Again, thank you for the clear explanations Troy.
I'll keep those logs for myself then, I think I understand quite well what you are saying, arial gets boring after a while, hahaha.
1] I finally found a way to alter the PTM (Chinese for port-forwarding???) and port 80 is closed now. Word to the wise; only buy Chinese equipment if you actually can READ Chinese, lol, what a "manual" *fixed!*
2] Yes, both port 3389 and 445 are closed as well. In fact, all ports from 1-64.000(something) are "Stealth" now. *fixed*
3] Because the "intrusion-alert-frequency" has been upped to over 5 times a minute and annoys me a lot, I asked my ISP for a new IP, they refused, so now I got me a new provider that does that automatically AND on demand. Fixed?
One question just because I got really interested.., Does a low TTL (time-to-live?) mean the originating source is near or just that it didn't make as much hops all around the world? Or is this just that old infection-server-thing trying to reconnect? (It varies from 23 to well over a hundred)Or did I google all wrong here?
Last question, I have a whole heap of privately owned (as far as I can make out, that is)IPs in my logs, I checked quite a few and many are in the same country I live in myself. Can I do something for these people by sharing the data with police/banks or would that be totally useless and should they all just come here by themselves?
Greetings from the other side of the world, and a huge hug for all the people making this site, and thus my computer, WORK!
EDIT: One of my kids had a infected laptop 2 weeks ago after downloading some mod for some game, but I am sure this is resolved, as I re-installed that whole system immediately using the recovery disks and it is working just fine again. Sorry I forgot to mention that earlier, I thought I already did in my first post.
Edited by Dad_man, 28 March 2012 - 02:11 AM.