cancel
Showing results for 
Search instead for 
Did you mean: 

Multiple attempts to access router

WhatsWrongNow
Grafter
Posts: 57
Thanks: 1
Registered: ‎27-05-2018

Multiple attempts to access router

Been having a lot of issues with speed - speed tests are okay but the actual speed doesn't resemble what we see.

 

Yesterday I looked at the hub log and noticed that all day there was a circle of three ports opening (9091 9092 and 9093) adding a port forwarding rule, deleting a port forwarding rule, closing the connection then opening the next one.  This has been going on as far as the log goes back.  I reset the hub and this has stopped however there are multiple instances of something trying to remote in and getting blocked.  Now I know there are those that will say ignore it its the firewall doing its job however these are 6-15 an hour all from different IPs - the first few being USA, Ukraine, Netherlands, China and Brazil.

Can anyone throw any light on this 

163.158.118.83
143.0.60.93
184.105.139.67
116.62.168.116
36.189.253.232
37.49.224.150
196.52.43.90
104.192.224.10
107.170.194.164
193.106.31.194
189.78.66.109
5.160.215.184
185.143.223.12
58.218.66.104
221.229.166.69
182.119.228.20
150.255.6.1
182.119.228.20
223.166.74.229
182.119.228.20
223.166.74.214
121.225.246.10
150.255.86.79
216.201.240.242
209.17.96.58
19 REPLIES 19
RandallFlagg
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 1,915
Fixes: 75
Registered: ‎11-01-2018

Re: Multiple attempts to access router

 

Hi @WhatsWrongNow

 

Thanks for getting in touch.

 

This is a tough one to diagnose as the IP's you've highlighted are from a range of purported locations and sources. From our perspective, I'd recommend ensuring that your router admin password is secure and that any internal firewalls you have on your devices along with anti-virus etc are up to date.

 

Other than that, I'd perhaps throw this open to our community and the hallowed knowledge of @bobpullen to see if they have any further ideas.

 

As you've stated, the firewall on the router IS doing its job by logging the access and blocking it, so there's no imminent danger to your connection.

 

Best wishes

 

Dave

 

 

bobpullen
Community Gaffer
Community Gaffer
Posts: 15,165
Thanks: 2,828
Fixes: 174
Registered: ‎04-04-2007

Re: Multiple attempts to access router


@WhatsWrongNow wrote:

Yesterday I looked at the hub log and noticed that all day there was a circle of three ports opening (9091 9092 and 9093) adding a port forwarding rule, deleting a port forwarding rule, closing the connection then opening the next one. 

That's probably something on your LAN/WLAN using UPnP to open ports for communication. I'd be surprised if it's anything sinister.

 

Now I know there are those that will say ignore it its the firewall doing its job however these are 6-15 an hour all from different IPs - the first few being USA, Ukraine, Netherlands, China and Brazil.

Can anyone throw any light on this 

You can ignore this. It's just the firewall doing its job Wink

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

WhatsWrongNow
Grafter
Posts: 57
Thanks: 1
Registered: ‎27-05-2018

Re: Multiple attempts to access router

I’m trying to laugh Bob honest but I’m seeing hundreds of these everyday and I mean HUNDREDS and whatever my router is doing that may be normal surely it’s NOT normal to have hundreds of addresses in tens of Countries trying to remote in?

The ports I mentioned are coming up as gaming for championship master commonly used.

UDP is blocked because it causes huge problems if not.

I get that you’d “be surprised if it was anything sinister” and it get that the router is stopping these attempts. What I don’t get is why the world is trying to access us in the first place
Alex
Community Veteran
Posts: 5,169
Thanks: 782
Fixes: 12
Registered: ‎05-04-2007

Re: Multiple attempts to access router

Yep @WhatsWrongNow

It sounds like it is just one of those things and there is not much you can do. I take it you don't do gaming or run servers? So you have no ports open and the router is doing its job, though I can understand your concern about the number of attempts.

Maybe @bobpullen can check your account to make sure whether he can see something going on their side.

bobpullen
Community Gaffer
Community Gaffer
Posts: 15,165
Thanks: 2,828
Fixes: 174
Registered: ‎04-04-2007

Re: Multiple attempts to access router

So you've explicitly disabled UPnP in the router interface?

If the probes were to have an impact on your speed then I'd expect to see this reflected in your usage, which at a glance is pretty low.

As to why - the Internet is a funny place. You do have a static IP, so if somebody was intentionally (repeatedly) targeting you, then I guess that makes it a tad easier. Unless you can think of a reason why somebody would do this though, then it's unlikely.

A quick scan of your device doesn't show anything open that shouldn't be.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

WhatsWrongNow
Grafter
Posts: 57
Thanks: 1
Registered: ‎27-05-2018

Re: Multiple attempts to access router

I shouldn’t have a static IP, how and why would this happen? On Monday I have screen shots taken for something else that shows the address changed after a reset of the hub
bobpullen
Community Gaffer
Community Gaffer
Posts: 15,165
Thanks: 2,828
Fixes: 174
Registered: ‎04-04-2007

Re: Multiple attempts to access router

Apologies, you don't. I was looking at the wrong thing Embarrassed

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Marksfish
Seasoned Pro
Posts: 1,042
Thanks: 269
Fixes: 4
Registered: ‎22-11-2014

Re: Multiple attempts to access router

Perhaps your router has re- synced recently and the previous ip address owner was a gamer? Would explain the origins being of the gaming ilk.

Mark

WhatsWrongNow
Grafter
Posts: 57
Thanks: 1
Registered: ‎27-05-2018

Re: Multiple attempts to access router

Sounds plausible except for the fact I had it exchanged because it was. “Remembering” old IP Addresses (internal side local devices) and not handing them out and also giving two devices the same address as eachother
WhatsWrongNow
Grafter
Posts: 57
Thanks: 1
Registered: ‎27-05-2018

Re: Multiple attempts to access router

Sorry Bob yes UPNP is explicitly turned off on the router interface
WhatsWrongNow
Grafter
Posts: 57
Thanks: 1
Registered: ‎27-05-2018

Re: Multiple attempts to access router

114 different IP address blocks so far today
WhatsWrongNow
Grafter
Posts: 57
Thanks: 1
Registered: ‎27-05-2018

Re: Multiple attempts to access router

@bobpullen uPNP is specifically turned off however I am seeing a lot of SSDP traffic on port 1900 for x user agent redsonic
markhawkin
Pro
Posts: 418
Thanks: 59
Fixes: 8
Registered: ‎17-07-2016

Re: Multiple attempts to access router

@WhatsWrongNow

At a guess, you have a Chromecast.

 

 

I find my IP address is endlessly scanned and probed by those looking for a vulnerability.

Keep a good eye on such matters but don't think you are being specially selected for this attention.

 

 

I am the satisfied customer....
WhatsWrongNow
Grafter
Posts: 57
Thanks: 1
Registered: ‎27-05-2018

Re: Multiple attempts to access router

No I don’t have chromecast