cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unusual incoming connections, suspected phone line tampering

happen
Newbie
Posts: 4
Registered: ‎12-11-2011

Unusual incoming connections, suspected phone line tampering

‎20-12-2013 10:16 PM

Last week I had to borrow a router due to some extreme wireless problems, but the log in this router shows a large number of incoming connection attempts coming from all over the world. The messages say these connections are blocked, but I cannot guarantee that they are all being blocked. I switched the PlusNet Broadband Firewall to high and still see these connection attempts being logged (on high port numbers). I looked up the IP addresses and saw they are coming from America, Germany, Switzerland, Brazil, Russia, Vietnam and numerous other countries. There can be a few minutes with no attempts and then there can be dozens within a minute or two.
I get these attempts from within minutes of connecting to the internet, even when I do not open any software and I have checked there is no process on my PC initiating this.
Something that worries me about this is that I have some rather troublesome neighbours and one of them is an expert in networks and, to some degree, telecommunications. A while back he said he wanted to open our local telephone cabinet (the green box in the street) for unknown reasons, but I ignored this and thought it would be beyond his comprehension to interfere with that. I know he gets Virgin fibre optic and assumed it comes from a different source anyway.
He recently bought some Bitcoin-related hardware so I read up about that. Given the way that my IP seems to be advertised and the way these connections seem to bypass the PlusNet firewall, I have to consider whether this might be related to this torrent-like behaviour.
Anyone know about these things?
Message 1 of 8
(1,331 Views)
0 Thanks
7 REPLIES 7
HPsauce
Pro
Posts: 7,001
Thanks: 146
Fixes: 2
Registered: ‎02-02-2008

Re: Unusual incoming connections, suspected phone line tampering

‎20-12-2013 10:18 PM

It's the internet. Simples.  Cool
Message 2 of 8
(861 Views)
0 Thanks
dragon2611
Grafter
Posts: 283
Registered: ‎20-10-2013

Re: Unusual incoming connections, suspected phone line tampering

‎20-12-2013 10:25 PM

It's likely to be either Bots or Malware infected machines scanning through Plusnet's IP range looking for targets to infect/attack.
They'll be looking for things to exploit like an unpatched server running on one of the IP or someone who's enabled SSH/VNC/RDP (Forms of remote access and used a weak password)
It's not a problem unique to plusnet pretty much any internet facing IP is likely to be probed at some point because there's just so many infected /zombie machines out there.
If you're not running any services that are Web accessible and you have installed all the relevant OS updates and have up-to date security software it's not really anything to worry about.
Message 3 of 8
(861 Views)
0 Thanks
happen
Newbie
Posts: 4
Registered: ‎12-11-2011

Re: Unusual incoming connections, suspected phone line tampering

‎20-12-2013 10:45 PM

I hope so! I set up the new router the same day he set up his new hardware and that is when these logs started appearing. My old router rarely mentioned any connection attempts, but I could not be sure whether it was just the new router being more verbose. Thanks for taking the time to reply.
Message 4 of 8
(861 Views)
0 Thanks
Anonymous
Not applicable

Re: Unusual incoming connections, suspected phone line tampering

‎20-12-2013 11:00 PM

It is probably that your new router does better logging than the previous one.
I had a similar experience recently as my latest router logs blocked connections by it's bogon filtering,
I was previously unaware of these connection attempts as most domestic routers only report known port attacks.
Undecided
Message 5 of 8
(861 Views)
0 Thanks
dragon2611
Grafter
Posts: 283
Registered: ‎20-10-2013

Re: Unusual incoming connections, suspected phone line tampering

‎21-12-2013 12:01 AM

Ick Bogon filtering....
Don't really see the point of it over properly implemented firewall rules, also the fun it causes when someone uses an outdated Bogon list
Message 6 of 8
(861 Views)
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Unusual incoming connections, suspected phone line tampering

‎21-12-2013 6:55 AM

Did you remember to disconnect and reconnect in the router's web interface after changing the Plusnet Broadband Firewall setting?
Message 7 of 8
(861 Views)
0 Thanks
highfield5
Grafter
Posts: 28
Registered: ‎27-10-2012

Re: Unusual incoming connections, suspected phone line tampering

‎21-12-2013 6:13 PM

Another possibility is that the previous owner of the IP address you have been given was a SKYPE user.  I don't use it myself but, as I understand it, you can register an IP address as some sort of "node" that other users can connect to.
When I signed up for a PlusNet static IP I was getting a lot of problems caused, as it turns out, by up to 500MB (IIRC) of incoming traffic every hour.  Looking at the PN traffic stats breakdown showed it as VOIP traffic, and a change of static IP solved the problem immediately
Ian
Message 8 of 8
(861 Views)
0 Thanks