Log from my Router

[YoshiSato]

I just got my new Dlink Gigabit, wifi, "gaming" router(upgraded from a POS Linksys router) and I've been looking over my logs.

I have no idea what these lines mean. My router seems to be blocking alot of ICMP from the computer on the DMZ going to random IP addresses. I don't think this is some kind of security breach because the to IPs are all random. Below is a partial list of what I'm talking about.
Is this a cause for worry? How can I stop this machine from sending these packets.

[INFO] Sun Mar 12 22:29:09 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 87.218.125.90
[INFO] Sun Mar 12 22:29:07 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 195.251.17.207
[INFO] Sun Mar 12 22:29:07 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 217.190.32.58
[INFO] Sun Mar 12 22:29:04 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 87.218.125.90
[INFO] Sun Mar 12 22:29:04 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 203.214.23.75
[INFO] Sun Mar 12 22:29:03 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 68.6.244.6
[INFO] Sun Mar 12 22:28:59 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 83.85.5.41
[INFO] Sun Mar 12 22:28:58 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 84.187.204.121
[INFO] Sun Mar 12 22:28:56 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 84.145.118.6
[INFO] Sun Mar 12 22:28:54 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 220.233.30.75
[INFO] Sun Mar 12 22:28:53 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 12.223.130.206
[INFO] Sun Mar 12 22:28:52 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 68.187.74.177
[INFO] Sun Mar 12 22:28:52 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 84.122.243.4
[INFO] Sun Mar 12 22:28:52 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 88.73.207.208
[INFO] Sun Mar 12 22:28:52 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 84.182.89.77
[INFO] Sun Mar 12 22:28:51 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 80.144.101.171
[INFO] Sun Mar 12 22:28:50 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 83.85.5.41
[INFO] Sun Mar 12 22:28:50 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 64.229.15.82
[INFO] Sun Mar 12 22:28:48 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 67.188.7.15
[INFO] Sun Mar 12 22:28:48 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 83.132.254.97
[INFO] Sun Mar 12 22:28:48 2006 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.25 to 84.161.112.211

 

[Atheus]

ICMP type 3 is destination unreachable, can't think why it would block those...

Why do you have a machine in DMZ?

 

[Thoreau]

Without knowing what that machine is supposed to be doing (is it a file server, email, game, etc.?) it's difficult to know for certain what that traffic means. On the other hand, I can't think of a single valid reason for a machine to be trying to send traffic to so many different IP's unless perhaps you're grabbing torrents or using some other form of P2P sharing.

It would probably be best to take that machine offline and examine it for any malware/virii/bad stuff© to be safe. And I definitely second Atheus' question of why you have a machine in a DMZ anyway.

 

[nweaver]

I would figure out what the box is SUPPOSED to be doing, and then take a small sample of packtes off the wire and analyze them.

 

[YoshiSato]

Well I disabled DMZ and I found out that these requests are for port 6881.

I'm now getting tons of blocked incomming requests on this port. I believe this is the bittorrent port number thing is I'm not running bit torrent and the computer I suspect has been "neturalized", yet the requests keep comming.


The machine on the DMZ is my gaming machine. Configuring all the ports can be a pain in the butt,