I have little experience in understanding what is going on, and I know... I really need to dive into the manuals. If I could get a few pointers to help with this incident, I would really appreciate it. I use a program called WallWatcher, which reports in "real time", the router logs from my old BEFRS41 router. I also use PeerBlock, where I will manually enter in various IP's that I want blocked. The image below contains a copy of the traffic that "bothers" me, and also includes a snippet of the router log file.
The router log initially shows a rejected incoming packet on port 23, immediately followed by a processed packet from the same IP on port 2323 and an outgoing response. I'm not sure why the router is allowing this to happen in the first place but... I find that I am getting a LOT of "queries" going to this port 2323 and they all seem to get processed. Most seem to be coming from places in Brazil, and I can't seem to stop them. Any suggestions? And yes, I have done full AV and malware scans using many different highly rated programs all with the latest definitions, and nothing has been found. Thanks kindly in advance :) Gary asked 14 Sep '16, 09:50  GaryM |
One Answer:
The Wireshark capture is showing the results of what the router is doing from the point of view of the internal side of your network, but can't tell you why. You'll need to find a support forum for your router\software to answer that. answered 14 Sep '16, 10:55  grahamb ♦ |
