Accessibility Resource Center
Skip to main content
Shop
Shop
-
Shop all
- Deals Deals
- Devices Devices
-
Accessories
Accessories
Accessories
- Shop all accessories
-
Phone accessories
Phone accessories
Phone accessories
-
Tablet accessories
Tablet accessories
Tablet accessories
-
Watch accessories
Watch accessories
Watch accessories
- Charging
- Audio
- Gaming
- Smart home
- Deals
-
Plans
Plans
Plans
- Shop all plans
- Unlimited
- International services
- Connected devices
-
Those who serve
Those who serve
Those who serve
- Student plans
-
Other plans
Other plans
Other plans
- Bring your own device
- Home Home
- Prepaid Prepaid
-
+play
-
+play
- Entertainment Entertainment
-
Apps & add-ons
Apps & add-ons
Apps & add-ons
-
Business
Why Verizon
Support
Support
Choose your cart
Choose your cart
Have a phone you love? Get up to $500 when you bring your phone. OR get iPhone 13, on us for a limited time. With Select 5G Unlimited plans. Buy now
Receive up to $504 promo credit ($180 w/Welcome Unlimited, $360 w/ 5G Start, or $504 w/5G Do More, 5G Play More, 5G Get More or One Unlimited for iPhone plan (Welcome Unlimited and One Unlimited for iPhone plans can't be mixed w/other Unlimited plans; all lines on the account req'd on respective plans)) when you add a new smartphone line with your own 4G/5G smartphone on an eligible postpaid plan between 2/10/23 and 4/5/23. Promo credit applied over 36 months; promo credits end if eligibility requirements are no longer met.
$699.99 (128 GB only) device payment purchase or full retail purchase w/ new smartphone line on One Unlimited for iPhone (all lines on account req'd on plan), 5G Start, 5G Do More, 5G Play More or 5G Get More plan req'd. Less $699.99 promo credit applied over 36 mos.; promo credit ends if eligibility req’s are no longer met; 0% APR.
end of navigation menu
Sign in
- Verizon Community
- Categories
- Home
- Products
- Home Internet (Fios and High Speed)
- G3100 Firewall Warning Message - Suspect IP Addres...
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
1,169 Members online 255K Discussions 42.3K Solutions
More Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Correct answers are available for this post.
G3100 Firewall Warning Message - Suspect IP Addresses
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Troubleshooting a problem with wi-fi dropping on one device I checked the Firewall messages on my G3100. I saw Warning messages with suspect IP addresses the piqued my curiosity.
I am seeing a Warning message hundreds of times from two IP addresses. The sample below has a SRC IP address that is German. I'm concerned because as far as I know there is no reason for a device on my network be to routinely getting messages from a German IP address. I am also seeing the same error message code with a French IP address in the message.
The warning message says the packet is illegal. I'm not concerned about that. My concern is about the SRC. Do I have malware on some device? If so, how do I track down the device and the software that is the destination of the messages? Can I create a firewall rule to block these IPs?
The first MAC address in the long string after MAC looks like the MAC of my G3100. I don't understand why there are so many hex digits following that. Are these MAC addresses of what device?
|
Time |
Event-Type |
Log Level |
Details |
|
2020 Dec 27 11:48:01 |
kernel |
warning |
[FW] IPTABLES [Pkt_Illegal] IN=eth4.untag0 OUT= MAC=b8:f8:53:60:5c:f0:f4:b5:2f:05:a8:c7:08:00:45:00:00:28:00:00:40:00:36:06:07:b7:5f:d8:20:94 src=95.216.32.148 DST={edited for privacy} LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=80 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0 MARK=0x8000000 |
Correct answers are available for this post.
Re: G3100 Firewall Warning Message - Suspect IP Addresses
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you say "WiFi dropping," do you mean the WiFi icon disappears on your mobile device? OR, the WiFi icon stays while the Internet connection goes out? If it is the former, that is indicative of a data-link connection problem. It may due to the access point built-into the G3100.
Illegal packets mean that the IP packet is malformed. The router drops the packet because it is useless. It does not rule out the possibility that an attacker deliberately manipulates IP packet to perform an attack. By default, the Firewall on your G3100 should be in the Medium Level, blocking all incoming traffic unless excepted in the Port Forward, Port Triggering, Remote Administration, DMZ, or TR-069. It should be robust enough to shield unwanted visitors.
The MAC address is weird. The first 6 octets shows the G3100 is made by Arcadyan. It makes sense because G3100 is made by Arcadyan. The second 6 octets shows the upstream device of your router is made by Juniper Networks. This makes sense too because Verizon's layer 3 network, immediately after the OLT, is using Juniper Networks routers. Then, what proceeds after that is probably unexplainable. Layer 2 addresses (MAC address) should not travel beyond a single network segment unless using some sort of layer 2 tunneling.
G3100 can log all outbound connections. You can check "Accepted Outgoing Connections" in the Firewall logging settings. G3100, however, cannot log all inbound connections for some reason. It can only log illegal packets.
Lastly, do not share your public IP address. That is dangerous and essentially telling the hackers that: hey, this is my IP address. You can change your public IP address by going to Broadband connection > Settings > Release > wait for 60 seconds. The Juniper Router in the central office should assign you a new IP.
Follow Verizon
Follow Verizon Fios