if your IP changes, the random scans that I discuss in the
article are still happening, and could quite easily hit your IP address.

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF6bgzCMEe9B/8oqERApycAJ4wrg+0XQuC4IgThMTknkjbmsOxQQCgiatm
jLmlIv38hqKpPJI4YuBKu10=
=3RO0
-----END PGP SIGNATURE-----

salih abdulbaki
March 6, 2007 12:18 AM

I have a NAT router,its an external
modem provided by our ISP after we sign up for our DSL internet connection.i tried to get into it, but i just don't know where to start.do i need a software to get into to my router's setting?can you please help me out?

Jon Turnbull
March 7, 2007 7:49 AM

Try opening your web browser and typing dslrouter in the address bar. If you're with Verizon and you have the Westell router they usually supply, the default username is admin and the default password is password.

Paul Mierop
January 6, 2009 11:46 AM

Do I have to change the IP address of my router? (IP address to connect or setup the router is always the same on different routers). Can some one access my router from the outside and change the setup, passwords or break into my internal wireless connection security code?

Arjun. Singh
January 21, 2009 7:43 AM

How can I check logs on my Switch/router

Kas
June 3, 2010 11:43 PM

Is a software firewall good enough for those lacking money?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.