cancel
Showing results for 
Search instead for 
Did you mean: 

strange ip conections

logindukas82
Grafter
Posts: 49
Registered: ‎17-12-2013

strange ip conections

hi there,after checking router log file,have found some ip adress conections from many different countries and providers....this is the latest one 94.195.227.23:4005
and its second one 157.56.52.23:4000 and there is many more....any suguest ?also one from singapure microsoft corporation.......
12 REPLIES 12
Dan_the_Van
Aspiring Hero
Posts: 2,484
Thanks: 1,117
Fixes: 73
Registered: ‎25-06-2007

Re: strange ip conections

Hi,
Firewall usually list blocked connects rather than made connections
Here is an example from my TG582n
FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 93.115.94.250 Dst ip: xxx.xxx.xxx.xxx Type: Destination Unreachable Code: Port Unreacheable
If you are unsure copy and paste the events here in this thread.
Hope this helps.
Dan.
logindukas82
Grafter
Posts: 49
Registered: ‎17-12-2013

Re: strange ip conections

this is a last few log's
[LAN access from remote] from 95.84.24.15:9977 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:52
[LAN access from remote] from 182.185.44.205:26678 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:51
[LAN access from remote] from 178.78.55.123:63738 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:51
[LAN access from remote] from 178.78.55.123:63601 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:51
[LAN access from remote] from 39.214.57.237:64145 to 192.168.1.3:12788, Tuesday, Jan 28,2014 16:18:49
[LAN access from remote] from 109.196.79.37:64504 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:49
[LAN access from remote] from 188.134.33.55:1024 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:47
[LAN access from remote] from 39.214.57.237:64143 to 192.168.1.3:12788, Tuesday, Jan 28,2014 16:18:47
[LAN access from remote] from 62.133.178.205:12582 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:18:47
router is NETGEAR  R6300
there you can see after clear up:...
[LAN access from remote] from 95.26.93.226:55373 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:37
[LAN access from remote] from 95.26.93.226:54622 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:37
[LAN access from remote] from 37.190.55.43:12214 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:37
[LAN access from remote] from 66.177.50.11:11292 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:35
[LAN access from remote] from 81.200.81.2:38472 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:34
[LAN access from remote] from 46.36.67.1:30727 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:34
[LAN access from remote] from 217.175.32.106:2566 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:34
[LAN access from remote] from 83.149.34.214:5516 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:33
[LAN access from remote] from 178.45.34.32:44251 to 192.168.1.5:51683, Tuesday, Jan 28,2014 16:23:32
[Log Cleared] Tuesday, Jan 28,2014 16:23:31
logindukas82
Grafter
Posts: 49
Registered: ‎17-12-2013

Re: strange ip conections

192.168.1.5 is laptop internal adress and 192.168.1.3 is apple pc internal adress.....if i understand right,someone scaning ports ?
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: strange ip conections

These look deeply suspicious!!  Check to see that you haven't got ports 51683 and 12788 forwarded for some reason (uPnP?) 
Run Malware scanners on those two machines! as these look to be connections to your two machines - Innocuous scanning will have your WAN IP as the Destination. 
logindukas82
Grafter
Posts: 49
Registered: ‎17-12-2013

Re: strange ip conections

yes UPnP was enable and there was active ports....after logs clear up there is  a stats :

[Service blocked: ICMP_echo_req] from source 79.153.210.6, Tuesday, Jan 28,2014 17:07:48
[Service blocked: ICMP_echo_req] from source 83.69.227.130, Tuesday, Jan 28,2014 17:07:47
[Service blocked: ICMP_echo_req] from source 89.223.47.201, Tuesday, Jan 28,2014 17:07:46
[Service blocked: ICMP_echo_req] from source 178.94.113.230, Tuesday, Jan 28,2014 17:07:44
[Service blocked: ICMP_echo_req] from source 83.69.227.130, Tuesday, Jan 28,2014 17:07:43
[Service blocked: ICMP_echo_req] from source 213.184.138.218, Tuesday, Jan 28,2014 17:07:43
[Service blocked: ICMP_echo_req] from source 89.223.47.201, Tuesday, Jan 28,2014 17:07:42
[Log Cleared] Tuesday, Jan 28,2014 17:07:42

also shows DoS atack  Angry
[Service blocked: ICMP_echo_req] from source 85.17.122.162, Tuesday, Jan 28,2014 17:11:59
[Service blocked: ICMP_echo_req] from source 93.171.164.14, Tuesday, Jan 28,2014 17:11:59
[Service blocked: ICMP_echo_req] from source 93.76.202.16, Tuesday, Jan 28,2014 17:11:58
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [84.93.235.226], Tuesday, Jan 28,2014 17:11:56
logindukas82
Grafter
Posts: 49
Registered: ‎17-12-2013

Re: strange ip conections

now i hope PN team take care and inform me about this IP adress hu send DoS atack's  Angry
this IP 84.93.235.226............cose this IP belongs to PN on this time when atack was send......otherwise i will look in to this further.....
orbrey
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 10,540
Registered: ‎18-07-2007

Re: strange ip conections

Hi there,
Are these disrupting your browsing at all, or interfering with your use of the service? You're always going to get these sorts of things showing on a router, it's why it has a firewall Smiley
If you do seriously want information on that IP, I'm afraid it'll need pursuing properly through legal channels before we'll release any information.
Chris
Legend
Posts: 17,724
Thanks: 600
Fixes: 169
Registered: ‎05-04-2007

Re: strange ip conections

Quote from: logindukas82
this IP 84.93.235.226

Is one of the Community Site IP addresses - this isn't DDOSing you, it's most your router misreporting.
Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
logindukas82
Grafter
Posts: 49
Registered: ‎17-12-2013

Re: strange ip conections

Quote from: Matt
Hi there,
Are these disrupting your browsing at all, or interfering with your use of the service? You're always going to get these sorts of things showing on a router, it's why it has a firewall Smiley
If you do seriously want information on that IP, I'm afraid it'll need pursuing properly through legal channels before we'll release any information.

yes i realy want to know hu sending this atack to me...if its comunity adrress why its on my routers log then ? how its works?
orbrey
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 10,540
Registered: ‎18-07-2007

Re: strange ip conections

Hi,
Well, firstly, Chris has replied above you and explained.
Secondly, as I said, you would need to pursue any queries of this nature through legal channels before we would release any information. By that I mean you would need to report this to the police, convince them that a crime is happening and - I suspect, though am not sure - convince them that they need to send us a court order in order for the information released.
However, as Chris has said, it's one of the IPs of our Community site. I assure you that the community site servers are not DDoS'ing you, it'll be your router misreporting as Chris has said.
Please bear in mind, in order for a DDoS to be effective, your router would have to be receiving thousands and thousands of these requests per minute - that's the whole point of them, that the intended victim's connection is overloaded and shuts down. Unless you're seeing that kind of thing I very much doubt you'll get anywhere with the police.
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: strange ip conections

Quote from: Chris
Quote from: logindukas82
this IP 84.93.235.226

Is one of the Community Site IP addresses - this isn't DDOSing you, it's most your router misreporting.

It's one of the Plusnet IP addresses that you never even make any outgoing connection to - you haven't fixed your network yet for over several months: https://community.plus.net/forum/index.php/topic,117757.0.html
IanSn
Rising Star
Posts: 565
Thanks: 31
Registered: ‎25-09-2011

Re: strange ip conections

Looked up these IPs on whois?
Mostly RU and UA. (Russian Federation, Ukraine)
Pretty familar with IPs in these blocks - endelssly trying to hack for WordPress vulnerabilites on my websites.
Looks pretty dodgy to me.
    Just saying...