Router log

npr · ‎21-01-2013

Have you unassigned the FTP port forward rule as I suggested earlier?
You'll find it in the Game and Application sharing section of the routers GUI.
The only way ports become unstealthed is by opening them using port forward, that's with the exception of the FTP ports which are open by default.

Anonymous · ‎31-12-2014

Quote from: Marksfish
Nothing on the Technicolor website. No support, no nothing if an end user

Quote from: Marksfish
There is very little info out there about Thomson/ Technicolor routers, especially when it comes to stealthing ports, it doesn't look like something that can be done from the front end.

I can't possibly comment on that, as the Thomson/Technicolor fanboys will tell me -

Quote from: Townman
There is always a need to consider the balance between complexity (to expose rich functionality) and simplicity of use.

Quote from: Townman
fits its target market (non-technical user requiring basic plug & play set-up) well.

- which is fine IF IT WORKED !

I wonder if you could hide the SSH port, by setting up a port forward to a LAN IP address that doesn't exist ?. Choose a LAN IP address that is outside the routers DHCP pool, and isn't used by another device on your LAN with a static address. Theoretically any incoming SSH attempts should be forwarded to your LAN and disappear, and hopefully the router won't reply that the LAN address was unreachable.

Marksfish · ‎22-11-2014

FTP isn't enabled on the router. Remote assist is off. I tried to make a firewall rule, not sure if I got it right.
Will give the suggestion of the port forwarding a try to see what happens.
Thanks
Mark

Anonymous · ‎31-12-2014

That first screenshot says "Use UPnP : Yes"
You need to get UPnP disabled, as it could be a device on your LAN using UPnP to open the SSH port. There was a case a while back where someones Chinese mobile phone was opening router ports (via WiFi) so the phone could be contacted from a remote server !.

Marksfish · ‎22-11-2014

I tried it without upnp and it made no difference, so I have re- enabled it. The Windows media server on my desktop is also relying on it to be active. Would be better if I could find a way to manually close it. The OP said theirs shut of its own accord, not looking like it will happen with mine.
Maybe time to start a new thread, and refer back to this one, specifically relating to Technicolor routers to see if there is something else going on? It is obviously something in the router configuration as the PN supplied router never had these attacks reported in the logs (and upnp was enabled), it is only since adding this one yesterday.
Thanks for the help chaps.
Mark

ejs · ‎10-06-2010

I think the log entries, because they contain a username of "admin" or "root", must be attempts to login to the router itself, and not due to a device on your LAN configuring port forwarding to itself.
You could download putty and see if you can open an SSH connection to the router (192.168.1.254). I don't know if SSH access has even been added in newer Technicolor firmware.

Marksfish · ‎22-11-2014

I opened a new thread here to avoid keep blocking this one: http://community.plus.net/forum/index.php/topic,135375.msg1186088.html#new
I downloaded putty and got access to 22, but don't know the password as I haven't set one up, so not sure where to go from there.
Mark

Router log

Re: Router log

Re: Router log

Re: Router log

Re: Router log

Re: Router log

Re: Router log

Re: Router log