# Kernel: Intrusion



## Mabusi (Jun 30, 2008)

Hi

Lately something has been bothering me a bit. As soon as I play a MP3 I see a lot of activity on my Router. This seems to be quite consistent. This made me a bit suspicius so I went and checked my router ( DSL-2500U ) 's activity log. I'm getting quite a bit of the following alerts:

Kernel: Intrusion - IN = ppp_8_35_1 OUT = MAC = 
SRC = 41.247.98.27 DST = 41.247.178.91 LEN .....

I'm not to sure what to make of this. Could it be farfetched to think that as soon as I play an MP3, It spews it out somewhere or am I just being a bit paranoid. Somebody did do some work on my computer a while ago and I was not present.


----------



## lotuseclat79 (Sep 12, 2003)

Hi Mabusi,

Welcome to TSG!

When you first connected your system together, did you change the default router admin password? This is often overlooked by many, and is a vector of attack for malware. The default admin passwords are posted on the Internet.

That is one change you should make.

After making the change, I suggest you visit the Kaspersky.com web site and let them do a full free virus scan of your system over the Internet for malware. Trendmicro.com is another full scan web site. I would certainly let both do a full scan of my system in your situation.

At the very worst case, you may need to do a full reinstallation of Vista, and hope that your BIOS chip is not compromised (in which case, you would need a new BIOS chip).

Note: Vista has good inbound firewall (software) protection, but no outbound firewall protection (by which a miscreant would "phone home" with compromising information from your system). Suggest you get ZoneAlarm Free software firewall for outbound protection. Other firewalls a also very good for outbound protection, but require payment.

-- Tom


----------



## Mabusi (Jun 30, 2008)

Hi

I have changed all my passwords, Router's and Computer's after the installation.

Also did a "Deep System Scan" with BitDefender just recently, but it didn't come up with any surprises.


----------



## TechOutsider (Jun 9, 2008)

It could just be an annoying neighbor.


----------



## Mabusi (Jun 30, 2008)

Hi

What about a "System Restore" to a point before I made the internet connection??

Mabusi


----------



## lotuseclat79 (Sep 12, 2003)

Sounds like it is worth a shot, if you are confident with System Restores.

-- Tom


----------



## Mabusi (Jun 30, 2008)

Hi

"System Restore" seems to be out of the question. I cant go that far back ( about 6 months ). Furthermore I did a scan at "Kaspersky.com" and it didn't come up with anything. Also tried "TrendMicro.com" but this site gave me a bit of a problem , maybe "Housecall" does not support Vista ?

So now maybe a OS Re-installation ? Only problem is, I did not get my 
"Windows Vista Home Basic" on a CD with my system . What now?


----------



## Mabusi (Jun 30, 2008)

Hi

Looking at my router's log file I noticed something else now : The "Kernel : Intrusion ...." message I've been getting seems to come up every 10min & 
18secs. Quite consistently. So I dont know wether there is any link between that and the activity on my router everytime when I play a MP3.

So instead of one problem it looks like I've got 2. There is not perhaps a way of capturing the data to see what the router is actually sending/
receiving at that point in time when I play the MP3?


----------



## lunarlander (Sep 22, 2007)

Microsoft has a free network sniffer.

http://www.microsoft.com/downloads/...9d-f4d8-4213-8d17-2f6dde7d7aac&DisplayLang=en


----------

