Firewall Activity
FIXED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Re: Firewall Activity
22-05-2019 9:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is someone trying to hack me here, or is this PlusNet Maintenance Login attempts, if the latter, wouldn't it be a TR069 connection ? . Am waiting to fit my Draytek back in, but the PN1 is in while my line speed is sorted, the DT hardly had any firewall activity in the logs ?. Used to see a lot of Spoofing Protection as well, 2 every minute, has anyone else experienced this ?
Thanks.
IN: BLOCK [16] Remote administration (TCP [49.77.0.198]:38576->[146.200.141.101]:22 on ppp3)
20:57:46, 22 May.
IN: BLOCK [16] Remote administration (TCP [52.67.148.139]:38200->[146.200.141.101]:8080 on ppp3)
20:56:51, 22 May.
IN: BLOCK [16] Remote administration (TCP [81.22.45.106]:49122->[146.200.141.101]:8080 on ppp3)
20:49:05, 22 May.
IN: BLOCK [16] Remote administration (TCP [194.55.187.2]:49744->[146.200.141.101]:80 on ppp3)
20:47:29, 22 May.
IN: BLOCK [16] Remote administration (TCP [212.170.162.32]:34765->[146.200.141.101]:8080 on ppp3)
20:20:10, 22 May.
IN: BLOCK [16] Remote administration (UDP [196.52.43.58]:50674->[146.200.141.101]:161 on ppp3)
20:16:57, 22 May.
IN: BLOCK [16] Remote administration (TCP [92.118.37.91]:36806->[146.200.141.101]:443 on ppp3)
Fixed! Go to the fix.
Re: Firewall Activity
22-05-2019 9:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This topic has been moved from Fibre Broadband to My Router.
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Re: Firewall Activity
22-05-2019 9:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi there @Jimbowe
These types of logs are nothing to worry about. In fact it's actually a reassurance.
These logs are essentially your network firewall doing its job and rejecting anything it doesn't like.
It is often called 'Internet background radiation'. The term reflects fundamentally nonproductive traffic, either malicious (flooding backscatter, scans for vulnerabilities, worms) or benign (misconfigurations).
Basically there's always things bumping into your network. If its unwanted, your firewall will reject it. This is then collected in logs like the ones you've shown.
I hope this information helps.
22-05-2019 10:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Just to mirror what Matt has written....
Those events are the routers firewall doing it's job.
For example, the
IN: BLOCK [16] Remote administration (TCP [49.77.0.198]:38576->[146.200.141.101]:22 on ppp3)
is an IP, in this case 49.77.0.198 on port 38576 tried to access your routers IP 146.22.xxx.xxx on port 22, but the router blocked it.
If you want to know, it is located in China and the coordinates for that device is 32°03'43.2"N 118°46'40.8"E
From the testing I did, the Spoofing Protection occurs when the router sees a wired device that then moves to wifi. This can happen when you jump from another wireless AP on your network to the routers wifi too (I run a secondary router and as this connects to my primary via ethernet, the primary thinks devices on that other router are wired when they are indeed wifi only).
Re: Firewall Activity
22-05-2019 11:31 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Learning all the time !
Re: Firewall Activity
23-05-2019 12:09 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
No problem Jimbowe
Whilst you continue to use a PNH1 (or a BT router for that matter), believe me, the learning never actually stops!!
(pointless info, but the PNH1 is actually a BT home hub 5, it just wears a different coloured coat running the PN variant of software)
I did notice that the latest software (ending 263), which having looked at your other thread, your router is running it, does show more events in the event log, which actually isn't a bad thing once you get used to what they all mean
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page