Am I being hacked?
FIXED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- Am I being hacked?
19-03-2018 11:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi,
the last sat couple of evenings my broadband speed has dropped to the point I can’t get a connection. The router log shows a series of remote administration records.
23:21:32, 19 Mar. ( 6108.820000) Admin login successful by 192.168.1.64 on HTTP *** my login ***
23:20:48, 19 Mar. ( 6064.030000) New GUI session from IP 192.168.1.64. *** my session ***
23:13:43, 19 Mar. IN: BLOCK [16] Remote administration (TCP [210.100.234.162]:48169->[46.208.10.94]:22 on ppp3)
23:09:17, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33464 on ppp3)
23:09:08, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33463 on ppp3)
23:08:58, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33462 on ppp3)
23:08:49, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33461 on ppp3)
23:08:39, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33460 on ppp3)
23:08:29, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33459 on ppp3)
23:08:20, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33458 on ppp3)
23:08:10, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33457 on ppp3)
23:08:01, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33456 on ppp3)
23:07:51, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33455 on ppp3)
23:07:41, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33454 on ppp3)
23:07:32, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33453 on ppp3)
23:07:22, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33452 on ppp3)
23:07:13, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33451 on ppp3)
23:07:03, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33450 on ppp3)
23:06:54, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33449 on ppp3)
23:06:44, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33448 on ppp3)
23:06:34, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33447 on ppp3)
23:06:25, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33446 on ppp3)
23:06:15, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33445 on ppp3)
23:06:06, 19 Mar. IN: BLOCK [16] Remote administration (UDP [91.240.224.50]:44486->[46.208.10.94]:33444 on ppp3)
22:55:22, 19 Mar. IN: BLOCK [16] Remote administration (TCP [198.98.53.73]:53221->[46.208.10.94]:22 on ppp3)
22:54:31, 19 Mar. IN: BLOCK [16] Remote administration (TCP [212.92.127.26]:45854->[46.208.10.94]:8080 on ppp3)
22:48:56, 19 Mar. IN: BLOCK [16] Remote administration (TCP [103.89.91.193]:50494->[46.208.10.94]:22 on ppp3)
22:40:38, 19 Mar. IN: BLOCK [16] Remote administration (TCP [186.62.37.76]:24126->[46.208.10.94]:22 on ppp3)
22:22:40, 19 Mar. IN: BLOCK [16] Remote administration (TCP [39.135.17.43]:161->[46.208.10.94]:161 on ppp3)
22:21:56, 19 Mar. IN: BLOCK [16] Remote administration (TCP [39.135.17.39]:161->[46.208.10.94]:161 on ppp3)
22:21:45, 19 Mar. BLOCKED 1 more packets (because of Remote administration)
22:21:44, 19 Mar. IN: BLOCK [16] Remote administration (TCP [122.2.223.242]:63803->[46.208.10.94]:22 on ppp3)
22:13:21, 19 Mar. IN: BLOCK [16] Remote administration (TCP [115.231.219.29]:6000->[46.208.10.94]:80 on ppp3)
22:09:11, 19 Mar. IN: BLOCK [16] Remote administration (TCP [212.92.127.26]:42322->[46.208.10.94]:8080 on ppp3)
22:08:09, 19 Mar. IN: BLOCK [16] Remote administration (TCP [27.191.235.90]:6910->[46.208.10.94]:22 on ppp3)
22:00:38, 19 Mar. IN: BLOCK [16] Remote administration (TCP [89.178.17.188]:3363->[46.208.10.94]:22 on ppp3)
21:57:34, 19 Mar. OUT: BLOCK [65] First packet is Invalid (Packet not in tcp window: TCP [192.168.1.66]:51677->[17.252.60.25]:5223 on ppp3)
21:54:32, 19 Mar. IN: BLOCK [16] Remote administration (TCP [212.92.127.26]:54611->[46.208.10.94]:8080 on ppp3)
21:53:22, 19 Mar. OUT: BLOCK [65] First packet is Invalid (Invalid tcp flags for current tcp state: TCP [192.168.1.64]:64213->[23.56.3.183]:443 on ppp3)
21:46:43, 19 Mar. IN: BLOCK [16] Remote administration (TCP [103.89.91.193]:60423->[46.208.10.94]:22 on ppp3)
21:44:17, 19 Mar. IN: BLOCK [15] Default policy (TCP [17.252.59.246]:443->[46.208.10.94]:64110 on ppp3)
21:44:09, 19 Mar. IN: BLOCK [15] Default policy (TCP [217.146.190.234]:993->[46.208.10.94]:64035 on ppp3)
21:44:07, 19 Mar. IN: BLOCK [15] Default policy (TCP [111.56.16.93]:59665->[46.208.10.94]:1433 on ppp3)
21:43:57, 19 Mar. IN: BLOCK [15] Default policy (TCP [77.72.82.103]:40047->[46.208.10.94]:9292 on ppp3)
21:43:53, 19 Mar. IN: BLOCK [15] Default policy (TCP [114.143.24.36]:48806->[46.208.10.94]:1433 on ppp3)
21:43:52, 19 Mar. IN: BLOCK [15] Default policy (TCP [217.146.190.234]:993->[46.208.10.94]:64035 on ppp3)
21:43:45, 19 Mar. IN: BLOCK [15] Default policy (TCP [46.161.55.106]:54161->[46.208.10.94]:5038 on ppp3)
21:43:43, 19 Mar. IN: BLOCK [15] Default policy (TCP [217.146.190.234]:993->[46.208.10.94]:64035 on ppp3)
21:43:40, 19 Mar. BLOCKED 1 more packets (because of Default policy)
21:43:36, 19 Mar. IN: BLOCK [15] Default policy (TCP [217.146.190.234]:993->[46.208.10.94]:64035 on ppp3)
21:43:36, 19 Mar. BLOCKED 4 more packets (because of Default policy)
21:43:35, 19 Mar. IN: BLOCK [15] Default policy (TCP [217.146.190.234]:993->[46.208.10.94]:64035 on ppp3)
21:43:34, 19 Mar. IN: BLOCK [15] Default policy (TCP [79.170.44.129]:993->[46.208.10.94]:63801 on ppp3)
21:43:24, 19 Mar. IN: BLOCK [15] Default policy (TCP [79.170.44.129]:993->[46.208.10.94]:63800 on ppp3)
21:43:09, 19 Mar. ( 205.830000) Admin login successful by 192.168.1.64 on HTTP
21:43:09, 19 Mar. IN: BLOCK [15] Default policy (TCP [201.42.42.228]:28480->[46.208.10.94]:23 on ppp3)
21:43:03, 19 Mar. IN: BLOCK [15] Default policy (TCP [17.252.60.24]:443->[46.208.10.94]:63987 on ppp3)
21:43:03, 19 Mar. BLOCKED 3 more packets (because of Default policy)
21:43:03, 19 Mar. IN: BLOCK [15] Default policy (TCP [17.252.60.24]:443->[46.208.10.94]:63987 on ppp3)
21:42:56, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63977 on ppp3)
21:42:51, 19 Mar. BLOCKED 2 more packets (because of Default policy)
21:42:49, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63979 on ppp3)
21:42:45, 19 Mar. BLOCKED 1 more packets (because of Default policy)
21:42:44, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63974 on ppp3)
21:42:43, 19 Mar. IN: BLOCK [15] Default policy (TCP [185.143.223.214]:43096->[46.208.10.94]:5106 on ppp3)
21:42:40, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63979 on ppp3)
21:42:39, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63971 on ppp3)
21:42:38, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63978 on ppp3)
21:42:37, 19 Mar. BLOCKED 1 more packets (because of Default policy)
21:42:36, 19 Mar. BLOCKED 2 more packets (because of Default policy)
21:42:34, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63977 on ppp3)
21:42:34, 19 Mar. BLOCKED 3 more packets (because of Default policy)
21:42:33, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63977 on ppp3)
21:42:33, 19 Mar. BLOCKED 6 more packets (because of Default policy)
21:42:32, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63978 on ppp3)
21:42:32, 19 Mar. BLOCKED 12 more packets (because of Default policy)
21:42:32, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63979 on ppp3)
21:42:32, 19 Mar. BLOCKED 14 more packets (because of Default policy)
21:42:30, 19 Mar. IN: BLOCK [15] Default policy (TCP [80.239.244.95]:443->[46.208.10.94]:63978 on ppp3)
21:42:20, 19 Mar. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.64]:64098->[79.170.44.129]:993 on ppp3)
21:42:02, 19 Mar. ( 138.330000) CWMP: session completed successfully
21:42:02, 19 Mar. ( 138.150000) CWMP: HTTP authentication success from https://dbtpnhdm.bt.mo
21:42:02, 19 Mar. IN: BLOCK [15] Default policy (TCP [199.117.180.13]:443->[46.208.10.94]:44818 on ppp3)
21:41:59, 19 Mar. ( 134.970000) NTP synchronization success!
21:41:56, 19 Mar. ( 131.250000) CWMP: Server URL: https://dbtpnhdm.bt.mo; Connecting as user: ACS username
21:41:56, 19 Mar. ( 131.240000) CWMP: Session start now. Event code(s): '1 BOOT,4 VALUE CHANGE'
21:41:55, 19 Mar. ( 130.650000) NTP synchronization start
21:41:54, 19 Mar. ( 129.770000) WAN operating mode is VDSL
21:41:54, 19 Mar. ( 129.770000) Last WAN operating mode was VDSL
21:41:53, 19 Mar. ( 128.720000) PPP IPCP Receive Configuration ACK
21:41:53, 19 Mar. ( 128.710000) PPP IPCP Send Configuration Request
21:41:53, 19 Mar. ( 128.700000) PPP IPCP Receive Configuration NAK
21:41:53, 19 Mar. ( 128.690000) PPP IPCP Send Configuration ACK
21:41:53, 19 Mar. ( 128.690000) PPP IPCP Receive Configuration Request
21:41:53, 19 Mar. ( 128.690000) PPP IPCP Send Configuration Request
21:41:52, 19 Mar. ( 127.820000) PPPoE is up - Down Rate=56647Kbps, Up Rate=11141Kbps; SNR Margin Down=6.1dB, Up=6.1dB
21:41:52, 19 Mar. ( 127.800000) CHAP authentication successful
21:41:52, 19 Mar. ( 127.740000) CHAP Receive Challenge
21:41:52, 19 Mar. ( 127.740000) Starting CHAP authentication with peer
21:41:52, 19 Mar. ( 127.740000) PPP LCP Receive Configuration ACK
Any suggestions would be appreciated.
Many thanks
Fixed! Go to the fix.
20-03-2018 7:26 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: Am I being hacked?
20-03-2018 11:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks,
No internet exposed ports, most of my settings are standard, only put static IPs on some devices. Shields-up shows green across all service ports.
Guessing I can just ignore it apart from nuisance value.
Re: Am I being hacked?
20-03-2018 2:24 PM - edited 20-03-2018 2:24 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Yep, I wouldn't be too concerned, especially if Shields-up comes back clear.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page