I have a linksys router and when I viewed my incoming logs I noticed foreign IP addresses attempting to get in.
Has anyone else came across this? Also, how do you know for sure the firewall works? what code would come up if someone actually got into your computer? Where is there a list explaining the port numbers?

thanks

Source IP
Destination Port Number

68.162.11.182
6346

210.71.64.224
4899

211.207.174.67
4899

61.145.141.189
9898

61.145.141.189
5554

219.150.118.21
1028

219.150.118.21
1027

24.178.135.249
1026

219.150.118.21
1029

65.161.102.164
1027

222.232.27.130
4899

218.95.117.254
1027

218.95.117.254
1026

218.236.73.52
1027

218.236.73.52
1026

219.148.64.62
1026

212.95.93.121
1027

You aren't necessarily being targeted with that, there are just bots out there that hit other servers and networks and your router sees it and puts it in the log. Most of the time it is other computers infected with a virus like the Blaster worm or something along those lines. If they are on the log, that usually means that the router blocked access so you should be OK. For more information you could do a search for the port numbers to see what runs on those ports.

Just make sure you are not vulnerable. Go here:

https://grc.com/x/ne.dll?bh0bkyd2

The place place on the net to check out your own level of protection.

Port Number Usage
6346 Gnutella Peer-to-Peer

4899 Remote Admin... attempted exploit of remote admin security hole

9898 Dabber (and some other trojans) install a tftp at this port. Probably
someone probing for infected boxen.

5554 The Sasser worm creates an FTP server on this port. That, in turn, has a
security flaw that can be exploited. This is probably someone
trying to see if you're Sasser infected and then either connect to it or
exploit it.

1028 Could be anything. Typically used as an outbound data connection. Could be
ICQ, DCOM, or any number of other things. Probably harmless.

1027 See 1028

1026 See 1028

1029 See 1028

http://grc.com/PortDataHelp.htm

Even though I use a router too, I still use the extra protection of Norton Internet Security. Keep all your definitions up to the date and do a good system scan about once a week.

I get those alerts all the time and as stated above they are normally not something that concerns me. Once in awhile I will have trace one but it normally wont show much more than the general area of the origin.

With the use of a software firewall, it will prompt you when a rule needs to be applied. This happens often if you are installing new software programs. But, if you get a message saying that such and such is trying to access the internet then you had better be more cautious if you have done nothing and arent sure what is causing the outgoing.

I have a linksys router and when I viewed my incoming logs I noticed foreign IP addresses attempting to get in.Has anyone else came across this?
Yup. See that stuff all the time. Never worry about it. Just keep my boxen patched and our customer's boxen patched. Then again I don't run Windoze so I have less to worry about than many on here. =P
Also, how do you know for sure the firewall works?
By trying to crack my firewall. Didn't get through. I did the same things I would do to prove a customer's firewall and security. My little D-Link DI-604 passed all the tests. Of course with Winduhz all one has to do to break security is visit a cracked web site with Internet Exploder. Voila - cracker gets in your box/LAN. A firewall cannot prevent that nor can it prevent the Windoof e-mail viruses, worms and trojans that people download with their e-mail. Those require different measures many of which can only be reactive (clean it up) rather than proactive (prevent it in the first place) due to the flawed design of 'doze.
what code would come up if someone actually got into your computer?
The possibilities are unlimited.
Where is there a list explaining the port numbers? ...
On my system I look at the /etc/services file. If the port is not in that file I figure it is probably a 'doze worm or some not-well-known application that someone misconfigured to broadcast on the internet.

Here is a nice place to look up terminology and sometimes get a chuckle or two (the following URLs were edited because I used an outdated site for the URLs originally):
http://www.catb.org/~esr/jargon/html/index.html

A bit more specific info based on your wording:
http://www.catb.org/~esr/jargon/html/H/hacker.html
http://www.catb.org/~esr/jargon/html/C/cracker.html

Note that popular media has the term hacker confused with cracker thus confusing people such as yourself. This is quite irritating to true hackers.