Port Forwarding Rule Added - Unattended
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- Re: Port Forwarding Rule Added - Unattended
Port Forwarding Rule Added - Unattended
07-04-2017 5:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi Everyone,
My router was a bit glitchy today and seemed to restart itself and re-connect, around mid day. When I review the Logs I see a couple of interesting activities. This morning I see the following;
11:09:55, 07 Apr.
( 28.640000) System up, firmware version: 4.7.5.1.83.8.226
11:09:39, 07 Apr.
( 13.310000) System start
11:07:27, 07 Apr.
(551609.880000) Port forwarding rule added via UPnP/TR064. Protocol: TCP, external ports: any->24090, internal ports: 32400, internal client: 192.168.1.75
10:07:26, 07 Apr.
(548009.090000) Port forwarding rule added via UPnP/TR064. Protocol: TCP, external ports: any->24090, internal ports: 32400, internal client: 192.168.1.75
09:07:25, 07 Apr.
(544407.320000) Port forwarding rule added via UPnP/TR064. Protocol: TCP, external ports: any->24090, internal ports: 32400, internal client: 192.168.1.75
This is at a time when I was out of the house, and nobody was logged on to the Router. The IP address specified for the port forwarding, is a MyCloud storage device. So first question is; How is it possible for my Router to add Port Forwarding with nobody logged on.
The second set of Log Events are;
11:50:19, 07 Apr.
(554182.020000) CWMP: Server URL: https://dbtpnhdm.bt.mo; Connecting as user: ACS username
11:50:19, 07 Apr.
(554182.010000) CWMP: Session start now. Event code(s): '4 VALUE CHANGE'
11:50:08, 07 Apr.
(554171.210000) CWMP: session closed due to error: Could not resolve host
11:50:08, 07 Apr.
(554170.630000) CWMP: Initializing transaction for event code 4 VALUE CHANGE
11:50:08, 07 Apr.
(554170.580000) Wire Lan Port 3 up
11:50:08, 07 Apr.
(554170.580000) Wire Lan Port 2 up
11:50:08, 07 Apr.
(554170.580000) Wire Lan Port 1 up
11:49:56, 07 Apr.
(554158.710000) Wire Lan Port 3 down
11:49:56, 07 Apr.
(554158.700000) Wire Lan Port 2 down
11:49:56, 07 Apr.
(554158.700000) Wire Lan Port 1 down
11:49:46, 07 Apr.
(554148.410000) Wire Lan Port 3 up
11:11:43, 07 Apr.
BLOCKED 1 more packets (because of First packet is Invalid)
11:11:41, 07 Apr.
OUT: BLOCK [65] First packet is Invalid (Packet not in tcp window: TCP [192.168.1.80]:49757->[52.11.159.248]:443 on ppp3)
11:10:09, 07 Apr.
BLOCKED 1 more packets (because of Packet invalid in connection)
11:10:08, 07 Apr.
OUT: BLOCK [9] Packet invalid in connection (UDP [0.0.0.0]:68->[255.255.255.255]:67 on ath00)
11:27:37, 07 Apr.
OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 212.159.18.145->88.221.134.186 on ppp3)
11:27:09, 07 Apr.
BLOCKED 2 more packets (because of ICMP replay)
11:27:08, 07 Apr.
OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 212.159.18.145->88.221.134.234 on ppp3)
11:15:44, 07 Apr.
OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 212.159.18.145->37.77.186.131 on ppp3)
11:15:41, 07 Apr.
BLOCKED 3 more packets (because of ICMP replay)
11:15:40, 07 Apr.
OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 212.159.18.145->37.77.186.131 on ppp3)
11:10:52, 07 Apr.
ath10: STA 64:20:0c:57:3b:b0 IEEE 802.11: Client disassociated
11:10:19, 07 Apr.
ath10: STA 64:20:0c:57:3b:b0 IEEE 802.11: Client associated
11:10:13, 07 Apr.
ath00: STA 64:20:0c:57:3b:b0 IEEE 802.11: Client associated
11:10:11, 07 Apr.
ath00: STA 90:f1:aa:de:0d:47 IEEE 802.11: Client associated
11:10:10, 07 Apr.
ath00: STA 18:0c:ac:40:32:6c IEEE 802.11: Client associated
This then repeats a few times until the connection settles down.
I am on a STATIC IP because of issues with VPN connections and not sure if this is a factor.
Can anyone help with the unusual Port Forwarding activity (especially the "SYSTEM START" event when the Router didn't reboot)?
Thanks,
Kevin
Re: Port Forwarding Rule Added - Unattended
07-04-2017 7:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Port Forwarding Rule Added - Unattended
08-04-2017 2:53 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
UPnP is Plug and Play - which suggests that something on that internal IP address has started up and opened the ports on the router and 32400 is the default port for Plex Media Server.
Re: Port Forwarding Rule Added - Unattended
08-04-2017 5:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
https://dbtpnhdm.bt.mo/ apparently is a BT update site.
so possibly your router has been updated which may have automatically installed the rule.
might be worth looking around the internet for details of the update.
Re: Port Forwarding Rule Added - Unattended
08-04-2017 5:31 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The second set look similar to TR069 logs :
12:24:14, 08 Apr. | (2136351.650000) CWMP: Initializing transaction for event code 2 PERIODIC |
06:44:47, 08 Apr. | (2115985.530000) CWMP: session closed due to error: Could not resolve host |
06:44:47, 08 Apr. | (2115985.480000) CWMP: Server URL: https://ceased.tr69.p; Connecting as user: ACS username |
06:44:47, 08 Apr. | (2115985.470000) CWMP: Session start now. Event code(s): '0 BOOTSTRAP,2 PERIODIC,4 VALUE CHANGE' |
12:24:14, 07 Apr. | (2049952.650000) CWMP: Initializing transaction for event code 2 PERIODIC |
06:44:47, 07 Apr. | (2029585.200000) CWMP: session closed due to error: Could not resolve host |
06:44:47, 07 Apr. | (2029585.150000) CWMP: Server URL: https://ceased.tr69.p; Connecting as user: ACS username |
06:44:46, 07 Apr. | (2029585.140000) CWMP: Session start now. Event code(s): '0 BOOTSTRAP,2 PERIODIC,4 VALUE CHANGE' |
12:24:13, 06 Apr. | (1963552.650000) CWMP: Initializing transaction for event code 2 PERIODIC |
06:44:45, 06 Apr. | (1943184.870000) CWMP: session closed due to error: Could not resolve host |
So I think there are two things going on.
1) The Plex Media Server is opening ports using UPnP which is probably perfectly normal...
2) The router is doing TR069 type activities which is perfectly normal
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- Re: Port Forwarding Rule Added - Unattended