cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Remote Admin Attacks even after changing public IP address

FIXED
croc345
Hooked
Posts: 5
Thanks: 1
Fixes: 1
Registered: ‎05-05-2021

Remote Admin Attacks even after changing public IP address

‎05-05-2021 3:33 PM

Been suffering a number of DSL drop outs recently so been in and out of the router logs.  Last night I started being attacked with the logs full of :- 

IN: BLOCK [16] Remote administration (TCP [64.246.161.26]:41744->[xxx.xxx.x.xxx]:80 on ppp3)

Occurring every min of so for the last 16 hours.

I thought I'd be clever and try to change my public IP address by disconnected the router from PPPoE, waiting 20 min and then reconnecting so I'd hopefully get a new public IP address which I did.  I though this would throw off the hackers but no.  One minute later even with a completely new IP address the attacks continued.

I know the firewall should be protecting me but I was surprised the IP change didn't buy me some time.

Anyone have an insight ?

Message 1 of 5
(946 Views)
0 Thanks
4 REPLIES 4
croc345
Hooked
Posts: 5
Thanks: 1
Fixes: 1
Registered: ‎05-05-2021

Re: Remote Admin Attacks even after changing public IP address

‎06-05-2021 5:34 PM

Interestingly, although there are loads of source IP addresses scanning me, when I look them up I find they are mostly associated with so called securing companies.

https://support.censys.io/hc/en-us/articles/360059603231-Censys-Internet-Scanning-Intro

nameintel.com

Maybe someone is blast the whole plusnet subnet I'm on.

Message 2 of 5
(894 Views)
0 Thanks
Mav
Moderator
Moderator
Posts: 22,392
Thanks: 4,736
Fixes: 515
Registered: ‎06-04-2007

Re: Remote Admin Attacks even after changing public IP address

‎06-05-2021 6:05 PM

Moderator's note(s):

Thread moved from ADSL Broadband to My Router.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Message 3 of 5
(886 Views)
0 Thanks
corringham
Seasoned Champion
Posts: 1,232
Thanks: 650
Fixes: 16
Registered: ‎25-09-2015

Re: Remote Admin Attacks even after changing public IP address

‎06-05-2021 10:12 PM

Censys claim to scan every public IPv4 address (hundreds of millions) every 16 hours on average. There are a lot of similar security companies doing the same thing, so you will see a lot of such "attacks" even without any bad actors.

Your router will block these - even any malicious ones - so I wouldn't worry about them.

Message 4 of 5
(852 Views)
0 Thanks
croc345
Hooked
Posts: 5
Thanks: 1
Fixes: 1
Registered: ‎05-05-2021

Re: Remote Admin Attacks even after changing public IP address

Fix

‎08-05-2021 12:54 PM

In case this helps anyone else ....

I didn't realise but Plusnet have a broadband firewall (in the network) as well as the one in your router.

https://www.plus.net/help/broadband/about-plusnets-broadband-firewall/

 

I guess this is OFF by default.   I enabled mine and after a while the Remote Admin attempts  has dropped to zero but it a few reboots of my DSL router to kick in.

 

Message 5 of 5
(800 Views)