cancel
Showing results for 
Search instead for 
Did you mean: 

TD-W9980 setup (part 2)

graemev
Grafter
Posts: 69
Thanks: 2
Registered: ‎13-06-2018

TD-W9980 setup (part 2)

It seems the original thread of this has been locked, so it's hard to go between on part and another.

The original discussion starts here: https://community.plus.net/t5/My-Router/TD-W9980-setup/m-p/1600041#M9206 . Of course there's no way to point that thread at this. So if somebody hits that problem and we come up with a solution here  , they may well not find it.

 

Anyhow following the suggestions there I now replaced the modem with a Vigor 2860 . The errors are now even more frequent than they were on the original TD-W9980. The syslog settings on the Vigor seems a little wobbly some views show only old data, but downloading the syslog from the USB stick (via FTP) reveals the full data.

 



<158>Mar 26 05:54:47 DrayTek: PPP Closed : LCP Time-out ()
<129>Mar 26 05:54:47 DrayTek: PPP Closed : LCP Time-out ()
<141>Mar 26 05:54:47 DrayTek: PPP Closed : LCP Time-out ()
<141>Mar 26 05:54:47 DrayTek: [PPTP][@92.63.194.26] pppShutdown

 

I;m still investigating (the box got lots of legitimate reboots during setup)

 

HOWEVER I got a friend to run an nmap on my IP and he found 443 (HTTPS) and 1723 (PPTP)  were wide open. The log also shows:  (just before the above error)



<141>Mar 26 05:54:38 DrayTek: Destroy pptp connection ifno: 10, socket: -1
<141>Mar 26 05:54:38 DrayTek: PPTP accept client from 92.63.194.58:39059 ...
<158>Mar 26 05:54:38 DrayTek: PPP Start ()
<141>Mar 26 05:54:38 DrayTek: PPP Start ()
<141>Mar 26 05:54:38 DrayTek: PPTP (VPN-0) ==> Protocol:LCP(c021) ConfReq Identifier:0x00 Authentication Type: CHAP 81 Magic Number: 0x1 ##
<141>Mar 26 05:54:38 DrayTek: PPTP (VPN-0) <== Protocol:LCP(c021) ConfReq Identifier:0x01 Magic Number: 0xa4251cf6 Identifier:0x00 ##
<141>Mar 26 05:54:38 DrayTek: PPTP (VPN-0) ==> Protocol:LCP(c021) ConfAck Identifier:0x01 Magic Number: 0xa4251cf6 ##
<141>Mar 26 05:54:38 DrayTek: PPTP (VPN-0) <== Protocol:LCP(c021) ConfAck Identifier:0x00 Authentication Type: CHAP 81 Magic Number: 0x1 ##
<141>Mar 26 05:54:38 DrayTek: PPTP (VPN-0) ==> Protocol:CHAP(c223) Challenge Identifier:0x01 10 ea 6a e4 7e db 6a d6 1e cd 12 f8 0e 0f 02 1a 3e 44 72 61 79 54 65 6b ##
<141>Mar 26 05:54:38 DrayTek: PPTP (VPN-0) <== Protocol:CHAP(c223) Response Identifier:0x01 31 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 00 00 00 00 00 00 00 00 ff b5 9e 86 3e 4f f6 31 b9 0c f3 4f cf 01 3b d2 f9 0b 10 c5 81 f5 f9 7b 00 61 64 6d 69 6e ##
<158>Mar 26 05:54:38 DrayTek: Incoming Call Failed : No Such Entry for admin
<141>Mar 26 05:54:38 DrayTek: Incoming Call Failed : No Such Entry for admin
<141>Mar 26 05:54:38 DrayTek: PPTP (VPN-0, admin) ==> Protocol:CHAP(c223) Failure Identifier:0x01 E=691 R=1 C=EA6AE47EDB6AD61ECD12F80E0F021A3E V=0 M=Good luck! ##
<158>Mar 26 05:54:38 DrayTek: CHAP Login Failed () -
<141>Mar 26 05:54:38 DrayTek: CHAP Login Failed () -
<141>Mar 26 05:54:38 DrayTek: [PPTP][Radius/LDAP][0:admin][@92.63.194.58] CHAP resp: authentication fail
<141>Mar 26 05:54:38 DrayTek: [PPTP][@92.63.194.58] pppShutdown
<141>Mar 26 05:54:38 DrayTek: PPTP (VPN-0) ==> Protocol:LCP(c021) TermReq Identifier:0x01 ##
<141>Mar 26 05:54:38 DrayTek: [PPTP][Radius/LDAP][0:admin][@92.63.194.58] I/O read error, fast close
<141>Mar 26 05:54:38 DrayTek: [PPTP][@92.63.194.58] pppShutdown
<141>Mar 26 05:54:38 DrayTek: Destroy pptp connection ifno: 10, socket: -1
<141>Mar 26 05:54:38 DrayTek: PPTP accept client from 92.63.194.26:42984 ...
<158>Mar 26 05:54:39 DrayTek: PPP Start ()
<141>Mar 26 05:54:39 DrayTek: PPP Start ()
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0) ==> Protocol:LCP(c021) ConfReq Identifier:0x00 Authentication Type: CHAP 81 Magic Number: 0x1 ##
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0) <== Protocol:LCP(c021) ConfReq Identifier:0x01 Magic Number: 0xa4251cf6 Identifier:0x00 ##
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0) ==> Protocol:LCP(c021) ConfAck Identifier:0x01 Magic Number: 0xa4251cf6 ##
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0) <== Protocol:LCP(c021) ConfAck Identifier:0x00 Authentication Type: CHAP 81 Magic Number: 0x1 ##
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0) ==> Protocol:CHAP(c223) Challenge Identifier:0x01 10 07 77 09 83 16 b7 1b a3 60 af 75 93 62 9f 97 83 44 72 61 79 54 65 6b ##
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0) <== Protocol:CHAP(c223) Response Identifier:0x01 31 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 00 00 00 00 00 00 00 00 5f 57 1f a5 e9 c0 39 b2 31 74 b8 70 8f ac a6 f3 7d 74 48 13 e6 b7 fd 51 00 67 75 65 73 74 ##
<158>Mar 26 05:54:39 DrayTek: Incoming Call Failed : No Such Entry for guest
<141>Mar 26 05:54:39 DrayTek: Incoming Call Failed : No Such Entry for guest
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0, guest) ==> Protocol:CHAP(c223) Failure Identifier:0x01 E=691 R=1 C=0777098316B71BA360AF7593629F9783 V=0 M=Good luck! ##
<158>Mar 26 05:54:39 DrayTek: CHAP Login Failed () -
<141>Mar 26 05:54:39 DrayTek: CHAP Login Failed () -
<141>Mar 26 05:54:39 DrayTek: [PPTP][Radius/LDAP][0:guest][@92.63.194.26] CHAP resp: authentication fail
<141>Mar 26 05:54:39 DrayTek: [PPTP][@92.63.194.26] pppShutdown
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0) ==> Protocol:LCP(c021) TermReq Identifier:0x01 ##
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0) <== Protocol:LCP(c021) TermReq Identifier:0x01 75 6e 6b 6e 6f 77 6e ##
<141>Mar 26 05:54:39 DrayTek: PPTP (VPN-0) ==> Protocol:LCP(c021) TermAck Identifier:0x01 ##
<141>Mar 26 05:54:39 DrayTek: [PPTP][Radius/LDAP][0:guest][@92.63.194.26] I/O read error, fast close
<141>Mar 26 05:54:39 DrayTek: [PPTP][@92.63.194.26] pppShutdown
<141>Mar 26 05:54:39 DrayTek: Destroy pptp connection ifno: 10, socket: -1
<150>Mar 26 05:54:39 DrayTek: Local User (MAC=00-01-2E-6E-B9-92): 10.117.3.120:37340 -> 216.58.198.174:443 (TCP)
<166>Mar 26 05:54:41 DrayTek: WAN1 PPPoE <== Protocol:LCP(c021) EchoReq Identifier:0xA6 Magic Number: 0x494a 35 54 ##
<166>Mar 26 05:54:41 DrayTek: WAN1 PPPoE ==> Protocol:LCP(c021) EchoRep Identifier:0xA6 Magic Number: 0x0 00 00 ##
<150>Mar 26 05:54:44 DrayTek: Local User (MAC=00-01-2E-6E-B9-92): 10.117.3.120:39016 -> 216.58.213.98:443 (TCP)
<150>Mar 26 05:54:44 DrayTek: Local User (MAC=00-01-2E-6E-B9-92): 10.117.3.120 -> 8.8.8.8 (ICMP) Echo
<150>Mar 26 05:54:44 DrayTek: Local User: 8.8.8.8 -> 10.117.3.120 (ICMP) Echo Reply
<150>Mar 26 05:54:45 DrayTek: Local User (MAC=00-01-2E-6E-B9-92): 10.117.3.120 -> 8.8.8.8 (ICMP) Echo
<150>Mar 26 05:54:45 DrayTek: Local User: 8.8.8.8 -> 10.117.3.120 (ICMP) Echo Reply
<141>Mar 26 05:54:47 DrayTek: [PPTP][@92.63.194.26] pppShutdown
<158>Mar 26 05:54:47 DrayTek: PPP Closed : LCP Time-out ()
<129>Mar 26 05:54:47 DrayTek: PPP Closed : LCP Time-out ()
<141>Mar 26 05:54:47 DrayTek: PPP Closed : LCP Time-out ()
9 REPLIES 9
bobpullen
Community Gaffer
Community Gaffer
Posts: 14,832
Thanks: 2,423
Fixes: 163
Registered: ‎04-04-2007

Re: TD-W9980 setup (part 2)

For clarity, what exactly is the problem?
Your logs show PPP disconnections that could be the result of a number of things, most likely a drop in sync.
The PPTP logs show what looks to be a VPN connection attempt from a Russian IP.
Those ports shouldn't be open, unless you're doing something intentional with them. Same can be said for the VPN endpoint. It should be disabled if it's not required.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

graemev
Grafter
Posts: 69
Thanks: 2
Registered: ‎13-06-2018

Re: TD-W9980 setup (part 2)

This is obfuscated because the thread has been locked .

In the original thread I had a TD-W9980 and was getting "drops" about every 3 days. There followed a long an protracted sequence of devices swaps etc, which resulted in the decision that it was a problem of the router. The suggested "fix" was a Draytek Vigor 2680 . This took a lot of time to get installed. Now it's done:

 

1: The "fault" (if fault it is) is still there

2: I was rather shocked to discover the Vigor had (in many level of sub menu) two ports open on the WAN side. One to allow HTTPS to the admin console and the second to the VPN. This seemed a very poor default setup . They did not show up at any top level . On other routers I've had , ports open were explicitly listed . I was only able to find these because I asked a friend to use nmap to portscan my IP.

 

In the past my TD-W9980 was also attacked. This time they were trying to brute force my SSH using multiple attacking addresses (I must dig out the logs and see if it's the same addresses)

 

On the VIGOR 2860, the PPTP port being "open" was a mistake ... but I feel more by Draytek than me (it was distinctly non-obvious that it was open and why on earth was that the default after a factory reset and new firmware install) however it did point to a coincidence of timing. It could be the 3 day cycle of line drops was triggered when the attacker was focusing their attentions on me (BTW I see it as being in the Netherlands -->  https://www.abuseipdb.com/check/92.63.194.58   ...ahh the 92.63.194.26 site, indeed Russia)

 

So the results over past 21 months of test are:

 

  • TD-W9980 0 drops connection MTBF approx 3.5 days (seen locally and on PlusNet side)
  • Old style 2 box PlusNet solution ... no drops (seen on Plusnet side)
  • Vigor 2860 Looks like I might still be getting drops, but there were config errors , so I'll wait and see

This is not really a new thread, simply an update to a long ongoing problem.

 

 

graemev
Grafter
Posts: 69
Thanks: 2
Registered: ‎13-06-2018

Re: TD-W9980 setup (part 2)

OK, about 18 months on and several swaps of kit, it looks like the original issue is unresolved:

 

So the original message from TD-W9980 was

 

<13>1 2018-06-12T19:57:43.189503+01:00 DHCPD - - - DHCPD: Recv REQUEST from <MAC1>
<13>1 2018-06-12T19:57:43.689697+01:00 DHCPD - - - DHCPD: Send ACK to 192.168.1.109

<13>1 2018-06-12T20:15:22.452769+01:00 DSL - - - DSL: xDSL Leave Showtime!!
<13>1 2018-06-12T20:15:22.671168+01:00 DSL - - - DSL: xDSL Leave Showtime!!
<11>1 2018-06-12T20:15:23.613823+01:00 PPP - - - PPP: ppp0 User request
<11>1 2018-06-12T20:15:23.614893+01:00 PPP - - - PPP: ppp0 LCP down
<12>1 2018-06-12T20:15:23.615632+01:00 PPP - - - PPP: ppp0 LCP down
<14>1 2018-06-12T20:15:23.616498+01:00 PPP - - - PPP: ppp0 sent [LCP TermReq id=0x3 "User request"]

<14>1 2018-06-12T20:15:26.607307+01:00 PPP - - - PPP: ppp0 sent [LCP TermReq id=0x4 "User request"]
<13>1 2018-06-12T20:15:26.794873+01:00 DSL - - - DSL: xDSL Ready!!
<11>1 2018-06-12T20:15:29.999404+01:00 PPP - - - PPP: ppp0
<13>1 2018-06-12T20:15:30.793437+01:00 DSL - - - DSL: xDSL Handshake!!
<13>1 2018-06-12T20:15:33.794808+01:00 DSL - - - DSL: xDSL Training!!
<13>1 2018-06-12T20:15:54.863876+01:00 DSL - - - DSL: xDSL Enter Showtime!!
<14>1 2018-06-12T20:15:58.706667+01:00 PPP - - - PPP: ppp0 sent [PADI Host-Uniq(0x00000e7e)]

As seen  https://community.plus.net/t5/My-Router/TD-W9980-setup/td-p/1545815

 

The new message (which looks like the same issue to me) as reported by the VIGOR is:

 

 


<174>Apr 3 12:12:22 DrayTek: ADSL_Status:[Mode=17A States=SHOWTIME UpSpeed=9148000 DownSpeed=45811000 SNR=3 Atten=22 ]
<174>Apr 3 12:12:50 DrayTek: ADSL_Status:[Mode=17A States=SHOWTIME UpSpeed=9148000 DownSpeed=45811000 SNR=3 Atten=22 ]
<174>Apr 3 12:13:18 DrayTek: ADSL_Status:[Mode=17A States=SHOWTIME UpSpeed=9148000 DownSpeed=45811000 SNR=1 Atten=22 ]
<166>Apr 3 12:13:45 DrayTek: statistic: WAN1: Tx 218 Kbps, Rx 3866 Kbps (5 min average)
<166>Apr 3 12:13:45 DrayTek: statistic: Session Usage: 332 (5 min average)
<174>Apr 3 12:13:46 DrayTek: ADSL_Status:[Mode=17A States=SHOWTIME UpSpeed=9148000 DownSpeed=45811000 SNR=0 Atten=22 ]
<158>Apr 3 12:14:08 DrayTek: PPP Closed : Remote Terminating (PPPoE)
<166>Apr 3 12:14:08 DrayTek: WAN1 PPPoE ==> Protocol:LCP(c021) TermReq Identifier:0x02 ##
<166>Apr 3 12:14:08 DrayTek: WAN 1 is down.
<141>Apr 3 12:14:08 DrayTek: Delete exist flowstate of VPN ifno: 3 ....
<166>Apr 3 12:14:09 DrayTek: DSL: Modem Shut Down from ADSL Phy Layer (0)
<166>Apr 3 12:14:41 DrayTek: WAN1 PPPoE ==> V:1 T:1 PADT ID:3546
<166>Apr 3 12:14:41 DrayTek: WAN1 PPPoE --> send PADT to reset the out-of-order session.
<166>Apr 3 12:14:41 DrayTek: WAN1 PPPoE <== V:1 T:1 PADT ID:3546
<158>Apr 3 12:14:41 DrayTek: >>> Dial-up triggered by user : 192.168.1.151 ; proto=UDP, to 8.8.8.8 port=domain
<166>Apr 3 12:14:42 DrayTek: [DSL] G.Vectoring Status: OFF
<174>Apr 3 12:14:44 DrayTek: ADSL_Status:[Mode=17A States=SHOWTIME UpSpeed=8871000 DownSpeed=39692000 SNR=4 Atten=22 ]
<166>Apr 3 12:14:45 DrayTek: WAN1 PPPoE ==> V:1 T:1 PADT ID:3546
<166>Apr 3 12:14:45 DrayTek: WAN1 PPPoE ==> V:1 T:1 PADI ID:0
<166>Apr 3 12:14:51 DrayTek: WAN1 PPPoE ==> V:1 T:1 PADT ID:0
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> V:1 T:1 PADT ID:0
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== V:1 T:1 PADO ID:0
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> V:1 T:1 PADR ID:0
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== V:1 T:1 PADS ID:4902
<158>Apr 3 12:15:03 DrayTek: PPP Start (PPPoE)
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:LCP(c021) ConfReq Identifier:0x00 MRU: 1520 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:LCP(c021) ConfReq Identifier:0xAD MRU: 1500 Authentication Type: CHAP 05 Magic Number: 0x1777d0e2 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:LCP(c021) ConfAck Identifier:0xAD MRU: 1500 Authentication Type: CHAP 05 Magic Number: 0x1777d0e2 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:LCP(c021) ConfAck Identifier:0x00 MRU: 1520 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:CHAP(c223) Challenge Identifier:0x01 <elided>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:CHAP(c223) Response Identifier:0x01 <elided> ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:LCP(c021) ConfReq Identifier:0xC6 Authentication Type: CHAP 05 Magic Number: 0x26121347 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:LCP(c021) ConfReq Identifier:0x01 MRU: 1520 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:LCP(c021) ConfAck Identifier:0xC6 Authentication Type: CHAP 05 Magic Number: 0x26121347 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:LCP(c021) ConfAck Identifier:0x01 MRU: 1520 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:CHAP(c223) Challenge Identifier:0xEF <elided> ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:CHAP(c223) Response Identifier:0xEF <elided> ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:CHAP(c223) Success Identifier:0xEF ##
<158>Apr 3 12:15:03 DrayTek: CHAP Login OK (PPPoE)
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:IPCP(8021) ConfReq Identifier:0x00 Vendor Specific: 00 00 0c 01 00 00 00 00 IP Address: 0 0 0 0 Primary Domain Name Server: 0 0 0 0 Secondary Domain Name Server: 0 0 0 0 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:IPCP(8021) ConfReq Identifier:0x03 IP Address: 195 166 130 248 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:IPCP(8021) ConfAck Identifier:0x03 IP Address: 195 166 130 248 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:IPCP(8021) ConfRej Identifier:0x00 Vendor Specific: 00 00 0c 01 00 00 00 00 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:IPCP(8021) ConfReq Identifier:0x01 IP Address: 0 0 0 0 Primary Domain Name Server: 0 0 0 0 Secondary Domain Name Server: 0 0 0 0 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:IPCP(8021) ConfNak Identifier:0x01 IP Address: 84 92 XXX XXX Primary Domain Name Server: 212 159 6 9 Secondary Domain Name Server: 212 159 6 10 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE ==> Protocol:IPCP(8021) ConfReq Identifier:0x02 IP Address: 84 92 XXX XXX Primary Domain Name Server: 212 159 6 9 Secondary Domain Name Server: 212 159 6 10 ##
<166>Apr 3 12:15:03 DrayTek: WAN1 PPPoE <== Protocol:IPCP(8021) ConfAck Identifier:0x02 IP Address: 84 92 XXX XXX Primary Domain Name Server: 212 159 6 9 Secondary Domain Name Server: 212 159 6 10 ##
<158>Apr 3 12:15:03 DrayTek: IPCP Opening (PPPoE); Own IP Address : 84.92.XXX.XXX Peer IP Address : 195.166.130.248; Primary DNS : 212.159.6.9 Secondary DNS : 212.159.6.10
<166>Apr 3 12:15:03 DrayTek: WAN 1 is up.
<174>Apr 3 12:15:12 DrayTek: ADSL_Status:[Mode=17A States=SHOWTIME UpSpeed=8871000 DownSpeed=39692000 SNR=4 Atten=22 ]
<174>Apr 3 12:15:40 DrayTek: ADSL_Status:[Mode=17A States=SHOWTIME UpSpeed=8871000 DownSpeed=39692000 SNR=3 Atten=22 ]
<174>Apr 3 12:16:08 DrayTek: ADSL_Status:[Mode=17A States=SHOWTIME UpSpeed=8871000 DownSpeed=39692000 SNR=4 Atten=22 ]

 I note there was a significant speed drop following the shutdown ?

bobpullen
Community Gaffer
Community Gaffer
Posts: 14,832
Thanks: 2,423
Fixes: 163
Registered: ‎04-04-2007

Re: TD-W9980 setup (part 2)

So it seems that you're suffereing an occasional loss of sync as alluded to in my first reply. This would need raising as a fault, however due to the infrequent nature of the drops, it's likely it would result in multiple engineering visits that may not necessarily identify the source of the problem. It's definitely not something I'd suggest you pursue in the current CV-19 climate.


@graemev wrote:

In the past my TD-W9980 was also attacked. This time they were trying to brute force my SSH using multiple attacking addresses (I must dig out the logs and see if it's the same addresses)

Part and parcel of having an SSH server exposed to the Internet. The best you can probably do is rate limit connection attempts and rely on key authentication.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

graemev
Grafter
Posts: 69
Thanks: 2
Registered: ‎13-06-2018

Re: TD-W9980 setup (part 2)

WRT SSHD , I did stumble upon  sshguard (  https://www.sshguard.net/  )  and was going to look into it ...when I get through my backlog (for now , the port is shutdown)  Just rate limiting may not be enough. The attack comes from a half dozen addresses , attacking non-sequential ports, at quite slow rate. I've half worked out a scheme to use another unrelated port to "trigger" the opening of the ssh port (which is not 22 BTW)  ...so ping 12345 , then ssh to port 54321 within 30 seconds . Feels unlikely that  Eve could try all the combinations in time (and be sure which trigger had worked)

 

I did have quite a long saga getting my line noise reduced. I gave a high level version recently  [ https://community.plus.net/t5/ADSL-Broadband/Some-Broadband-drop-outs-appear-to-happen-when-a-phonec... ]

 

But I think we ruled out line noise about a year back (in part 1 of this thread) The fault disappears when the original 2 box "solution" from plusnet is used ... these tests took several weeks. The line was monitored at my end when I had a capable router and at the PlusNet end in all cases . The fault went away when the "2 box solution" was used.

 

I think the guess was something like some obscure option that the "original modem" had , that my TD-W9980 did support/had been set to ... The swap to the VIGOR was in part because it was a more serious box. I'm hoping some of the original contributors might now be able to highlight the setting I'm lacking.(e.g vectoring)

 

 

 

graemev
Grafter
Posts: 69
Thanks: 2
Registered: ‎13-06-2018

Re: TD-W9980 setup (part 2)

I was hoping the original contributors might have picked up on this new thread (created against my better judgement) [ @MisterW , @markhawkin , @MartinD . @krusty ]

 

I've done some tinkering with rsysylog(8) filters [ quite impressive they turn out to be]  so I can see I've gone from one reset every 3 days to 3 per day. So the metrics are

Original Plusnet two box VDSL -- No errors

TD-W9980 MTBF - 3 days

Virgor 2860 MTBF 8 hours

 

One thought I have is that the last 2 routers seemed to be attempting to sync at higher speeds which may well be causing the problems. That is, the original boxes didn't hit a problem because they were simply less ambitious.

 

I'm wondering if some of the "crosstalk" protection features on the Vigor may be of some help. Failing that maybe I could configure it to only try lower sync speeds?

 



Apr 16 17:04:54:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 16 17:05:49:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 16 17:10:27:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 16 17:12:07:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 16 19:10:47:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 16 19:12:26:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 16 21:11:59:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 16 21:12:54:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 17 00:12:32:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 17 00:13:30:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 17 01:00:35:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 17 01:01:32:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 17 01:12:44:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 17 01:13:41:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 17 06:30:13:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 17 06:31:08:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 17 06:43:49:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 17 06:44:46:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 17 14:43:18:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 17 14:44:15:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 18 01:09:40:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 18 01:10:35:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 00:17:28:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 00:18:23:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 00:20:40:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 00:21:36:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 00:33:20:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 00:36:12:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 00:37:48:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 00:38:44:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 01:52:40:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 01:53:38:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 02:08:05:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 02:09:02:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 04:44:39:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 04:45:35:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 05:53:10:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 05:54:06:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 06:08:53:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 06:09:49:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 15:23:54:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 15:25:41:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]
Apr 19 15:40:45:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is down.]
Apr 19 15:41:41:force9dsl.home local4.info DrayTek:/DrayTek [ WAN 1 is up.]

 

markhawkin
Pro
Posts: 407
Thanks: 58
Fixes: 8
Registered: ‎17-07-2016

Re: TD-W9980 setup (part 2)

@graemev

 

I would ask Draytek's support about the drops on the 2860.

There are various modem codes available and one may be better for your circumstances.

Mine can go weeks without a disconnection (I appreciate it's no direct use to you but the device is capable of this).

 

 

I am the satisfied customer....
graemev
Grafter
Posts: 69
Thanks: 2
Registered: ‎13-06-2018

Re: TD-W9980 setup (part 2)

I'm leaving this "unchanged"  for a short while, due to 2 external events:

1: BT have dug up the road all round their green boxes at the end of the street (temporary traffic lights for over a week)

2: There was an explosion opposite my house (fire engine etc) seemingly due to water getting into power cables

I'm come back when things have calmed down 🙂

 

graemev
Grafter
Posts: 69
Thanks: 2
Registered: ‎13-06-2018

Re: TD-W9980 setup (part 2)

Huum, getting worse DSL was down 15 times so far today.

 

Mind you OpenReach now have 4 digs down my road , so possibly something is "up"