Hi, I was wondering if anyone could tell me what all these dropped packets mean on my computer. This goes on all day and all not long - dropped UDPs and ICMPs, mostly on port 92, every few seconds. I am a computer novice, by the way, so I don't really know too much about the terms I've written about. Thanks for any input in advance. Here's the firewall logfile: 003-10-21 00:01:54 DROP ICMP 24.195.156.251 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:01:59 DROP ICMP 24.195.74.133 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:19 DROP UDP 203.197.199.185 24.194.14.115 32796 1026 518 - - - - - - - 2003-10-21 00:02:21 DROP ICMP 24.194.81.1 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:25 DROP ICMP 24.195.55.28 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:27 DROP ICMP 24.194.17.142 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:31 DROP ICMP 24.194.57.213 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:40 DROP ICMP 24.195.149.120 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:42 DROP ICMP 24.192.55.241 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:43 DROP ICMP 24.194.22.64 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:53 DROP ICMP 24.192.90.130 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:55 DROP ICMP 24.196.179.136 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:02:56 DROP ICMP 24.194.67.198 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:03:06 DROP ICMP 24.195.133.31 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:03:16 DROP ICMP 24.192.80.158 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:03:18 DROP ICMP 24.197.89.235 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:03:24 DROP ICMP 24.194.76.112 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:03:32 DROP ICMP 24.192.65.241 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:03:58 DROP ICMP 24.195.48.168 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:04:04 DROP UDP 24.194.14.115 24.194.15.255 137 137 78 - - - - - - - 2003-10-21 00:04:08 DROP ICMP 24.192.141.50 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:04:08 DROP UDP 24.194.14.115 24.194.15.255 138 138 202 - - - - - - - 2003-10-21 00:04:08 DROP UDP 24.194.14.115 24.194.15.255 137 137 78 - - - - - - - 2003-10-21 00:04:10 DROP ICMP 24.195.148.40 24.194.14.115 - - 92 - - - - 8 0 - 2003-10-21 00:04:12 DROP UDP 24.194.14.115 24.194.15.255 138 138 202 - - - - - - - 2003-10-21 00:04:12 DROP UDP 24.194.14.115 24.194.15.255 137 137 78 - - - - - - - 2003-10-21 00:04:17 DROP UDP 24.194.14.115 24.194.15.255 138 138 211 - - - - - - - 2003-10-21 00:04:38 DROP ICMP 24.196.162.101 24.194.14.115 - - 92 - - - - 8 0 - 2

Very basically, dropped packets are clusters of info (as packets are how info is moved around on the web) that arrive at your PC/Network at tcp,udp ports, icmp, etc. and are deemed possibly unsafe by your firewall or router. The idea is that with a router that is Stateful Packet Inspection equipped, only those packets that the PC user requests (clicks) are allowed back in, in the form of a reply, so thus any other "unsolicited" packets would be "dropped" thereby protecting the network. There's so much more to it technically, but you get the idea. Also, all those IPs in your log posted, are from ROADRUNNER, likely your Internet Service Provider. Dropped packets are nothing to worry about as they show that your protection is in place, however a better question would be what has gotten through to the PC (?), in other words what was not "dropped", as that could be a real threat, if it was allowed in under false pretenses. If you study your security/firewall logs, look for patterns and obviously constant hits from the same source, as that may show you could be under attack at that time, but as long as they are safely dealt with, then you security is holding up.

Thanks EC for the quick and thorough reply. Glad there's nothing to worry about. Looks like the firewall is doing its job. You were a big help!

They are not on your port 92, that column denotes the size of the packet. The more concerning thing in your firewall log is that you have two other scans occuring with this scan (just like I do). Im wondering if you notice that the SOURCE IP there is actually your OWN IP on some of these scans. I too am on RoadRunner, and I too have the same sets of entries in my firewall like you with scans registering as if they are coming from my own IP (i am only logging dropped packets). Would you look and tell me if this is the case for you aw well? Does anyone have more info on this? I know there has been a packet storm for over a year, concerning many, on port 137. I am finding that the actual pattern is port 137 and 138, repeating with definite consistency. Im getting hit hundreds of times a day in this pattern, which includes the packets you were writing about- the ones that you said are coming on PORT 92- when in fact there is NO INFORMATION about the packets other than they are ICMP and the - 8 0 - at the end of the line is ICMP CODE and TYPE. There are 2 dashes between the dest IP and the 'size' parameter which is 92. In total, there are three different scans here that keep repeating. 3 scans on port 138, 12 scans on port 137, and then 3 scans on the UNKNOWN port, with a size of '92'. DOES ANYONE have any idea what any of these three probes are coming from? Opaserv worm is the suggested source of the port 137, but what about the rest? 2003-11-07 12:53:31 DROP UDP 68.173.153.10 68.173.159.255 138 138 202 - - - - - - - 2003-11-07 12:53:31 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:32 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:33 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:36 DROP UDP 68.173.153.10 68.173.159.255 138 138 202 - - - - - - - 2003-11-07 12:53:36 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:36 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:37 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:40 DROP UDP 68.173.153.10 68.173.159.255 138 138 202 - - - - - - - 2003-11-07 12:53:40 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:41 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:41 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:44 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:45 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:46 DROP UDP 68.173.153.10 68.173.159.255 137 137 78 - - - - - - - 2003-11-07 12:53:52 DROP ICMP 68.172.20.162 68.173.153.10 - - 92 - - - - 8 0 - 2003-11-07 12:57:09 DROP ICMP 68.173.46.97 68.173.153.10 - - 92 - - - - 8 0 - 2003-11-07 13:02:12 DROP ICMP 68.173.21.62 68.173.153.10 - - 92 - - - - 8 0 - thanks for any insights !!

Hey, another Road Runner user here and I am wiped out. I am getting hit at 5000 an hour with these. Mostly TCP at first and now ICMP's by the thousands an hour. All dropped packages and shown as originating all over the globe. From China to Japan to Kansas to Uruguay. Some are located in the middle of the Pacific ocean. They are all targeting my assigned Road Runner IP address and at all different ports. And nobody knows what's going on? My router people said contact your domain server, my domain server said contact the isp. The isp says, "You subscribed to these." Hello? The kids don't even get to play games because I am so security conscious. Nov/24/2003 21:26:13 Drop TCP packet from WAN src:217.132.69.172:2410 dst:67.9.151.52:61818 Rule: Default deny Nov/24/2003 21:26:11 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61805 Rule: Default deny Nov/24/2003 21:26:11 Drop TCP packet from WAN src:217.132.69.172:2410 dst:67.9.151.52:61814 Rule: Default deny Nov/24/2003 21:26:10 Drop TCP packet from WAN src:217.132.69.172:2410 dst:67.9.151.52:61818 Rule: Default deny Nov/24/2003 21:26:10 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61802 Rule: Default deny Nov/24/2003 21:26:08 Drop TCP packet from WAN src:217.132.69.172:2410 dst:67.9.151.52:61814 Rule: Default deny Nov/24/2003 21:26:07 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61800 Rule: Default deny Nov/24/2003 21:26:05 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61805 Rule: Default deny Nov/24/2003 21:26:03 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61802 Rule: Default deny Nov/24/2003 21:26:02 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61805 Rule: Default deny Nov/24/2003 21:26:01 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61800 Rule: Default deny Nov/24/2003 21:26:01 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61802 Rule: Default deny Nov/24/2003 21:25:58 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61800 Rule: Default deny Nov/24/2003 21:25:56 Drop TCP packet from WAN src:172.194.238.214:1311 dst:67.9.151.52:61796 Rule: Default deny Nov/24/2003 21:25:41 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61773 Rule: Default deny Nov/24/2003 21:25:39 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61771 Rule: Default deny Nov/24/2003 21:25:37 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61770 Rule: Default deny Nov/24/2003 21:25:35 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61773 Rule: Default deny Nov/24/2003 21:25:34 Drop ICMP packet from WAN src:67.11.149.110:8 dst:67.9.151.52:0 Rule: Default deny Nov/24/2003 21:25:33 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61771 Rule: Default deny Nov/24/2003 21:25:32 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61773 Rule: Default deny Nov/24/2003 21:25:31 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61770 Rule: Default deny Nov/24/2003 21:25:30 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61771 Rule: Default deny Nov/24/2003 21:25:28 Drop TCP packet from WAN src:66.177.126.67:2007 dst:67.9.151.52:61770 Rule: Default deny Nov/24/2003 21:25:25 Drop TCP packet from WAN src:172.194.238.214:1311 dst:67.9.151.52:61755 Rule: Default deny Nov/24/2003 21:25:20 Drop TCP packet from WAN src:172.194.238.214:1311 dst:67.9.151.52:61755 Rule: Default deny Nov/24/2003 21:25:18 Drop TCP packet from WAN src:172.194.238.214:1311 dst:67.9.151.52:61758 Rule: Default deny Nov/24/2003 21:25:15 Drop TCP packet from WAN src:172.194.238.214:1311 dst:67.9.151.52:61755 Rule: Default deny Nov/24/2003 21:25:13 Drop TCP packet from WAN src:68.54.60.9:1214 dst:67.9.151.52:61748 Rule: Default deny Nov/24/2003 21:25:02 Drop TCP packet from WAN src:211.28.249.225:1339 dst:67.9.151.52:61737 Rule: Default deny Nov/24/2003 21:24:55 Drop ICMP packet from WAN src:67.9.247.74:8 dst:67.9.151.52:0 Rule: Default deny Nov/24/2003 21:24:55 Drop ICMP packet from WAN src:67.11.192.25:8 dst:67.9.151.52:0 Rule: Default deny Nov/24/2003 21:24:41 Drop ICMP packet from WAN src:67.9.23.87:8 dst:67.9.151.52:0 Rule: Default deny Nov/24/2003 21:24:38 Drop TCP packet from WAN src:208.180.252.70:1135 dst:67.9.151.52:61726 Rule: Default deny