Why are Plusnet VISP portal servers trying to connect to me? RESOLVED
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Why are Plusnet VISP portal servers trying to ...
Why are Plusnet VISP portal servers trying to connect to me? RESOLVED
08-01-2010 5:53 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Jan 8 17:28:10 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.5 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x80 TTL=56 ID=7885 DF PROTO=TCP SPT=14300 DPT=7055 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:28:11 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.5 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x80 TTL=56 ID=7886 DF PROTO=TCP SPT=14300 DPT=7055 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:28:12 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.5 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x80 TTL=56 ID=7887 DF PROTO=TCP SPT=14300 DPT=7055 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:28:15 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.5 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x80 TTL=56 ID=7888 DF PROTO=TCP SPT=14300 DPT=7055 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:28:21 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.5 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x80 TTL=56 ID=7889 DF PROTO=TCP SPT=14300 DPT=7055 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:28:32 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.5 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x80 TTL=56 ID=7890 DF PROTO=TCP SPT=14300 DPT=7055 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:28:41 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.11 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x40 TTL=56 ID=10767 DF PROTO=TCP SPT=14300 DPT=15082 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:28:45 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.11 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x40 TTL=56 ID=10768 DF PROTO=TCP SPT=14300 DPT=15082 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:28:53 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.11 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x40 TTL=56 ID=10769 DF PROTO=TCP SPT=14300 DPT=15082 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:28:54 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.5 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x80 TTL=56 ID=7891 DF PROTO=TCP SPT=14300 DPT=7055 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:29:08 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.11 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x40 TTL=56 ID=10770 DF PROTO=TCP SPT=14300 DPT=15082 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:29:36 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.11 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x40 TTL=56 ID=10771 DF PROTO=TCP SPT=14300 DPT=15082 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:29:39 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.5 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x80 TTL=56 ID=7892 DF PROTO=TCP SPT=14300 DPT=7055 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:30:36 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.11 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x40 TTL=56 ID=10772 DF PROTO=TCP SPT=14300 DPT=15082 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Jan 8 17:30:39 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.10.5 DST=my.ip.addr.ess LEN=64 TOS=0x00 PREC=0x80 TTL=56 ID=7893 DF PROTO=TCP SPT=14300 DPT=7055 WINDOW=49368 RES=0x00 ACK PSH URGP=0
Re: Why are Plusnet VISP portal servers trying to connect to me?
08-01-2010 10:39 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Have you done anything with your mail configuration recently?
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Why are Plusnet VISP portal servers trying to connect to me?
08-01-2010 11:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
PS I'm also seeing blocked requests from 212.159.14.12, 84.93.225.42 and others in those ranges.
Re: Why are Plusnet VISP portal servers trying to connect to me?
08-01-2010 11:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Why are Plusnet VISP portal servers trying to connect to me?
09-01-2010 12:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
https://www.plus.net/support/security/firewalls/firewallfaq.shtml
Re: Why are Plusnet VISP portal servers trying to connect to me?
09-01-2010 5:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: spraxyt The first of those is a Community site server, the second one of the Portal servers. Do you have firewall rules on the router that could be blocking even solicited requests on those ports? Does everything work correctly when you access Mail, Community and the Portal?
But what would either of these servers be doing making requests back to a client?
Re: Why are Plusnet VISP portal servers trying to connect to me?
09-01-2010 5:47 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Why are Plusnet VISP portal servers trying to connect to me?
09-01-2010 5:50 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: spraxyt The first of those is a Community site server, the second one of the Portal servers. Do you have firewall rules on the router that could be blocking even solicited requests on those ports? Does everything work correctly when you access Mail, Community and the Portal?
No, the router firewall is in its default state, which is to block (drop) any unsolicited requests to any port. I'm not aware of any means of blocking solicited requests (ie responses), although I'm sure that could be done by linux command line wizardry (iptables etc). Mail, community &portal all work fine.
But I do wonder if it could be something to do with the portal...it is quite possible that I've left a portal browser session open...
I'll do some more experiments.
Re: Why are Plusnet VISP portal servers trying to connect to me?
09-01-2010 5:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: alanf What are your Plusnet Broadband Firewall settings? Setting an appropriate level in the Member Centre should block unwanted inward connection attempts before they are sent down the line and added to your broadband usage totals..
https://www.plus.net/support/security/firewalls/firewallfaq.shtml
Plusnet broadband firewall is set to Low. But that blocks only frequently hacked ports less than 1024 so far as I know. The examples I posted are to ports 7055 and 15082, which wouldn't be blocked.
Re: Why are Plusnet VISP portal servers trying to connect to me?
09-01-2010 6:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
https://www.plus.net/support/security/firewalls/broadbandfirewall.shtml
Re: Why are Plusnet VISP portal servers trying to connect to me?
09-01-2010 7:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: jelv I'm wondering if they were late responses to normal requests.
I think it might be something like that.
I logged on to the portal this morning and then put my Windows laptop into hibernation at about 9am. Looking through the router logs I see a sequence of requests from 84.93.229.197, then 212.159.10.5, 212.159.10.1, 212.159.10.11, 212.159.10.13, 212.159.10.17, 212.159.10.69 in sequence, with between 10 and 13 requests from each one. This lasted until about 10am.
Then at around 14:15 I see sequeneces of requests from 212.159.10.7, 212.159.10.5, 212.159.10.3, 212.159.10.9 until 15:06
At 15:53, sequences of requests from 84.93.229.67, 84.93.229.69, 84.93.229.67, 84.93.229.229, 84.93.229.67, 84.93.229.69
at 17:15 I powered up the laptop, looked at this thread, and closed the portal browser session (didn't logoff portal first) . Log shows no blocked requests after 17:20
Sometime around 18:00 I logged back on to the portal. Blocked messages start again at 18:20.
So its something to do with accessing the portal. My portal login seems to expire frequently. Could this be a convoluted means of checking login status?
Re: Why are Plusnet VISP portal servers trying to connect to me?
09-01-2010 7:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: alanf Is there any reason that you couldn't set the level to high?
Setting it to high blocks the NTP protocol which stops a Windows/XP system and my routers updating their time.
In any case, I don't think Plusnet should be doing this and would like to know why it does. If it is sending the requests to everyone who logs on to the portal then there could be a significant impact on the network.
Re: Why are Plusnet VISP portal servers trying to connect to me?
12-01-2010 7:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It was because I have an IMAP account on my email client (Thunderbird) on a Windows Vista PC, which then hibernated without terminating the email client.
I have no idea why that caused the Plusnet IMAP server to continue trying to connect to me (to send some sort of acknowledgement as I read the log entry). It didn't do that when the PC was active. And in any case it was sending to what appeared to be a random port, which in general you wouldn't expect to be open. It always sent from port 14300 though.
So it looks like a bug. I would have thought that a well constructed IMAP server should recognise that the client had gone away.
So if anyone from Plusnet is reading this, maybe it could be put on a list of potential bugs.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Why are Plusnet VISP portal servers trying to ...