cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet firewall not blocking

aks100
Grafter
Posts: 44
Thanks: 5
Fixes: 1
Registered: ‎28-05-2013

Plusnet firewall not blocking

I am using the Plusnet Hub One with FTTC connection.

In the PN web portal, I had the broadband firewall set to HIGH, but I still observed the following messages in the event log:

14:43:59, 18 Sep. IN: BLOCK [16] Remote administration (TCP [107.189.8.8]:54186-​>[213.31.19.207]:22 on ppp3)
14:41:43, 18 Sep. IN: BLOCK [16] Remote administration (TCP [206.189.32.125]:61000-​>[213.31.19.207]:22 on ppp3)
14:39:27, 18 Sep. IN: BLOCK [16] Remote administration (TCP [117.248.249.70]:52794-​>[213.31.19.207]:22 on ppp3)
14:37:23, 18 Sep. IN: BLOCK [16] Remote administration (TCP [45.79.114.128]:43825-​>[213.31.19.207]:443 on ppp3)
14:30:44, 18 Sep. IN: BLOCK [16] Remote administration (TCP [45.227.253.139]:55331-​>[213.31.19.207]:8443 on ppp3)
14:28:32, 18 Sep. IN: BLOCK [16] Remote administration (TCP [82.151.125.147]:6745-​>[213.31.19.207]:80 on ppp3)
14:26:10, 18 Sep. IN: BLOCK [16] Remote administration (TCP [196.1.187.122]:60496-​>[213.31.19.207]:8080 on ppp3)
14:24:34, 18 Sep. IN: BLOCK [16] Remote administration (TCP [192.241.221.197]:53765-​>[213.31.19.207]:443 on ppp3)
14:23:33, 18 Sep. IN: BLOCK [16] Remote administration (TCP [205.185.125.212]:48684-​>[213.31.19.207]:8080 on ppp3)
14:22:39, 18 Sep. IN: BLOCK [16] Remote administration (TCP [47.104.132.121]:47597-​>[213.31.19.207]:80 on ppp3)
14:20:23, 18 Sep. IN: BLOCK [16] Remote administration (TCP [192.241.216.251]:36534-​>[213.31.19.207]:8443 on ppp3)
14:20:17, 18 Sep. IN: BLOCK [16] Remote administration (TCP [89.248.165.48]:56748-​>[213.31.19.207]:8080 on ppp3)
14:19:29, 18 Sep. IN: BLOCK [16] Remote administration (TCP [89.248.165.48]:48054-​>[213.31.19.207]:8443 on ppp3)
14:16:41, 18 Sep. IN: BLOCK [16] Remote administration (TCP [61.147.208.118]:10636-​>[213.31.19.207]:22 on ppp3)
14:14:51, 18 Sep. IN: BLOCK [16] Remote administration (TCP [128.116.130.101]:57989-​>[213.31.19.207]:22 on ppp3)
14:07:20, 18 Sep. IN: BLOCK [16] Remote administration (TCP [89.248.165.48]:60433-​>[213.31.19.207]:8080 on ppp3)

 

There are a few pages like this. They all seem to get blocked by the router, but I had assumed the PN servers would be blocking connections, so these requests should never have reached the router?

> HIGH: The 'High' setting blocks all ports, preventing unauthorised connections from the Internet to your computer.

I have now set the firewall to Advanced: block common ports, but having now read the documentation this seems like a reduced blocking list?

I don't need any external connections coming to my router/LAN. Thoughts?

13 REPLIES 13
jab1
Legend
Posts: 19,050
Thanks: 6,240
Fixes: 287
Registered: ‎24-02-2012

Re: Plusnet firewall not blocking

@aks100 I'm no expert, but to me the router is doing exactly what it is supposed to do - blocking unsolicited requests before they hit your LAN. The server firewalls won't do this - I don't think, but someone with greater knowledge may over-ride me.

Unauthorised connections are being blocked before reaching you, and I would advise switching back to the 'High' setting - the 'advanced' is really only for those who may need other uncommon ports open, for some reason.

John
MisterW
Superuser
Superuser
Posts: 16,190
Thanks: 6,172
Fixes: 446
Registered: ‎30-07-2007

Re: Plusnet firewall not blocking

@aks100 have you restarted your connection since changing the firewall settings ?

Any firewall changes only take effect when the PPPoE seesion is reconnected

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

aks100
Grafter
Posts: 44
Thanks: 5
Fixes: 1
Registered: ‎28-05-2013

Re: Plusnet firewall not blocking

Thanks, to be sure I have rebooted again this morning. I'll monitor and report back.

 

Also, to be clear, I have adjusted the settings on the PN portal via my account - now reverted to HIGH, not on the router itself under the admin page 'advanced settings->firewall->configuration' which remains at default "Allow all outgoing connections and block all unsolicited incoming traffic. Games and application sharing is allowed." - and I believe this is doing it's job.

aks100
Grafter
Posts: 44
Thanks: 5
Fixes: 1
Registered: ‎28-05-2013

Re: Plusnet firewall not blocking

Evidently no change even after reboot:

09:46:07, 19 Sep. IN: BLOCK [15] Default policy (TCP [178.253.101.85]:52310-​>[213.31.19.202]:1433 on ppp3)
09:46:01, 19 Sep. IN: BLOCK [15] Default policy (TCP [52.46.149.29]:443-​>[213.31.19.202]:53639 on ppp3)
09:45:49, 19 Sep. IN: BLOCK [15] Default policy (TCP [18.213.11.84]:443-​>[213.31.19.202]:54491 on ppp3)
jab1
Legend
Posts: 19,050
Thanks: 6,240
Fixes: 287
Registered: ‎24-02-2012

Re: Plusnet firewall not blocking

That is normal - the router blocking unsolicited traffic.

John
MisterW
Superuser
Superuser
Posts: 16,190
Thanks: 6,172
Fixes: 446
Registered: ‎30-07-2007

Re: Plusnet firewall not blocking

John, that's true but I think @aks100 s point is that with the Plusnet broadband firewall set to HIGH those packets shouldn't be getting to the router at all

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

jab1
Legend
Posts: 19,050
Thanks: 6,240
Fixes: 287
Registered: ‎24-02-2012

Re: Plusnet firewall not blocking

@MisterW As I never had the PN firewall on, I'll take your word for it. 😉 , but I don't see a problem - they don't get into the LAN.

Having seen other router logs though I am guessing that is normal behaviour. Is the default setting for the PN Firewall not 'HIGH' - I assume most home users don't adjust that setting?

John
MisterW
Superuser
Superuser
Posts: 16,190
Thanks: 6,172
Fixes: 446
Registered: ‎30-07-2007

Re: Plusnet firewall not blocking

@jab1  youre absolutely correct John, there's no problem, the router is preventing it getting through.

AFAIK the default for the Broadband firewall is OFF and, as you say, most people arent even aware it exists!.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

jab1
Legend
Posts: 19,050
Thanks: 6,240
Fixes: 287
Registered: ‎24-02-2012

Re: Plusnet firewall not blocking


@MisterW wrote:

 

AFAIK the default for the Broadband firewall is OFF and, as you say, most people arent even aware it exists!.


That I didn't know, but it is academic for me now, anyway. As a point of interest, without going and looking I don't know my ISPs position on this, but the router doesn't report any intrusions - only transactions.

John
MisterW
Superuser
Superuser
Posts: 16,190
Thanks: 6,172
Fixes: 446
Registered: ‎30-07-2007

Re: Plusnet firewall not blocking

@jab1 John, IIRC you now have a Fritzbox ? From what I can find , the router firewall is completeley closed by default (what you would expect!) but doesnt seem to log any blocked intrusions.

https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7590/57_Security-functions-firewall-of-the-FR...

https://service.avm.de/help/en/FRITZ-Box-7590-avme/018/hilfe_syslog

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

jab1
Legend
Posts: 19,050
Thanks: 6,240
Fixes: 287
Registered: ‎24-02-2012

Re: Plusnet firewall not blocking

Thanks for that, @MisterW . You are correct, I have a 7530, and I'm not bothered about 'not seeing' any blocked intrusions - I'll only panic if something legit gets stopped.Smiley

John
aks100
Grafter
Posts: 44
Thanks: 5
Fixes: 1
Registered: ‎28-05-2013

Re: Plusnet firewall not blocking

Sure, the router is indeed preventing anything getting through, which is great, but PN have a server side firewall - which seems to not be effective at all 🤔!

Academic, not really. Traffic is getting to the router, and currently (as far as I can tell) is getting blocked, but what happens when something does wrong and the router lets unwanted traffic through. Not to mention any issue with constant traffic hitting the router - again, perhaps a minimal issue.

Obviously this is not major, and I won't lose any sleep in reality, but PN indicate a firewall from their systems (unless I'm not understanding correctly) and I would use it.

WotW
Grafter
Posts: 28
Thanks: 3
Registered: ‎14-04-2021

Re: Plusnet firewall not blocking

'but PN indicate a firewall from their systems'

I'm not sure they do. I've not seen anything to indicate that. Nor sure how that would work, if it was possible wouldn't all ISPs stop malicious traffic?

'The 'High' setting blocks all ports, preventing unauthorised connections from the Internet to your computer.'

This is what the router is doing. Between the internet and your computer is the router, and it's the router you are configuring the firewall on.