We are all under constant attack.
You would be amazed at the amount of malicious network traffic on the internet.
At least one security guru has coined the term “internet background noise” for all this traffic.
What is it?
It’s the reason you must have a firewall.
Become a Patron of Ask Leo! and go ad-free!
We are all under attack
Every internet-connected device is under a slow, persistent attack by malware on other (typically infected) machines. Your router is your best first line of defense, as it prevents outside connections from reaching your equipment. Keeping your computer as up-to-date as possible so as to patch the vulnerabilities those other machines are looking for is also key.
A constant attack
Those random addresses trying to connect to random ports on your router are likely attempted hacks into your computer or computer network.
Don’t take it personally. They’re not trying to get to you; they’re trying to get to anyone: anyone whose computer is not protected, not up to date, or has some kind of unpatched vulnerability.
Here’s what’s going on.
Malware on a network
Computers can be really dumb, but they make up for it by being really fast and/or really persistent.
Malware authors take advantage of that by writing malicious software that checks every possible IP address for a computer with known, unpatched vulnerabilities. If a vulnerability is found, the malware then infects that computer and moves on to the next.
Now, “every possible IP address” is a lot of IP addresses. It’s measured in the billions. And yes, checking each one is kind of a stupid way to go about it. But here’s where persistence pays off:
- One computer starts scanning and eventually finds another that’s vulnerable, and infects it.
- Now two computers are scanning, and each eventually finds another they can infect, and does so.
- Now four computer are scanning . . .
- Then eight . . .
- Then 16 . . .
And so on. Now, it’s rarely that simple a progression, but it is a progression nonetheless. By being methodical, this malware copies itself to as many computers as it can find.
Since they’re scanning all possible IP addresses, eventually yours will be scanned.
Protection is easy
Your router is doing its job. It’s blocking all those incoming connections.
Even a cheap consumer-grade router protects you from all this noise. By only allowing outbound connections — connections your equipment makes to sites and services on the internet — it effectively blocks any attempts for malware “out there” to reach your machines.
It’s why I so strongly recommend using a router, even if you have only one device.
Naked on the internet
Any machine sitting “naked” on the internet — connected directly without a router — is subject to these constant attempts to exploit known vulnerabilities.
If that is your machine, and it has an unpatched vulnerability the malware is searching for, it’ll be infected and your computer will join the crowd.
On the other hand, as long as you’re as up-to-date as possible, you dramatically reduce the chances of being vulnerable.
Of course, our questioner is behind a router, and so is protected.
Your router log is showing these attempts. Your router is acting as a firewall and preventing them from reaching a “real machine”.
Not all routers have logs to examine, so you’re in kind of a unique position to watch all this background noise if you so choose. (To check if your router has logging ability, and how to turn it on, check the documentation for your device.)
Most people never even know that this activity exists and that it’s constantly happening.
Where? And why?
So where are all these vulnerability probes coming from? Infected machines. In fact, the owners of those machines probably have no idea that their machine is participating in this activity.
So why don’t those folks just clean, patch, and protect their machines?
They should. But the sad fact is that there are a large number of folks who still do not adequately protect themselves. Much of this “internet background noise” is due to computers infected with viruses that are several years old, and for which patches have also been available for years.
In addition, there are many old machines running old software for which patches might not be available, or machines that are effectively unattended, just running and doing whatever it is they do without paying attention.
All these machines put the rest of us at risk.
So, yes, as I and others have been preaching almost daily, it’s critical to keep your machine up to date and get behind a firewall so as to avoid becoming one of those machines trying to infect everyone else…
… and to protect yourself from everyone who doesn’t.