What is a kernel intrusion on my router?
I get a lot of "kernel intrusion" messages in my router's error log. Each one always shows the source IP, the destination IP (mine) and other details of the TCP connection.
My Internet link has been dropping a lot lately, and quite often the log shows several of these "intrusions" immediately beforehand. (Note that I don't have any P2P software installed.)
What are kernel intrusions, exactly? Are they a problem?
When I first read this I thought it didn't make sense because something cannot 'intrude' in a kernel. However Googling it I found similar posts (which also give the answer), but also list that the message was something like:
kernel: Intrusion detected from ...
which means something quite different.
The kernel (software) on your router is letting you know that somebody tried to connect ('intrude') to your WAN IP address.
This happens all the time, entire botnets are dedicated to trying to connect to random IP addresses at certain ports to try default user/password combinations to see if they can find weak security somewhere. However because the router denies this, there is no problem.
Summarizing: the 'intrusions' being detected are harmless, you should worry more about the ones that are not logged ;)
This is your router letting you know that it's doing its job.
It's not really an intrusion but rather an intrusion attempt.
This sort of thing happens all the time.
Don't worry, you're fine.
I also got a lot of these messages. I did some research and eventually disabled the IGMP setting in the WAN setup on my router. Apparently it is used to establish multicast group memberships and your router will listen and respond to such messages. That's my simple interpretation.
It's been turned off now for about 10 minutes and not a sign of an intrusion message; and as you can see, my internet access appears to be OK...