Remote access attempts from around the world
Looking at those port numbers -
Port :123 = "NTP" (Network Time Protocol), so those are incoming internet time packets but could be requests or replies.
Port : 1723 = "PPTP VPN" (Point-to-Point Tunneling Protocol Virtual Private Networking), which could be cause for concern if you have not set this up, as that could make your device appear on someone else's network !.
Port : 4500 = might be "NAT traversal of Internet Key Exchange in IPsec" which could be associated with the previous "PPTP VPN" port.
Some suggestions -
What is the router doing other than logging blocked connection attempts ?
Does your internet connection still have sluggish periods if you leave the phone switched off ?
Does your router have a traffic graph ? where you can see the volume of data passing during these slow periods ?
Everybody connected to the internet receives these kind of unsolicited connection attempts all the time, I receive as much as you listed above perhaps every 20 seconds all day every day, however your incoming packets do look like they are targeting your phone so it would be advisable to ensure that your phone isn't initiating these connection attempts.
Port :123 = "NTP" (Network Time Protocol), so those are incoming internet time packets but could be requests or replies.
Port : 1723 = "PPTP VPN" (Point-to-Point Tunneling Protocol Virtual Private Networking), which could be cause for concern if you have not set this up, as that could make your device appear on someone else's network !.
Port : 4500 = might be "NAT traversal of Internet Key Exchange in IPsec" which could be associated with the previous "PPTP VPN" port.
Some suggestions -
- Do you know what you have your Plusnet Broadband Firewall set to ?, and perhaps step up to the next level.
- Update your router's firmware to the current release to eliminate security vulnerabilities discovered since manufacture, but ensure you get the correct firmware for the hardware revision you have, AND is intended for UK or European (NOT USA) routers !
- Disable "UPnP" in your router and reboot, to prevent devices on your LAN opening incoming ports in you router's firewall.
- You could try setting an outbound firewall rule to prevent TCP port 1723 packets leaving your network to disrupt any PPTP link.
- If you think it is your phone doing this, look for the above services (NTP and VPN) and try to disable them.
- Try resetting the phone to the factory defaults and see whether the problem persists.
Quote from: hooker1uk I understand the router is blocking it but seems to make it throw a wobbler
What is the router doing other than logging blocked connection attempts ?
Does your internet connection still have sluggish periods if you leave the phone switched off ?
Does your router have a traffic graph ? where you can see the volume of data passing during these slow periods ?
Quote from: hooker1uk has anyone else experienced this?
Everybody connected to the internet receives these kind of unsolicited connection attempts all the time, I receive as much as you listed above perhaps every 20 seconds all day every day, however your incoming packets do look like they are targeting your phone so it would be advisable to ensure that your phone isn't initiating these connection attempts.
To update, I found the cause, well, I hope so anyway.
It turns out the dual sim Doogee dg300 I'd bought has been sending information to china using trojans domob.h domob.f and android.trojan.uupay.d which were preinstalled on purchase,
the NTP requests were due to the phone recieving that data from china! It's been changed to a uk NTP server
removal of their APK's from /system/etc/ required root but easily achievable and hopefully all gone.
the device was sending data to two locations in the US, two china and one in Thailand.
While I didn't know about the firewall option from Plusnet, until reading the reply here I've set it to low for the moment to see if it helps, my routers firewall rules seem ok for now,
UPnP is enabled right now but it'll be disabled again in the next week (well, if all goes to plan - network rebuilding is a pain in the behind, nearly as much as UPNP)
the router is up to date with the latest uk variant of the WDNR N900 router
I'll see if we get anything else since finally killing the dodgy apps.
Thanks
It turns out the dual sim Doogee dg300 I'd bought has been sending information to china using trojans domob.h domob.f and android.trojan.uupay.d which were preinstalled on purchase,
the NTP requests were due to the phone recieving that data from china! It's been changed to a uk NTP server
removal of their APK's from /system/etc/ required root but easily achievable and hopefully all gone.
the device was sending data to two locations in the US, two china and one in Thailand.
While I didn't know about the firewall option from Plusnet, until reading the reply here I've set it to low for the moment to see if it helps, my routers firewall rules seem ok for now,
UPnP is enabled right now but it'll be disabled again in the next week (well, if all goes to plan - network rebuilding is a pain in the behind, nearly as much as UPNP)
the router is up to date with the latest uk variant of the WDNR N900 router
I'll see if we get anything else since finally killing the dodgy apps.
Thanks