Unsolicited WAN network requests - security issue?

Using banIP on OpenWRT 24.10.1 on a Flint2 router with modem in bridge mode, I see many incoming requests that the firewall rejects. Here is a sampling:

Fri Jun 13 14:53:21 2025 kern.warn kernel: [53643.399926] banIP/pre-ct/drop: IN=eth1 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=83.222.190.82 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=41241 PROTO=TCP SPT=40674 DPT=24000 WINDOW=1200 RES=0x00 RST URGP=0
Fri Jun 13 14:53:35 2025 kern.warn kernel: [53658.074156] banIP/pre-ct/drop: IN=eth1 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=106.75.139.161 DST=xxx.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=25209 PROTO=TCP SPT=58914 DPT=3689 WINDOW=1200 RES=0x00 RST URGP=0
Fri Jun 13 14:54:33 2025 kern.warn kernel: [53715.703253] banIP/pre-ct/drop: IN=eth1 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=45.144.212.221 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=56231 PROTO=TCP SPT=56383 DPT=2222 WINDOW=1200 RES=0x00 RST URGP=0

These occur every few seconds from many different IPs from all over the world. I believe it is the cinscore firewall chain in banIP that is catching these.

Any idea on what these are and how I could better configure my firewall to protect against them? I'm not sure if these are just zombie attacks or if they are a threat.

The internet is simply a dangerous place. These are entirely to be expected... much like petty crime such as pick-pocketing and the like in major cities across the world.

As long s your wan is set to reject unsolicited inbound connections (this is the default state), you are fine. That is the equivalent to you securing your personal possessions against pickpockets when you're in public.

2 Likes

Thanks, Peter.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.