# "ip spoofing" in router logs



## RhettM (Mar 10, 2012)

Just installed a linksys router and find this in the logs:


```
08/01/2003 00:10:51   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:10:50   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:10:48   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:10:46   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:10:44   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:10:22   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:10:22   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:10:20   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:10:18   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:10:16   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:09:54   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:09:54   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:09:52   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:09:50   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:09:48   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:09:26   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:09:25   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:09:24   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:09:22   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:09:20   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:58   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:08:58   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:56   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:54   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:52   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:30   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:08:30   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:28   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:26   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:24   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:02   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:08:01   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:08:00   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:58   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:56   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:34   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:33   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:07:32   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:30   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:28   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:06   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:05   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:07:04   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:02   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:07:00   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:06:38   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:06:36   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:06:35   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:06:34   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:06:32   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:06:10   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:06:08   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:06:07   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:06:06   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:06:04   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:05:42   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:05:40   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:05:38   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:05:38   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:05:36   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:05:14   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:05:12   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:05:10   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:05:10   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:05:08   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:04:46   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:04:44   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:04:42   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:04:41   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:04:40   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:04:18   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:04:16   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:04:14   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:04:13   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:04:12   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:03:50   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:03:48   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:03:47   **IP Spoofing** 192.168.1.1, 137->> 192.168.1.21, 137 (from WAN Inbound)
08/01/2003 00:03:46   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
08/01/2003 00:03:44   **IP Spoofing** 192.168.1.1, 67->> 255.255.255.255, 68 (from WAN Inbound)
```
Also see lots of inbound NetBios requests to my computer. Are these logs/netbios requests normal?

I have a wireless modem provided by the isp, with the linksys wireless router in between my computer and the modem. 192.168.1.1 is the address of the isp modem. 

Any help would be appreciated.

Thanks


----------



## Wand3r3r (Sep 17, 2010)

Might want to start by configuring the time correctly on the router. Seems strange its stuck back in 2003.

What is your ip address on your lan side?


----------



## TheCyberMan (Jun 25, 2011)

Netbios can be a security risk even if you have a need for it, i would remove port 137.

Agree with above date needs to be synchronised properly.


----------

