Router reports "Security Alert"
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Router reports "Security Alert"
Router reports "Security Alert"
23-04-2012 10:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Not the first alert I've received from the router (it's set up to email the alerts and I probably get one every fortnight or so) but this one is different in that the router immediately started continous high speed downloading activity at the same time the message was received.
After about 5 minutes of this continuous download activty (and a quick panic!) I started a new PPP session via the router interface to obtain a new IP address (previously 31.XXX now 84.93.XXX) and am currently doing a full security scan, which has found nothing untoward (so far).
The unrequested download activity has now ceased - has this happened to anyone else or can anyone please shed any light on what is a unique event as far as I am concerned?
Re: Router reports "Security Alert"
24-04-2012 9:27 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
also, if you don't do gaming, P2P etc. might be worth having a look at https://portal.plus.net/my.html?action=firewall (login required) and make sure it's set to low, or at least not Off, or any specific settings are as you want.
I assume the firewall is available on all accounts, I don't know, never asked, there's a help page at http://www.plus.net/support/security/firewalls/broadbandfirewall.shtml .
Re: Router reports "Security Alert"
24-04-2012 10:21 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Also this one from China 221.192.199.49
Had a few since the 9th April and the 21st April.....................now the Netgear should block any irregular activity but as a safeguard I will check my Usage for any suspiscious actvitiy. And not sure what my PlusNet Firewall is set to but for the record I use Windows defender, ESET Security and the Router is locked down as far as new wireless devices wanting to connect is concerned.
Right PlusNet Firewall on Low and my Usage looks kind of normal as I never reach my max allowance ~ my figures are normally made up of Web and Streaming and Mail, though a small amonut of "other" is shown and no Gaming, P2P or UseNet.
Re: Router reports "Security Alert"
24-04-2012 10:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Router reports "Security Alert"
24-04-2012 12:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As far as I am aware all router, PC and account security settings are in place and optimised.
Full MSE and Malwarebytes scans found nothing amiss - Turkey seems to have its share of cyber-baddies but I don't suppose it's worse than many other locations.
What is now baffling me is that my daily usage breakdown for yesterday (23rd April) shows 329MB overnight usage and 748MB daytime usage - although the mystery download activity (which could have been upload - can't tell) at around 2240 yesterday could account for some of it, I downloaded 1 1/2 hours of iPlayer content to the desktop player and am certain this completed before 0800 yesterday morning.
In that respect yesterday's breakdown figures don't make sense - is it possible for one of the DCT to look more closely at these figures please? (I'm not bashful but a PM or email would be fine if protocol or data protection laws don't allow it to be posted on here.)
Edit: I should add that other than the occasional "free" iPlayer download I only use the net for surfing, and my usual daily usage is around 100MB - yesterday should have been no different!
Re: Router reports "Security Alert"
24-04-2012 1:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hour Upload (MB) Downloaded (MB)
0 0.0235 0.0039
1 0.0243 0.0044
2 0.0248 0.0040
3 0.0249 0.0040
4 0.0249 0.0039
5 0.0248 0.0040
6 0.0249 0.0040
7 5.0135 323.8261
8 1.6583 8.8681
9 1.4029 9.0266
10 1.0383 5.1886
11 0.8697 3.7952
12 1.0510 4.5599
13 2.2370 22.5399
14 0.8599 3.0858
15 2.2204 11.0891
16 1.1999 8.9502
17 0.5944 3.3161
18 1.4786 9.8885
19 0.9505 4.3617
20 0.3166 1.0219
21 0.0765 0.0908
22 11.3145 620.7017
23 0.7249 3.8812
iPlayer download definitely before 8am. Not sure what cause that usage between 10-11pm
Jojo
Re: Router reports "Security Alert"
24-04-2012 2:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The 323MB between 0700 and 0800 corresponds to "Have I got news for you" download size, and the 620MB between 2200 and 2300 more or less corresponds to "The Bridge", the problem being that I downloaded the latter before the former, and also checked the progress via Routerstats, and then that it was showing in the desktop iPlayer programme list before closing it down, and I certainly didn't request it again later.
I'll be watching that green router light like a hawk from now on (and probably checking my medication!)
Re: Router reports "Security Alert"
24-04-2012 11:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Anotherone That sounds ok Routefinder, and ESET has a good reputation. I'd don't know if you've come across a program called Malwarebytes Anti-Malware. I try and run that (the free version) once a week. Can take a while to run if you have a large drive, but it's a good program for hunting out the spyware and tracking stuff.
Yup, I use Malware Bytes & SuperAntiSpyware................updating and scanning about once a month. Maybe should do those more often but for the record it/they detect mostly tracking cookies and once in a blue moon a false positive Troajn they think is embedded in say a Java installer.
Re: Router reports "Security Alert"
25-01-2013 2:52 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is this normal? Does Plusnet route through any of these locations? Should I worry about them? Should I change my router password?
I have the router configured so that ONLY the MAC addresses of my home computers are allowed access.
Re: Router reports "Security Alert"
25-01-2013 7:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Error Jan 24 15:25:01 FIREWALL icmp check (1 of 2):
Protocol: ICMP Src ip: 142.4.38.49 Dst ip: xxx.xxx.xxx.xxx
Type: Destination Unreachable Code: Port Unreacheable
Warning Jan 24 14:34:31 IDS proto parser : tcp null port (1 of 1) : 119.10.114.192 xxx.xxx.xxx.xxx
0060 TCP 0->0 [SFARU.] seq 3355065698 ack 0 win 443
they are normal and nothing to do with Plusnet. The source IPs are probing your connection for vulnerabilities and the router firewall has blocked the attempts, as it should do. They could be from IPs in any country, not just Turkey; the two I've listed above are from USA and China. They are nothing to worry about.
Re: Router reports "Security Alert"
26-01-2013 6:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Dear User
Your router has detected and protected you against an attempt to gain access to your network. This may have been an attempted hacker intrusion, or perhaps just your Internet Service Provider doing routine network maintenance.
Most of these network probes are nothing to be worried about - these types of random probes should NOT be reported, but you may want to report repeated intrusions attempts. Save this email for comparison with future alert messages.
Your router Alert Information
Time: 01/25/2013, 14:55:55
Message: LAND
Source: 85.106.158.224, 3990
Destination:87.115.XXX.XXX, 80 (from ATM1 Inbound)
--and the emboldened IP address is usually different but sometimes the same.
The majority of them, 9/10 are from Turkey. I have traced them with an IP Lookup program.
http://ip-address-lookup-v4.com/ip/85.106.158.224
adie:green removed users IP address.
Re: Router reports "Security Alert"
26-01-2013 7:24 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Router reports "Security Alert"
26-01-2013 7:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The IP address you are currently on (which you shouldn't post in a public forum for your own protection) may have previously been used by someone who was using P2P or similar.
None of these things are as a result of any Plusnet routing or anything to do with Plusnet. They aren't uncommon (unfortunately). Last week I was getting repeated probes on port 23 and 14143 coming from Brazil and China, the latter port which I haven't discovered any particular significance of yet, these amongst a number of other ports that were being probed..
However, I wouldn't say it was nothing to be worried or concerned about (sorry spraxyt), but nothing to panic about, as your firewalls are doing their job. It is advisable that you make sure (& check) that you are as secure as you can be dependant on your usage and program requirements. Also run Anti-malware and Anti-virus programs to check your system is clean.
I mentioned about the Plusnet Firewall in my reply #1, make sure it is set on at least Low unless you need to allow access to any of those ports. Use a higher setting if appropriate to your needs.
There is also Plusnet's Safe Surf option. Set this to block those ports if you don't use any of those applications.
Both of those will block traffic on those ports from reaching your modem/router. If you make changes to the Firewall or Safe Surf options you will need to drop your PPP session and reconnect before they take effect (your IP address will change as a consequence as well, unless you are on a fixed IP).
Also visit http://www.grc.com/default.htm and make use of ShieldsUP!
There are also a number of other useful facilities on that site you may want to use.
HTH.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Router reports "Security Alert"