strange ip conections
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: strange ip conections
strange ip conections
28-01-2014 2:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
and its second one 157.56.52.23:4000 and there is many more....any suguest ?also one from singapure microsoft corporation.......
Re: strange ip conections
28-01-2014 3:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Firewall usually list blocked connects rather than made connections
Here is an example from my TG582n
FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 93.115.94.250 Dst ip: xxx.xxx.xxx.xxx Type: Destination Unreachable Code: Port Unreacheable
If you are unsure copy and paste the events here in this thread.
Hope this helps.
Dan.
Re: strange ip conections
28-01-2014 4:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
[LAN access from remote] from 95.84.24.15:9977 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:52
[LAN access from remote] from 182.185.44.205:26678 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:51
[LAN access from remote] from 178.78.55.123:63738 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:51
[LAN access from remote] from 178.78.55.123:63601 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:51
[LAN access from remote] from 39.214.57.237:64145 to 192.168.1.3:12788, Tuesday, Jan 28,2014 16:18:49
[LAN access from remote] from 109.196.79.37:64504 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:49
[LAN access from remote] from 188.134.33.55:1024 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:47
[LAN access from remote] from 39.214.57.237:64143 to 192.168.1.3:12788, Tuesday, Jan 28,2014 16:18:47
[LAN access from remote] from 62.133.178.205:12582 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:47
router is NETGEAR R6300
there you can see after clear up:...
[LAN access from remote] from 95.26.93.226:55373 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:37
[LAN access from remote] from 95.26.93.226:54622 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:37
[LAN access from remote] from 37.190.55.43:12214 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:37
[LAN access from remote] from 66.177.50.11:11292 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:35
[LAN access from remote] from 81.200.81.2:38472 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:34
[LAN access from remote] from 46.36.67.1:30727 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:34
[LAN access from remote] from 217.175.32.106:2566 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:34
[LAN access from remote] from 83.149.34.214:5516 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:33
[LAN access from remote] from 178.45.34.32:44251 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:32
[Log Cleared] Tuesday, Jan 28,2014 16:23:31
Re: strange ip conections
28-01-2014 4:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: strange ip conections
28-01-2014 4:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Run Malware scanners on those two machines! as these look to be connections to your two machines - Innocuous scanning will have your WAN IP as the Destination.
Re: strange ip conections
28-01-2014 5:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
[Service blocked: ICMP_echo_req] from source 79.153.210.6, Tuesday, Jan 28,2014 17:07:48
[Service blocked: ICMP_echo_req] from source 83.69.227.130, Tuesday, Jan 28,2014 17:07:47
[Service blocked: ICMP_echo_req] from source 89.223.47.201, Tuesday, Jan 28,2014 17:07:46
[Service blocked: ICMP_echo_req] from source 178.94.113.230, Tuesday, Jan 28,2014 17:07:44
[Service blocked: ICMP_echo_req] from source 83.69.227.130, Tuesday, Jan 28,2014 17:07:43
[Service blocked: ICMP_echo_req] from source 213.184.138.218, Tuesday, Jan 28,2014 17:07:43
[Service blocked: ICMP_echo_req] from source 89.223.47.201, Tuesday, Jan 28,2014 17:07:42
[Log Cleared] Tuesday, Jan 28,2014 17:07:42
also shows DoS atack
[Service blocked: ICMP_echo_req] from source 85.17.122.162, Tuesday, Jan 28,2014 17:11:59
[Service blocked: ICMP_echo_req] from source 93.171.164.14, Tuesday, Jan 28,2014 17:11:59
[Service blocked: ICMP_echo_req] from source 93.76.202.16, Tuesday, Jan 28,2014 17:11:58
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [84.93.235.226], Tuesday, Jan 28,2014 17:11:56
Re: strange ip conections
28-01-2014 5:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
this IP 84.93.235.226............cose this IP belongs to PN on this time when atack was send......otherwise i will look in to this further.....
Re: strange ip conections
28-01-2014 5:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Are these disrupting your browsing at all, or interfering with your use of the service? You're always going to get these sorts of things showing on a router, it's why it has a firewall
If you do seriously want information on that IP, I'm afraid it'll need pursuing properly through legal channels before we'll release any information.
Re: strange ip conections
28-01-2014 5:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: logindukas82 this IP 84.93.235.226
Is one of the Community Site IP addresses - this isn't DDOSing you, it's most your router misreporting.
Re: strange ip conections
28-01-2014 5:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Matt Hi there,
Are these disrupting your browsing at all, or interfering with your use of the service? You're always going to get these sorts of things showing on a router, it's why it has a firewall
If you do seriously want information on that IP, I'm afraid it'll need pursuing properly through legal channels before we'll release any information.
yes i realy want to know hu sending this atack to me...if its comunity adrress why its on my routers log then ? how its works?
Re: strange ip conections
28-01-2014 5:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Well, firstly, Chris has replied above you and explained.
Secondly, as I said, you would need to pursue any queries of this nature through legal channels before we would release any information. By that I mean you would need to report this to the police, convince them that a crime is happening and - I suspect, though am not sure - convince them that they need to send us a court order in order for the information released.
However, as Chris has said, it's one of the IPs of our Community site. I assure you that the community site servers are not DDoS'ing you, it'll be your router misreporting as Chris has said.
Please bear in mind, in order for a DDoS to be effective, your router would have to be receiving thousands and thousands of these requests per minute - that's the whole point of them, that the intended victim's connection is overloaded and shuts down. Unless you're seeing that kind of thing I very much doubt you'll get anywhere with the police.
Re: strange ip conections
28-01-2014 5:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Chris
Quote from: logindukas82 this IP 84.93.235.226
Is one of the Community Site IP addresses - this isn't DDOSing you, it's most your router misreporting.
It's one of the Plusnet IP addresses that you never even make any outgoing connection to - you haven't fixed your network yet for over several months: https://community.plus.net/forum/index.php/topic,117757.0.html
Re: strange ip conections
28-01-2014 11:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Mostly RU and UA. (Russian Federation, Ukraine)
Pretty familar with IPs in these blocks - endelssly trying to hack for WordPress vulnerabilites on my websites.
Looks pretty dodgy to me.
Just saying...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page