cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Firewall attacks

M1llsy
Newbie
Posts: 1
Registered: ‎28-08-2019

Firewall attacks

on ‎28-08-2019 8:48 PM - last edited on ‎29-08-2019 12:38 AM by Moderator

Hi,

I’ve been a long term customer with plusnet but I have recently had a problem with slow internet on iPhones/laptop etc, I received a new hub1 a couple of months ago and it’s been better, but recently my echos and google homes disconnect daily and the internet is slow again.

I have assigned static ips to the echo and google products in the hope that it solves that issue?!

I then turned to the firewall logs and can see a lot of Chinese ips attempting remote administration!

Should I be worried about this, the firewall is doing its job after all. Will this be causing me slow internet? Any other issues people can see that I can’t...?

Message
20:37:52, 28 Aug. IN: BLOCK [16] Remote administration (TCP [220.189.99.117]:48320-​>[51.9.234.230]:22 on ppp3)
20:32:55, 28 Aug. OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 192.168.1.79-​>172.217.169.14 on ppp3)
20:32:53, 28 Aug. BLOCKED 3 more packets (because of ICMP replay)
20:32:52, 28 Aug. OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 192.168.1.79-​>172.217.169.14 on ppp3)
20:32:47, 28 Aug. IN: BLOCK [16] Remote administration (TCP [112.240.192.211]:31574-​>[51.9.234.230]:8080 on ppp3)
20:28:32, 28 Aug. IN: BLOCK [16] Remote administration (TCP [128.1.91.94]:17032-​>[51.9.234.230]:443 on ppp3)
20:28:18, 28 Aug. IN: BLOCK [16] Remote administration (TCP [180.126.140.61]:32328-​>[51.9.234.230]:22 on ppp3)
20:24:04, 28 Aug. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 194.32.71.4-​>51.9.234.230 on ppp3)
20:21:36, 28 Aug. IN: BLOCK [16] Remote administration (TCP [172.104.125.180]:58199-​>[51.9.234.230]:8443 on ppp3)
20:20:22, 28 Aug. IN: BLOCK [16] Remote administration (TCP [107.170.239.167]:38983-​>[51.9.234.230]:8443 on ppp3)
20:17:12, 28 Aug. IN: BLOCK [16] Remote administration (TCP [114.228.75.210]:30200-​>[51.9.234.230]:22 on ppp3)
20:14:03, 28 Aug. IN: BLOCK [16] Remote administration (TCP [201.43.46.39]:25833-​>[51.9.234.230]:8080 on ppp3)
20:11:12, 28 Aug. IN: BLOCK [16] Remote administration (TCP [185.186.189.99]:16289-​>[51.9.234.230]:8080 on ppp3)
20:09:07, 28 Aug. IN: BLOCK [16] Remote administration (TCP [187.102.71.12]:3821-​>[51.9.234.230]:8080 on ppp3)
20:05:43, 28 Aug. BLOCKED 3 more packets (because of Default policy)
20:05:42, 28 Aug. BLOCKED 1 more packets (because of Packet invalid in connection)
20:05:41, 28 Aug. IN: BLOCK [15] Default policy (TCP [23.198.66.217]:443-​>[51.9.234.230]:62466 on ppp3)
20:05:41, 28 Aug. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [23.198.66.217]:443-​>[51.9.234.230]:62465 on ppp3)
20:05:41, 28 Aug. IN: BLOCK [15] Default policy (TCP [189.203.147.104]:28999-​>[51.9.234.230]:445 on ppp3)
20:05:41, 28 Aug. IN: BLOCK [15] Default policy (TCP [52.208.204.25]:443-​>[51.9.234.230]:62502 on ppp3)
20:05:40, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.71]:62498-​>[3.122.32.14]:443 on ppp3)
20:05:39, 28 Aug. IN: BLOCK [15] Default policy (TCP [185.254.122.35]:49872-​>[51.9.234.230]:6719 on ppp3)
20:05:39, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:05:38, 28 Aug. IN: BLOCK [15] Default policy (TCP [176.32.101.52]:443-​>[51.9.234.230]:46780 on ppp3)
20:05:36, 28 Aug. OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP [192.168.1.73]:63124-​>[45.57.41.1]:443 on ppp3)
20:05:35, 28 Aug. IN: BLOCK [15] Default policy (TCP [189.203.147.104]:28999-​>[51.9.234.230]:445 on ppp3)
20:05:35, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:05:34, 28 Aug. IN: BLOCK [15] Default policy (TCP [34.240.126.33]:443-​>[51.9.234.230]:63090 on ppp3)
20:05:33, 28 Aug. IN: BLOCK [15] Default policy (TCP [52.46.145.58]:443-​>[51.9.234.230]:32946 on ppp3)
20:05:32, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.73]:63123-​>[104.120.214.30]:443 on ppp3)
20:05:32, 28 Aug. IN: BLOCK [15] Default policy (TCP [189.203.147.104]:28999-​>[51.9.234.230]:445 on ppp3)
20:05:29, 28 Aug. OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP [192.168.1.73]:63063-​>[17.248.144.76]:443 on ppp3)
20:05:28, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.71]:62451-​>[23.198.86.199]:443 on ppp3)
20:05:27, 28 Aug. IN: BLOCK [15] Default policy (TCP [23.198.66.217]:443-​>[51.9.234.230]:63120 on ppp3)
20:05:25, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:05:24, 28 Aug. OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP [192.168.1.73]:49182-​>[64.233.167.109]:993 on ppp3)
20:05:21, 28 Aug. OUT: BLOCK [65] First packet is Invalid (Invalid tcp flags for current tcp state: TCP [192.168.1.73]:56960-​>[52.71.161.254]:9543 on ppp3)
20:05:21, 28 Aug. IN: BLOCK [15] Default policy (TCP [176.32.101.52]:443-​>[51.9.234.230]:46780 on ppp3)
20:05:20, 28 Aug. IN: BLOCK [15] Default policy (TCP [37.252.173.22]:443-​>[51.9.234.230]:62501 on ppp3)
20:05:20, 28 Aug. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [37.252.173.22]:443-​>[51.9.234.230]:62500 on ppp3)
20:05:19, 28 Aug. BLOCKED 3 more packets (because of Default policy)
20:05:17, 28 Aug. OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP [192.168.1.73]:49177-​>[64.233.167.109]:993 on ppp3)
20:05:16, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.73]:63116-​>[23.198.86.199]:443 on ppp3)
20:05:14, 28 Aug. IN: BLOCK [15] Default policy (TCP [23.198.66.217]:443-​>[51.9.234.230]:63120 on ppp3)
20:05:14, 28 Aug. IN: BLOCK [15] Default policy (UDP [159.89.191.246]:38654-​>[51.9.234.230]:17185 on ppp3)
20:05:14, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (Packet not in tcp window: TCP [192.168.1.74]:59065-​>[34.252.19.214]:443 on ppp3)
20:05:12, 28 Aug. OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP [192.168.1.71]:62481-​>[17.142.163.21]:993 on ppp3)
20:05:12, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:05:11, 28 Aug. IN: BLOCK [15] Default policy (TCP [176.32.101.52]:443-​>[51.9.234.230]:46780 on ppp3)
20:05:10, 28 Aug. BLOCKED 2 more packets (because of Default policy)
20:05:09, 28 Aug. IN: BLOCK [15] Default policy (TCP [34.240.126.33]:443-​>[51.9.234.230]:63090 on ppp3)
20:05:08, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:05:08, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.71]:62479-​>[17.56.8.133]:993 on ppp3)
20:05:07, 28 Aug. BLOCKED 1 more packets (because of Packet invalid in connection)
20:05:06, 28 Aug. IN: BLOCK [15] Default policy (TCP [17.56.8.133]:993-​>[51.9.234.230]:62460 on ppp3)
20:05:06, 28 Aug. BLOCKED 2 more packets (because of Default policy)
20:05:06, 28 Aug. IN: BLOCK [15] Default policy (TCP [17.252.11.246]:443-​>[51.9.234.230]:63041 on ppp3)
20:05:06, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.71]:62474-​>[17.56.8.133]:993 on ppp3)
20:05:05, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:05:04, 28 Aug. IN: BLOCK [15] Default policy (TCP [176.32.101.52]:443-​>[51.9.234.230]:46780 on ppp3)
20:05:04, 28 Aug. BLOCKED 3 more packets (because of Default policy)
20:05:03, 28 Aug. BLOCKED 1 more packets (because of Packet invalid in connection)
20:05:03, 28 Aug. IN: BLOCK [15] Default policy (TCP [23.198.66.217]:443-​>[51.9.234.230]:63120 on ppp3)
20:05:03, 28 Aug. BLOCKED 8 more packets (because of Default policy)
20:05:02, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.73]:63122-​>[104.120.214.30]:443 on ppp3)
20:05:01, 28 Aug. IN: BLOCK [15] Default policy (TCP [88.221.134.43]:80-​>[51.9.234.230]:57444 on ppp3)
20:05:01, 28 Aug. BLOCKED 3 more packets (because of Default policy)
20:05:01, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.73]:63120-​>[23.198.66.217]:443 on ppp3)
20:05:00, 28 Aug. IN: BLOCK [15] Default policy (TCP [88.221.134.43]:80-​>[51.9.234.230]:57444 on ppp3)
20:05:00, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.84]:37521-​>[34.253.72.148]:443 on ppp3)
20:04:59, 28 Aug. IN: BLOCK [15] Default policy (UDP [87.194.89.8]:4500-​>[51.9.234.230]:4500 on ppp3)
20:04:56, 28 Aug. IN: BLOCK [15] Default policy (TCP [34.240.126.33]:443-​>[51.9.234.230]:63090 on ppp3)
20:04:54, 28 Aug. OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP [192.168.1.73]:63087-​>[109.159.158.103]:443 on ppp3)
20:04:52, 28 Aug. IN: BLOCK [15] Default policy (TCP [52.119.196.87]:443-​>[51.9.234.230]:38370 on ppp3)
20:04:51, 28 Aug. IN: BLOCK [15] Default policy (TCP [17.137.166.35]:443-​>[51.9.234.230]:63095 on ppp3)
20:04:50, 28 Aug. IN: BLOCK [15] Default policy (TCP [34.240.126.33]:443-​>[51.9.234.230]:63090 on ppp3)
20:04:49, 28 Aug. IN: BLOCK [15] Default policy (TCP [172.217.169.46]:443-​>[51.9.234.230]:57452 on ppp3)
20:04:48, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.73]:63118-​>[23.198.64.199]:443 on ppp3)
20:04:47, 28 Aug. IN: BLOCK [15] Default policy (TCP [34.240.126.33]:443-​>[51.9.234.230]:63090 on ppp3)
20:04:45, 28 Aug. BLOCKED 1 more packets (because of Packet invalid in connection)
20:04:44, 28 Aug. IN: BLOCK [15] Default policy (TCP [34.240.126.33]:443-​>[51.9.234.230]:63090 on ppp3)
20:04:44, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.73]:63090-​>[34.240.126.33]:443 on ppp3)
20:04:42, 28 Aug. IN: BLOCK [15] Default policy (TCP [52.119.196.87]:443-​>[51.9.234.230]:38370 on ppp3)
20:04:42, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.73]:63088-​>[23.198.66.217]:443 on ppp3)
20:04:41, 28 Aug. OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP [192.168.1.73]:63082-​>[31.55.184.19]:443 on ppp3)
20:04:40, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:04:39, 28 Aug. IN: BLOCK [15] Default policy (TCP [23.198.66.217]:443-​>[51.9.234.230]:63035 on ppp3)
20:04:39, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:04:38, 28 Aug. IN: BLOCK [15] Default policy (TCP [52.119.196.87]:443-​>[51.9.234.230]:38370 on ppp3)
20:04:37, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.73]:63080-​>[17.253.35.203]:443 on ppp3)
20:04:35, 28 Aug. IN: BLOCK [15] Default policy (TCP [52.119.196.87]:443-​>[51.9.234.230]:38370 on ppp3)
20:04:35, 28 Aug. BLOCKED 3 more packets (because of Default policy)
20:04:33, 28 Aug. IN: BLOCK [15] Default policy (TCP [52.119.196.87]:443-​>[51.9.234.230]:38370 on ppp3)
20:04:33, 28 Aug. BLOCKED 3 more packets (because of Default policy)
20:04:33, 28 Aug. IN: BLOCK [15] Default policy (TCP [52.119.196.87]:443-​>[51.9.234.230]:38370 on ppp3)
20:04:33, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:04:32, 28 Aug. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [192.168.1.73]:63098-​>[17.253.37.205]:443 on ppp3)
20:04:32, 28 Aug. OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP [192.168.1.73]:63071-​>[31.55.184.19]:443 on ppp3)
20:04:32, 28 Aug. BLOCKED 1 more packets (because of Default policy)
20:04:31, 28 Aug. IN: BLOCK [15] Default policy (UDP [87.194.89.8]:4500-​>[51.9.234.230]:4500 on ppp3

Moderator's note by Mike (Mav): Post released from Spam Filter.
Message 1 of 2
(1,864 Views)
0 Thanks
1 REPLY 1
MatthewWheeler
Plusnet Help Team
Plusnet Help Team
Posts: 8,907
Thanks: 1,525
Fixes: 479
Registered: ‎01-01-2012

Re: Firewall attacks

‎31-08-2019 2:26 PM

Thanks for getting in touch @M1llsy and apologies for the delayed response.

The firewall logs aren't anything to be worried about as that's just the router doing its job as you've said.

If your Amazon Echo's and Google Home's are disconnecting then it's likely the issue may be with the wireless signal itself rather than the line.

I'd recommend going through the steps shown here to see if they help. Let us know how you get on

If this post resolved your issue please click the 'This fixed my problem' button
 Matthew Wheeler
 Plusnet Help Team
Message 2 of 2
(1,779 Views)
0 Thanks