cancel
Showing results for 
Search instead for 
Did you mean: 

Event logs

Wimpywoo
Grafter
Posts: 71
Registered: ‎01-05-2015

Event logs

Hello all, I am having terrible problems with the Thompson router and in the event logs I am getting all of these errors for example login wireless station attempt and destination unreachable code administration prohibited, and many more errors and port scans in the intrusion detection and null port etc ? Any help would be very appreciated , thank you.
9 REPLIES 9
Jaggies
Aspiring Pro
Posts: 1,700
Thanks: 34
Fixes: 2
Registered: ‎29-06-2010

Re: Event logs

The red firewall entries are simply showing that the firewall is acting as it should - it's logging failed attempts to access your system. The most common cause of that type of entry is (if you are not on a static IP) the IP address you currently have assigned to you was previously being used to upload files via Bit Torrent, and as a result other user's BT clients are trying to re-establish contact with a known uploader. They should eventually drop off if they can find nothing being uploaded from your IP address.
If you have a static IP address but don't use torrents, then all bets are off...
(ETA) Have a look at http://forum.kitz.co.uk/index.php?topic=5073.0 regarding the yellow entries.
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Event logs

Regarding the red entries I get them all the time and it is nothing to worry about
I am on a fixed IP address and don't use torrents
If you are interested you can check the IP address they are coming from
Jaggies
Aspiring Pro
Posts: 1,700
Thanks: 34
Fixes: 2
Registered: ‎29-06-2010

Re: Event logs

Yes, sorry, I should have made it clearer - torrents are just one possible source of this type of log entry.
FWIW, the router is reporting a successful block, so there is nothing to be concerned about.
Wimpywoo
Grafter
Posts: 71
Registered: ‎01-05-2015

Re: Event logs

Thank you for all your replies. We have been having this problem for nine years, would it be better to put all devices to static for a bit to see which devices has a problem? Because none of us use torrent sites and I definitely do not but I know my daughters iPhone was synced with a computer when she first purchased her phone with an ex boyfriend who did download and I am not sure she has changed her phones email that she used to create an account with ... On this computer ? I'm probably wrong but that's the only thing I can think of.
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Event logs

I think you may have slightly misunderstood what was being meant when static IP addresses were mentioned. This was related to the WAN side of your connection, the IP address that you connect to the Internet with, not your internal LAN IP addresses.
I'd guess you do not have a Static IP address (WAN side) - you'd have to request this from Plusnet and it's £5 to set up. You might want one if you were running a server on your computer for example. Most regular users don't have a need for one.
These connection/intrusion attempts can be other computers running torrents trying to connect with another user that may have previously be using the IP address that you are now on,. they might be a user with a Game who's attempting connection with a user with the same Game,
Whether these "connection" attempts are innocent or potentially malicious, there's nothing really to worry about as the others have said, your Firewall is doing it's job, and the attempts aren't that frequent. If you were repeatedly getting several per minute over a sustained period, that might be a different matter.
So there's no need for static IP addresses WAN side or LAN side unless the latter happens to suit the way you use your own network.
As far as the login wireless station attempts go, without some further detail, it's difficult to comment. Do you have any wireless devices of your own? Is it your daughter's iPhone? I'm not sure your daughter's email address would have any particular bearing on this, can you explain why you think it might?
Is your wireless security set as WPA2?
If it's not one of your own devices, a wireless printer maybe? then again if it's infrequent it probably can be ignored.
If you have any further detail let us know.

Wimpywoo
Grafter
Posts: 71
Registered: ‎01-05-2015

Re: Event logs

Thank you for your reply, firstly is it wpa2 or wpa2 psk please? Then how does that match the encryption key of wpa ? I'm a little confused on that one. Secondly my daughters email was compromised on her fb that was her iPhones email address which is set as the default email and is also connected to her fb that comes installed with a iPhone she was unable to get her device (her new iPhone ) and she uses the same email she used with the old iPhone that she opened up with her ex boyfriends computer and then she can not get her Facebook authorised on this device because of her email problem, I know this seems confusing , but this old email she has been having trouble with is still on her phone , her old phone opened up ports Trojan ports on our sky router (previous isp) . When I go onto a site called whatismyipaddress it shows I have no services and I have a static IP address , yet like you have written plusnet does not supply static unless you pay for it, yet I don't want a static ip I can get one by selecting this inside the router on the devices, anyway we do not have a printer attached to the router and bt  fon did come up on one of our devices , our channel when put to automatic doesn't move from channel one and that's the same channel has bt fon , if we try to install a antivirus it doesn't install properly and gets disabled. You also need a computer to connect through with dial up and that also showed up when I went onto whatsmyipaddress and we do not have a computer just mobile phones. We also have a massive school behind us and our old isp provider told us that the school could be knocking out our internet because the one side of the street are having the same problems.
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Event logs

I'm not sure I would trust that information about your IP address as it's changed in most of those screen shots and in any event you should not post it in a publicly visible forum, the best way to attract unwanted probes to your connection.
Do the following as soon as possible - log into your 582n and in the Internet box click "Disconnect" this will drop the PPP session. Wait 30 seconds and then click "Connect". As soon as the session is established, check your IP address, it should now be different. Use What's My IP check before and after to see if it changes (but don't post the address). if you ever need to post information containing your current IP address, obliterate the last 2 octets ie. post as 87.112.xxx.xxx
I'll just post this for you so that you may see it soonest, and will respond to the rest in a moment.
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Event logs

First WPA2 - PSK. The PSK bit just means pre-shared key. It's the WPA2 which means better encryption than plain WPA. Not all devices are capable of WPA2 connections but if that is set in the 582n and you are connecting OK, then there shouldn't be an issue form that point of view.
You cannot set static public (WAN side) IP addresses from your modem/router. Those settings are purely for your LAN side (your network) internal IP addresses. Best not to publish them either - obliterate the last octet ie 192.168.1.xxx
The fact there is a school close by may give you problems with congested wireless channels as they'll probably have a WiFi network, it may also mean that some mischievous individuals may try connecting to your network, but as long as you aren't using passwords that are names, dictionary words or the like - anything that can be guessed - then you should be ok, and of course not given them to anyone outside your immediate family. Your previous ISP sounds as though they were slightly passing the buck as far as giving help on the use of your WiFi.
It's all sounding to me as though your daughter or both of you may each have a virus on your phone. I would be very careful about what personal information you have on your phones at this time and not do anything that requires high security (eg. banking) until you have them checked out.
You need some expert assistance to deal with this problem (sorry iPhones are not my speciality).
But there is another check you could do which might have a bearing on the apparent changing IP address from your screen grabs, and that is your phone line.You may have an intermittent connection causing the broadband to drop. Use a corded phone - Can you hear/have you heard any crackling or other noises on the line when using the phone? Have you had any problems with incoming or outgoing calls? Dial 17070 use option 2 the Quiet Line Test if need be.
As far as your iPhones go, you will need to clean the phone(s) of any virus and delete that old email address. Do not post email addresses or IP addresses in publicly visible places. Don't give email addresses to people you don't know well or trust unless it's one you can dump if you start getting problems. Never use you main email address for things like Facebook or anywhere else that it may get into the public arena, that can include giving it to certain retail or other companies. Use other email addresses you can dump when needed.
As I've said you are going to need some expert help, if any information you have on your phones, ie contact numbers, addresses etc can be easily be replaced, that will probably make life easier. If the phone is the only place that information is saved, make a separate note of it now.
I'll see if we can dig up an expert or two that can come and advise the best way to deal with the iPhone(s), but you may have to go to a local expert, preferably one that you can trust and/or comes recommended by someone very trustworthy (not some wizz-kid boyfriend!)
Wimpywoo
Grafter
Posts: 71
Registered: ‎01-05-2015

Re: Event logs

Thank you so much for this information, I am very grateful indeed .  P.s you mentioned not to give any information out, on a iPhone everything in your contacts all your Facebook friends Id is on your phone (I don't have fb but I know this) and on a android everything including your passwords is backed up somewhere and when you download apps they have access to everything? So it's impossible to keep things out of public reach , oh and if your phone isn't encrypted then there's no privacy.