Router log
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Router log
Router log
26-11-2012 9:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I'm not sure if some one is trying to gain entry through the router if i didn't know better
Router is Technicolor 582n
Recorded Events
Time Message
Nov 26 20:31:44 FIREWALL replay check (1 of 7): Protocol: ICMP Src ip: 85.113.225.180 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:30:16 FIREWALL replay check (1 of 5): Protocol: ICMP Src ip: 83.53.34.147 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:29:47 LOGIN User admin logged in on [HTTP] (from 192.168.XXX.XXX)
Nov 26 20:29:06 FIREWALL replay check (1 of 1): Protocol: ICMP Src ip: 83.53.34.147 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:28:01 FIREWALL replay check (1 of 1): Protocol: ICMP Src ip: 77.122.137.65 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Host Unreacheable
Nov 26 20:26:58 FIREWALL replay check (1 of 3): Protocol: ICMP Src ip: 77.122.137.65 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Host Unreacheable
Nov 26 20:24:55 FIREWALL replay check (1 of 8): Protocol: ICMP Src ip: 94.89.15.81 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:22:58 FIREWALL replay check (1 of 4): Protocol: ICMP Src ip: 77.122.137.65 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Host Unreacheable
Nov 26 20:21:54 FIREWALL icmp check (1 of 3): Protocol: ICMP Src ip: 71.61.149.41 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Host Unreacheable
Nov 26 20:21:08 FIREWALL replay check (1 of 4): Protocol: ICMP Src ip: 88.22.32.157 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:20:47 FIREWALL icmp check (1 of 2): Protocol: ICMP Src ip: 88.252.186.211 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:19:41 FIREWALL icmp check (1 of 3): Protocol: ICMP Src ip: 151.45.117.83 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:19:05 FIREWALL replay check (1 of 7): Protocol: ICMP Src ip: 81.37.113.81 Dst ip: 46.XXX.XXX Type: Destination Unreachable Code: Port
Unreacheable
Nov 26 20:18:33 FIREWALL icmp check (1 of 3): Protocol: ICMP Src ip: 190.147.41.78 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Host Unreacheable
Nov 26 20:16:42 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 193.17.253.3 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:16:25 FIREWALL icmp check (1 of 2): Protocol: ICMP Src ip: 95.102.19.17 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:15:23 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 81.36.26.166 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:14:26 SNTP Synchronised to server: 212.159.13.49
Nov 26 20:14:19 FIREWALL replay check (1 of 11): Protocol: ICMP Src ip: 80.245.117.58 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 26 20:13:09 FIREWALL replay check (1 of 13): Protocol: ICMP Src ip: 83.53.34.147 Dst ip: 46.208.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Re: Router log
27-11-2012 2:22 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
A small number of these probes is normal and nothing to worry about. The larger number you are seeing is unusual though your router is protecting you. Assuming your IP address is dynamic I suggest logging into the router's web interface and disconnecting from Plusnet; wait a few seconds then reconnect. That should give you a new IP address which should stop the probes.
Re: Router log
27-11-2012 9:14 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I suspected as much and did a soft disconnect of the router this morning as it looked as though it had still been happening all night, i will check it again when i get home this evening.
Not sure what you could do in the event of having a static IP though apart from hoping they don't manage to get through.
Steve
Re: Router log
27-11-2012 11:13 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If you are concerned you can stop pings from the internet, that will cut down on them but not stop them because of the bots. Click Toolbox and then Firewall, it is a pick a task at the bottom, Allow PING on your WAN interface disable it if on. Note if you use thinkbroadband.com's ping tool that will stop working with that turned off.
Re: Router log
27-11-2012 1:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I will have a look later on tonight when i get home and check if there have been any more occurances in the logs.
All help is very much appreciated.
Steve
Re: Router log
27-11-2012 7:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Gus If you are concerned you can stop pings from the internet, that will cut down on them but not stop them because of the bots. Click Toolbox and then Firewall, it is a pick a task at the bottom, Allow PING on your WAN interface disable it if on. Note if you use thinkbroadband.com's ping tool that will stop working with that turned off.
It is turned off by default on Fibre router version of Technicolor 582n but have seen less attacks this afternoon
Re: Router log
28-11-2012 8:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is the "SNTP Synchronised to server" something to do with timing on PN's servers
I guess the "FIREWALL icmp check" is intruders trying it on, not so sure about the "IDS fragment parser : fragment out-of-order" bits
Nov 28 19:27:30 FIREWALL icmp check (1 of 6): Protocol: ICMP Src ip: 88.78.174.70 Dst ip: 146.90.XXX.XXX Type: Time Exceeded Code: Fragment Reassembly Time Exceeded
Nov 28 19:26:36 IDS fragment parser : fragment out-of-order (1 of 4) : 83.41.157.155 146.90.XXX.XXX 1492 UDP 6881->6881 frag 13683:1472@0+
Nov 28 19:25:32 IDS fragment parser : fragment out-of-order (1 of 17) : 70.27.237.109 146.90.XXX.XXX 1492 UDP 6881->6881 frag 3555:1472@0+
Nov 28 19:24:27 IDS fragment parser : fragment out-of-order (1 of 45) : 194.112.179.106 146.90.XXX.XXX 1492 UDP 19835->6881 frag 23437:1472@0+
Nov 28 19:23:55 FIREWALL icmp check (1 of 2): Protocol: ICMP Src ip: 94.223.154.11 Dst ip: 146.90.XXX.XXX Type: Time Exceeded Code: Fragment Reassembly Time Exceeded
Nov 28 19:23:26 IDS fragment parser : fragment out-of-order (1 of 5) : 93.133.131.87 146.90.XXX.XXX 1004 UDP 6881->6881 frag 4782:984@0+
Nov 28 19:23:24 FIREWALL replay check (1 of 22): Protocol: ICMP Src ip: 212.101.58.235 Dst ip: 146.90.XXX.XXX Type: Destination Unreachable Code: Communication Administratively Prohibited
Nov 28 19:22:36 FIREWALL icmp check (1 of 2): Protocol: ICMP Src ip: 94.134.164.138 Dst ip: 146.90.XXX.XXX Type: Destination Unreachable Code: Host Unreacheable
Nov 28 19:22:16 IDS fragment parser : fragment out-of-order (1 of 13) : 80.143.121.167 146.90.XXX.XXX 1492 UDP 6881->6881 frag 30680:1472@0+
Nov 28 19:22:03 FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 176.109.164.188 Dst ip: 146.90.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 28 19:14:05 SNTP Synchronised again to server: 212.159.13.49
Nov 28 18:14:05 SNTP Synchronised again to server: 212.159.13.49
Nov 28 17:14:05 SNTP Synchronised to server: 212.159.13.49
Nov 28 16:14:05 SNTP Synchronised to server: 212.159.13.50
Nov 28 15:14:05 SNTP Synchronised to server: 212.159.6.9
Nov 28 14:14:05 SNTP Synchronised again to server: 212.159.13.49
Nov 28 13:14:05 SNTP Synchronised to server: 212.159.13.49
Nov 28 12:14:05 SNTP Synchronised to server: 212.159.6.10
Nov 28 11:14:05 SNTP Synchronised to server: 212.159.13.50
Nov 28 10:14:05 SNTP Synchronised to server: 212.159.6.9
Nov 28 09:14:05 SNTP Synchronised to server: 212.159.13.50
Nov 28 08:14:05 SNTP Synchronised to server: 212.159.6.10
Nov 28 07:14:05 SNTP Synchronised to server: 212.159.6.9
Nov 28 06:14:05 SNTP Synchronised to server: 212.159.13.50
Nov 28 05:14:05 SNTP Synchronised to server: 212.159.6.10
Nov 28 04:14:05 SNTP Synchronised to server: 212.159.13.49
Nov 28 03:14:05 SNTP Synchronised to server: 212.159.6.9
Nov 28 02:14:05 SNTP Synchronised again to server: 212.159.13.49
Nov 28 01:50:43 FIREWALL replay check (1 of 31): Protocol: ICMP Src ip: 146.66.152.15 Dst ip: 146.90.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 28 01:49:18 FIREWALL replay check (1 of 9): Protocol: ICMP Src ip: 81.171.115.35 Dst ip: 146.90.XXX.XXX Type: Destination Unreachable Code: Port Unreacheable
Nov 28 01:14:05 SNTP Synchronised again to server: 212.159.13.49
Re: Router log
28-11-2012 8:34 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote Is the "SNTP Synchronised to server" something to do with timing on PN's servers
Is just the router updating its date/time from plusnet servers, you can change how often with using a telnet command.
http://community.plus.net/forum/index.php/topic,105421.msg899028.html#msg899028
I set mine to every 24 hours which is more than enough and saves on log spam, as the web interface log doesn't hold that much
Re: Router log
28-11-2012 8:53 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- the router not coping well with the large number of connections
- other peers still trying to connect after the bittorrent program has been closed
- congestion or traffic management causing the packets to arrive late
I doubt the firewall icmp check is "intruders trying it on", that would be more like:
[tt]Tue, 2012-11-20 12:04:11 - TCP Packet - Source:88.226.15.190,2949 Destination:87.113.X.X,23 - [DOS]
Tue, 2012-11-20 12:04:12 - TCP Packet - Source:83.66.75.111,4045 Destination:87.113.X.X,23 - [DOS]
Tue, 2012-11-20 12:04:12 - TCP Packet - Source:94.121.254.9,3885 Destination:87.113.X.X,23 - [DOS]
Tue, 2012-11-20 12:04:12 - TCP Packet - Source:78.163.127.101,3086 Destination:87.113.X.X,23 - [DOS][/tt]
(Not the same router, but they're attempts to connect to port 23, telnet).
Re: Router log
28-11-2012 9:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Cheers
Steve
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page