Router log
thank you ejs yeah first thing i did comp is clean , all password changed had no more since last night. still have port 22 open no idea why, customer support cant help either just said do factory reset which i had already done made no difference 
Edit port issue now been solved
Edit port issue now been solved
Thanks for the suggestions.
Shiels Up result again:
Hopefully that means I should be okay and the router is doing its bit. I notice the attacking ip has changed now to 103.41.124.44, so from China to Hong Kong!! Unfortunately, the log only shows the last 50 entries with no option to download it
Thanks
Mark
- Nothing on the Technicolor website. No support, no nothing if an end user
- UPNP switched off, a bit off really as it has always been on with my other routers and not had an effect
- Remote access is not enabled
- Not sure how to set up a firewall rule to drop traffic, will have to have a little Google
- The only port forwarding is to my webcam, all others turned off that I can see
Shiels Up result again:
Quote THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
Hopefully that means I should be okay and the router is doing its bit. I notice the attacking ip has changed now to 103.41.124.44, so from China to Hong Kong!! Unfortunately, the log only shows the last 50 entries with no option to download it
Thanks
Mark
Quote from: Marksfish port 22 is open. Not really sure what SSH is
SSH is used by system administrators to remotely login to a device, and take control using command line instructions.
Quote from: Marksfish Shields Up result again:
Quote THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
That is the result from the big yellow button marked "GRC's Instant UPnP Exposure Test", which shows that ports cannot be opened on demand from an external attacker. The problem you have is that the Chinese hackers have already found an open SSH port on your router.
Instead of doing the "UPnP Exposure Test", immediately below that button there is a grey button called "All Service Ports", click on that.
The result should look like mine -
While your SSH port is still visible, then the brute force attack will continue until either the hackers succeed or you hide the port.
Quote from: Marksfish Hopefully that means I should be okay and the router is doing its bit.
While the SSH port is visible to the internet, the hackers know that there is a way into your system.
At the moment your router is receiving remote login attempts, and it is reporting back to them that the "password" failed, so the hackers will sit there with an automated passcode generator stepping though likely combinations until they hit on a valid combination and take control of your router.
So no your router is not "doing its bit" as it is responding to SSH requests, and you are currently only protected as the hackers have not yet guessed the SSH password.
I have run that and the ports 22 & 81 are open. 81 is my webcam and I opened that.
I then turned on the PN firewall and turned off uPNP. Ports 22 & 81 still show open, but there are a huge amount of blue squares now saying port closed. I think I am fighting a losing battle here with my lack of tech experience
I don't want to restart the router again in case DLM comes into play.
Mark
I then turned on the PN firewall and turned off uPNP. Ports 22 & 81 still show open, but there are a huge amount of blue squares now saying port closed. I think I am fighting a losing battle here with my lack of tech experience
I don't want to restart the router again in case DLM comes into play.
Mark