cancel
Showing results for 
Search instead for 
Did you mean: 

Remote administration?

fairb
Grafter
Posts: 30
Thanks: 5
Registered: ‎11-02-2019

Remote administration?

No wifi this morning and router needed to be restarted. Checked the event logs on the router. At 22:51 last night the log started filling up with Remote administration events. This went on until 07:51 this morning at which point the router started repeatedly disassociating / associating devices. It would appear that my router locked-up because of the remote access? Who's accessing it?

2019-05-29_09h32_49.png

2019-05-29_09h33_54.png

 

 

 

 

 

6 REPLIES 6
fairb
Grafter
Posts: 30
Thanks: 5
Registered: ‎11-02-2019

Re: Remote administration?

Sorry, I should have read other threads and saw that the firewall seemed to be blocking malicious attempts to get in. Only thing is that looking up the IP addresses it would seem that the attack is coming from many places around the world. (Or is the attacker just prox'ing in?) Also, my router died in the end?

MasterOfReality
Plusnet Help Team
Plusnet Help Team
Posts: 1,639
Thanks: 275
Fixes: 57
Registered: ‎26-03-2018

Re: Remote administration?

Hi @fairb 

 

Looks like the router was doing it's job and blocking any unwanted access. 

 

If they are proxying then it would explain the various locations yes. 

 

I can see that the connection is back up and running - have you noticing anything akin to this since? 

 

Thanks, 

MoR

If this post resolved your issue please click the 'This fixed my problem' button
 MoR
 Plusnet Help Team
fairb
Grafter
Posts: 30
Thanks: 5
Registered: ‎11-02-2019

Re: Remote administration?

Yes, it’s running good now thanks. It’s been pretty solid since one of you guys upgraded the firmware so I was just a bit surprised it had gone down this morning. That’s why I had a look through the event log. It had been blocking all night and then it started disconnecting devices. Hopefully this is a one off. Thanks for getting back to me.

Nautoshark
Hooked
Posts: 8
Thanks: 2
Registered: ‎27-03-2019

Re: Remote administration?

I got the same as this today. Lots of Remote Access being blocked which seems to result in my Internet / Router dropping out and me not being able to access the internet. 

It seems to happen most days in the early afternoon. 

Anything we can do to improve this? (ie not lose internet)

 

14:14:24, 10 Jun. IN: BLOCK [16] Remote administration (TCP [149.129.50.37]:40832-​>[46.208.222.183]:8080 on ppp3)
14:11:22, 10 Jun. IN: BLOCK [16] Remote administration (TCP [62.231.7.220]:61063-​>[46.208.222.183]:22 on ppp3)
14:05:13, 10 Jun. IN: BLOCK [16] Remote administration (TCP [176.57.70.76]:40654-​>[46.208.222.183]:22 on ppp3)
14:00:11, 10 Jun. IN: BLOCK [16] Remote administration (TCP [185.244.25.136]:40126-​>[46.208.222.183]:8080 on ppp3)
13:50:09, 10 Jun. IN: BLOCK [16] Remote administration (TCP [185.208.208.144]:56319-​>[46.208.222.183]:80 on ppp3)
13:49:37, 10 Jun. BLOCKED 2 more packets (because of ICMP replay)
13:49:35, 10 Jun. OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 46.208.222.183-​>52.213.206.42 on ppp3)
13:45:16, 10 Jun. IN: BLOCK [16] Remote administration (TCP [42.56.89.100]:51281-​>[46.208.222.183]:22 on ppp3)
13:42:34, 10 Jun. IN: BLOCK [16] Remote administration (TCP [184.105.139.112]:35467-​>[46.208.222.183]:8080 on ppp3)
13:35:54, 10 Jun. IN: BLOCK [16] Remote administration (TCP [185.244.25.136]:49068-​>[46.208.222.183]:8080 on ppp3)
13:31:41, 10 Jun. IN: BLOCK [16] Remote administration (TCP [110.90.72.125]:57213-​>[46.208.222.183]:22 on ppp3)
13:21:38, 10 Jun. IN: BLOCK [16] Remote administration (TCP [201.221.140.146]:19560-​>[46.208.222.183]:8080 on ppp3)
13:13:30, 10 Jun. IN: BLOCK [16] Remote administration (TCP [180.249.56.229]:35476-​>[46.208.222.183]:80 on ppp3)
12:52:30, 10 Jun. BLOCKED 2 more packets (because of ICMP replay)
12:52:29, 10 Jun. OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 46.208.222.183-​>40.100.175.146 on ppp3)
12:50:40, 10 Jun. IN: BLOCK [16] Remote administration (TCP [112.245.223.173]:8330-​>[46.208.222.183]:22 on ppp3)
12:49:22, 10 Jun. ath10: STA 30:07:4d:e7:c5:d1 IEEE 802.11: WiFi registration failed
12:48:33, 10 Jun. IN: BLOCK [16] Remote administration (TCP [125.227.31.186]:36500-​>[46.208.222.183]:80 on ppp3)
12:43:29, 10 Jun. IN: BLOCK [16] Remote administration (TCP [80.82.70.118]:60000-​>[46.208.222.183]:8080 on ppp3)
12:30:05, 10 Jun. IN: BLOCK [16] Remote administration (TCP [93.95.190.126]:58915-​>[46.208.222.183]:80 on ppp3)
12:29:59, 10 Jun. IN: BLOCK [16] Remote administration (TCP [216.243.31.2]:41923-​>[46.208.222.183]:80 on ppp3)
12:23:49, 10 Jun. IN: BLOCK [16] Remote administration (TCP [89.248.169.12]:52117-​>[46.208.222.183]:80 on ppp3)
12:21:08, 10 Jun. IN: BLOCK [16] Remote administration (TCP [185.244.25.136]:48520-​>[46.208.222.183]:8080 on ppp3)
12:07:53, 10 Jun. IN: BLOCK [16] Remote administration (TCP [39.91.5.150]:39636-​>[46.208.222.183]:22 on ppp3)
11:50:13, 10 Jun. IN: BLOCK [16] Remote administration (TCP [177.198.69.42]:10134-​>[46.208.222.183]:8080 on ppp3)
11:49:47, 10 Jun. IN: BLOCK [16] Remote administration (TCP [173.208.232.48]:45817-​>[46.208.222.183]:22 on ppp3)
11:49:47, 10 Jun. IN: BLOCK [16] Remote administration (TCP [173.208.232.48]:45816-​>[46.208.222.183]:22 on ppp3)
11:47:51, 10 Jun. IN: BLOCK [16] Remote administration (TCP [175.138.87.102]:28671-​>[46.208.222.183]:22 on ppp3)
11:43:52, 10 Jun. IN: BLOCK [16] Remote administration (TCP [134.209.82.3]:33363-​>[46.208.222.183]:22 on ppp3)
11:35:40, 10 Jun. IN: BLOCK [16] Remote administration (TCP [58.242.82.3]:49825-​>[46.208.222.183]:22 on ppp3)
11:29:33, 10 Jun. IN: BLOCK [16] Remote administration (TCP [185.244.25.136]:36766-​>[46.208.222.183]:8080 on ppp3)
11:27:18, 10 Jun. IN: BLOCK [16] Remote administration (TCP [103.133.105.35]:42322-​>[46.208.222.183]:22 on ppp3)
11:26:30, 10 Jun. IN: BLOCK [16] Remote administration (TCP [191.115.74.63]:28852-​>[46.208.222.183]:8080 on ppp3)
11:25:42, 10 Jun. IN: BLOCK [16] Remote administration (TCP [58.39.15.18]:60489-​>[46.208.222.183]:22 on ppp3)
11:24:11, 10 Jun. ath00: STA 30:07:4d:e7:c5:d1 IEEE 802.11: WiFi registration failed
11:24:08, 10 Jun. IN: BLOCK [16] Remote administration (TCP [60.180.1.135]:13333-​>[46.208.222.183]:22 on ppp3)
11:22:32, 10 Jun. (3606924.520000) NTP synchronization success!

 

Nautoshark
Hooked
Posts: 8
Thanks: 2
Registered: ‎27-03-2019

Re: Remote administration?

Dropped again, seems like constant attack:

14:57:34, 10 Jun. IN: BLOCK [16] Remote administration (TCP [208.93.152.17]:50234-​>[46.208.222.183]:443 on ppp3)
14:55:09, 10 Jun. (3619679.030000) Admin login successful by 192.168.1.64 on HTTP
14:54:44, 10 Jun. (3619653.910000) New GUI session from IP 192.168.1.64
14:52:49, 10 Jun. IN: BLOCK [16] Remote administration (TCP [103.133.105.35]:54506-​>[46.208.222.183]:22 on ppp3)
14:48:12, 10 Jun. IN: BLOCK [16] Remote administration (TCP [106.118.18.171]:41029-​>[46.208.222.183]:22 on ppp3)
14:46:37, 10 Jun. IN: BLOCK [16] Remote administration (TCP [103.133.105.35]:54191-​>[46.208.222.183]:22 on ppp3)
14:40:55, 10 Jun. IN: BLOCK [16] Remote administration (TCP [112.111.170.179]:16650-​>[46.208.222.183]:22 on ppp3)
14:37:35, 10 Jun. IN: BLOCK [16] Remote administration (TCP [138.255.186.19]:53171-​>[46.208.222.183]:8080 on ppp3)
14:29:50, 10 Jun. IN: BLOCK [16] Remote administration (TCP [162.243.140.86]:59169-​>[46.208.222.183]:443 on ppp3)
14:28:23, 10 Jun. (3618072.760000) New GUI session from IP 192.168.1.64
RandallFlagg
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 1,915
Fixes: 75
Registered: ‎11-01-2018

Re: Remote administration?

 

Hi @Nautoshark

 

Thanks for sharing this - I've checked your account and there are no physical drops (externally).

 

Unfortunately, as per the above, there's not a great deal we can do in terms of the remote connections - the router is doing what it should to block these and we have no control over 3rd parties attempting to access your router.

 

When you're seeing a loss of connectivity, does the router change in any way (lights etc)? Do the drops occur via both wired and a wifi connection?
 

Best wishes

 

Dave