Remote Administration, and other stuff in router event log.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Remote Administration, and other stuff in router e...
Remote Administration, and other stuff in router event log.
22-01-2021 5:31 PM - edited 22-01-2021 5:35 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hello folks
Been getting dropouts several times a day for the last week. Reconnection happens within a few minutes, but it is still pretty infuriating.
I checked the Event Log in my Hub Manager (I have a Hub One) and I had lots going on there, very little of which I can understand!
Any thoughts on this? Am I in peril?
Thanks.
17:22:32, 22 Jan. | IN: BLOCK [16] Remote administration (ICMP type 8 code 0 128.9.29.131->91.125.96.177 on ppp3) |
17:20:30, 22 Jan. | (181226.250000) Admin login successful by 192.168.1.64 on HTTP |
17:20:10, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [156.96.156.172]:54838->[91.125.96.177]:80 on ppp3) |
17:19:29, 22 Jan. | (181165.510000) New GUI session from IP 192.168.1.64 |
17:18:05, 22 Jan. | IN: BLOCK [16] Remote administration (ICMP type 8 code 0 128.9.63.139->91.125.96.177 on ppp3) |
17:05:15, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [209.126.230.71]:53504->[91.125.96.177]:443 on ppp3) |
17:00:28, 22 Jan. | BLOCKED 1 more packets (because of Remote administration) |
17:00:27, 22 Jan. | IN: BLOCK [16] Remote administration (ICMP type 8 code 0 192.35.168.69->91.125.96.177 on ppp3) |
16:58:03, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [192.241.219.82]:33380->[91.125.96.177]:8080 on ppp3) |
16:53:30, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [209.141.58.148]:54346->[91.125.96.177]:443 on ppp3) |
16:51:54, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [104.243.42.132]:42899->[91.125.96.177]:80 on ppp3) |
16:51:18, 22 Jan. | (179474.480000) CWMP: session closed due to error: Timeout |
16:50:48, 22 Jan. | (179444.450000) CWMP: HTTP authentication success from https://pbthdm.bt.mo |
16:50:42, 22 Jan. | (179437.930000) CWMP: Server URL: https://pbthdm.bt.mo; Connecting as user: ACS username |
16:50:42, 22 Jan. | (179437.920000) CWMP: Session start now. Event code(s): '4 VALUE CHANGE' |
16:50:40, 22 Jan. | (179436.120000) WAN operating mode is VDSL |
16:50:40, 22 Jan. | (179436.120000) Last WAN operating mode was VDSL |
16:50:38, 22 Jan. | (179434.860000) PPP IPCP Receive Configuration ACK |
16:50:38, 22 Jan. | (179434.850000) PPP IPCP Send Configuration Request |
16:50:38, 22 Jan. | (179434.840000) PPP IPCP Receive Configuration NAK |
16:50:38, 22 Jan. | (179434.840000) PPP IPCP Send Configuration ACK |
16:50:38, 22 Jan. | (179434.840000) PPP IPCP Receive Configuration Request |
16:50:38, 22 Jan. | (179434.840000) PPP IPCP Send Configuration Request |
16:50:37, 22 Jan. | (179433.760000) PPPoE is up - Down Rate=79893Kbps, Up Rate=19139Kbps; SNR Margin Down=6.0dB, Up=9.5dB |
16:50:37, 22 Jan. | (179433.740000) CHAP authentication successful |
16:50:37, 22 Jan. | (179433.710000) CHAP Receive Challenge |
16:50:37, 22 Jan. | (179433.710000) Starting CHAP authentication with peer |
16:50:37, 22 Jan. | (179433.710000) PPP LCP Receive Configuration ACK |
16:50:37, 22 Jan. | (179433.700000) PPP LCP Send Configuration Request |
16:50:37, 22 Jan. | (179433.700000) PPP LCP Receive Configuration Reject |
16:50:37, 22 Jan. | (179433.700000) PPP LCP Send Configuration ACK |
16:50:37, 22 Jan. | (179433.690000) PPP LCP Receive Configuration Request |
16:50:37, 22 Jan. | (179433.690000) PPP LCP Send Configuration Request |
16:49:48, 22 Jan. | (179384.740000) PTM over DSL is up |
16:49:47, 22 Jan. | (179382.910000) CWMP: session closed due to error: Could not resolve host |
16:49:47, 22 Jan. | (179382.890000) CWMP: Server URL: https://pbthdm.bt.mo; Connecting as user: ACS username |
16:49:46, 22 Jan. | (179382.890000) CWMP: Session start now. Event code(s): '4 VALUE CHANGE' |
16:49:16, 22 Jan. | (179352.620000) CWMP: session closed due to error: Could not resolve host |
16:49:16, 22 Jan. | (179352.600000) CWMP: Server URL: https://pbthdm.bt.mo; Connecting as user: ACS username |
16:49:16, 22 Jan. | (179352.600000) CWMP: Session start now. Event code(s): '4 VALUE CHANGE' |
16:49:16, 22 Jan. | (179352.310000) CWMP: Initializing transaction for event code 4 VALUE CHANGE |
16:49:13, 22 Jan. | (179349.670000) PTM over DSL is down after 1082 minutes uptime |
16:49:13, 22 Jan. | (179349.670000) PPPoE is down after 1081 minutes uptime [Waiting for Underlying Connection (WAN Ethernet 7 - Down)] |
16:49:11, 22 Jan. | (179347.060000) PPP LCP Send Termination Request [User request] |
16:40:17, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [162.142.125.28]:64228->[91.125.96.164]:443 on ppp3) |
16:38:07, 22 Jan. | IN: BLOCK [16] Remote administration (ICMP type 8 code 0 183.232.65.85->91.125.96.164 on ppp3) |
16:35:18, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [192.241.224.50]:44167->[91.125.96.164]:443 on ppp3) |
16:34:00, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [156.96.46.226]:53213->[91.125.96.164]:443 on ppp3) |
16:33:57, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [103.145.13.194]:52704->[91.125.96.164]:80 on ppp3) |
16:24:58, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [47.114.160.221]:22452->[91.125.96.164]:80 on ppp3) |
16:24:45, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [47.103.110.3]:38785->[91.125.96.164]:80 on ppp3) |
16:22:16, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [158.101.108.255]:49276->[91.125.96.164]:22 on ppp3) |
16:20:21, 22 Jan. | IN: BLOCK [16] Remote administration (ICMP type 8 code 0 192.172.226.141->91.125.96.164 on ppp3) |
16:19:10, 22 Jan. | (177546.160000) Lease for IP 192.168.1.65 renewed by host Samsung-Galaxy-S7 (MAC 8c:f5:a3:bb:8e:be). Lease duration: 1440 min |
16:19:10, 22 Jan. | (177546.160000) Device connected: Hostname: Samsung-Galaxy-S7 IP: 192.168.1.65 MAC: 8c:f5:a3:bb:8e:be Lease time: 1440 min. Link rate: 6.0 Mbps |
16:19:10, 22 Jan. | (177546.090000) Lease requested |
16:19:04, 22 Jan. | IN: BLOCK [16] Remote administration (ICMP type 8 code 0 185.108.129.120->91.125.96.164 on ppp3) |
16:19:04, 22 Jan. | ath10: STA 8c:f5:a3:bb:8e:be IEEE 802.11: Client associated |
16:06:16, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [192.241.218.109]:54701->[91.125.96.164]:80 on ppp3) |
16:05:57, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [76.5.48.18]:34572->[91.125.96.164]:22 on ppp3) |
16:04:11, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [222.186.136.150]:48137->[91.125.96.164]:443 on ppp3) |
16:02:14, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [190.207.109.96]:50605->[91.125.96.164]:22 on ppp3) |
15:59:45, 22 Jan. | IN: BLOCK [16] Remote administration (ICMP type 8 code 0 23.105.70.70->91.125.96.164 on ppp3) |
15:56:35, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [117.196.48.167]:37724->[91.125.96.164]:80 on ppp3) |
15:56:22, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [156.96.156.172]:50001->[91.125.96.164]:443 on ppp3) |
15:52:43, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [156.96.156.172]:50001->[91.125.96.164]:80 on ppp3) |
15:52:36, 22 Jan. | ath00: STA 8c:f5:a3:bb:8e:be IEEE 802.11: WiFi registration failed |
15:52:36, 22 Jan. | ath10: STA 8c:f5:a3:bb:8e:be IEEE 802.11: WiFi registration failed |
15:45:52, 22 Jan. | (175547.990000) Device disconnected: Hostname: Samsung-Galaxy-S7 IP: 192.168.1.65 MAC: 8c:f5:a3:bb:8e:be |
15:45:46, 22 Jan. | (175542.890000) NTP synchronization success! |
15:45:11, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [81.161.63.103]:17728->[91.125.96.164]:22 on ppp3) |
15:44:42, 22 Jan. | ath00: STA 8c:f5:a3:bb:8e:be IEEE 802.11: Client associated |
15:44:42, 22 Jan. | ath00: STA 8c:f5:a3:bb:8e:be IEEE 802.11: Client disassociated |
15:44:42, 22 Jan. | ath00: STA 8c:f5:a3:bb:8e:be IEEE 802.11: Client associated |
15:42:52, 22 Jan. | OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 91.125.96.164->88.221.0.95 on ppp3) |
15:42:50, 22 Jan. | BLOCKED 1 more packets (because of ICMP replay) |
15:42:49, 22 Jan. | OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 91.125.96.164->88.221.0.95 on ppp3) |
15:42:42, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [192.241.204.120]:43354->[91.125.96.164]:8080 on ppp3) |
15:42:36, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [89.248.174.3]:44498->[91.125.96.164]:22 on ppp3) |
15:40:12, 22 Jan. | OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 91.125.96.164->34.252.142.55 on ppp3) |
15:40:10, 22 Jan. | BLOCKED 2 more packets (because of ICMP replay) |
15:40:09, 22 Jan. | OUT: BLOCK [7] ICMP replay (ICMP type 3 code 1 91.125.96.164->34.252.142.55 on ppp3) |
15:34:31, 22 Jan. | (174867.990000) Device disconnected: Hostname: LGwebOSTV IP: 192.168.1.66 MAC: 7c:1c:4e:4f:80:78 |
15:34:29, 22 Jan. | ath10: STA 7c:1c:4e:4f:80:78 IEEE 802.11: Client disassociated |
15:29:27, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [185.142.236.43]:20012->[91.125.96.164]:443 on ppp3) |
15:28:21, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [103.159.182.2]:10389->[91.125.96.164]:8080 on ppp3) |
15:25:36, 22 Jan. | IN: BLOCK [16] Remote administration (UDP [104.140.188.26]:52149->[91.125.96.164]:161 on ppp3) |
15:23:40, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [83.253.28.253]:57725->[91.125.96.164]:22 on ppp3) |
15:17:19, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [185.59.247.39]:53649->[91.125.96.164]:8080 on ppp3) |
15:14:41, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [157.230.16.91]:5473->[91.125.96.164]:22 on ppp3) |
15:14:22, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [128.14.209.254]:21118->[91.125.96.164]:443 on ppp3) |
15:11:01, 22 Jan. | BLOCKED 9 more packets (because of ICMP replay) |
15:11:00, 22 Jan. | IN: BLOCK [7] ICMP replay (ICMP type 3 code 3 114.45.206.223->91.125.96.164 on ppp3) |
15:05:38, 22 Jan. | IN: BLOCK [16] Remote administration (UDP [36.27.214.242]:45663->[91.125.96.164]:161 on ppp3) |
15:00:54, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [71.6.146.185]:29011->[91.125.96.164]:8080 on ppp3) |
14:54:16, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [103.152.100.2]:49430->[91.125.96.164]:22 on ppp3) |
14:53:15, 22 Jan. | IN: BLOCK [16] Remote administration (TCP [176.85.220.153]:59776->[91.125.96.164]:8080 on ppp3) |
14:53:03, 22 Jan. | OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.65->49.218.8.124 on ppp3) |
14:52:57, 22 Jan. | OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.65->31.13.87.54 on ppp3) |
14:52:56, 22 Jan. | BLOCKED 1 more packets (because of ICMP replay) |
Re: Remote Administration, and other stuff in router event log.
22-01-2021 5:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@thurrafork Don't worry about those IN BLOCK reports - that is just the router doing what it is supposed to do - blocking incoming requests from sites not allowed to access your local network.
As regards the drops, they would be of much more concern to me. Can you post the connection stats, obscuring any personally identifiable data?
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks for responding jab1
When you ask for Connection Stats, what exactly do you mean?
I imagined that all the connect/disconnect info was buried in that Event Log that I posted.
So there's no obvious connection between that splurge of Event Log info and disconnections?
Thanks
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@thurrafork Sorry, didn't explain my self very well there did I?
The 'connection stats' I was referring to are accessed from the 'Troubleshooting' tab on your router - IIRC they are the far right tab under that setting, but I'm not sure as I have never used that router.
There is no connection at all between those two events.
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:39 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hmmm... The far right tab under Troubleshooting is the Event Log I posted before.
There's only 1 'Connection' tab that I can find (under Advanced Settings>Broadband>Connection) but that doesn't seem to give any useful info...
Connection Information
|
||||||||
Is what you're asking for info about DNS, Gateway, IP address - that kind of thing? |
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:43 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
On a Hub 1 the router stats can be found in the Troubleshooting->Helpdesk tab.
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:43 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
OK - I did say I wasn't sure about where the information was, but to use my routers data, just to show what yours should resemble:
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:44 PM - edited 22-01-2021 6:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Gotcha! Thank you!
And now a very naive question: What of the information there should I block out before posting on a public forum?
For example, is MAC address essential information that you need, or should I block it out?
Thanks
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:44 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks @Browni - I'll try and remember that.😁
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I can't remember the line numbers offhand - but your IP, router name &c.
If you post, then keep your eyes open for my reply, we'll see if you post anything personal inside the edit window so you can edit it out.
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:50 PM - edited 22-01-2021 6:55 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
OK... how about this?
1. Product name: | Plusnet Hub |
2. Serial number: | **************************** |
3. Firmware version: | Software version 4.7.5.1.83.8.263 Last updated 29/05/19 |
4. Board version: | Plusnet Hub One |
5. DSL uptime: | 0 days, 01:56:41 |
6. Data rate: | 19139 / 79893 |
7. Maximum data rate: | 25796 / 79939 |
8. Noise margin: | 9.2 / 5.9 |
9. Line attenuation: | 7.7 / 8.4 |
10. Signal attenuation: | 7.6 / 8.6 |
11. Data sent/received: | 1.7 GB / 10.4 GB |
12. Broadband username: | ************************ |
13. 2.4 GHz Wireless network/SSID: | ************************ |
14. 2.4 GHz Wireless connections: | Enabled (802.11 b/g/n (up to 144 Mb/s)) |
15. 2.4 GHz Wireless security: | WPA2 |
16. 2.4 GHz Wireless channel: | 11 |
17. 5 GHz Wireless network/SSID: | *********************** |
18. 5 GHz Wireless connections: | Enabled (802.11 a/n/ac (up to 1300 Mb/s)) |
19. 5 GHz Wireless security: | WPA2 |
20. 5 GHz Wireless channel: | Automatic (Smart Wireless) |
21. Firewall: | Default |
22. MAC Address: | ******************** |
23. Modulation: | G.993.2 Annex B |
24. Software variant: | AA |
25. Boot loader: | 1.0.0 |
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Just for total security, edit out lines 13 +17.
Further comments to follow.
Re: Remote Administration, and other stuff in router event log.
22-01-2021 6:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Ooops - you did that in your edit.😁
Re: Remote Administration, and other stuff in router event log.
22-01-2021 7:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@thurrafork In your opening post you mentioned having dropouts 'several times a day', presumably like the ones recorded between 16.49.11 and 16.51.18 in your router log in the first screenshot?
This needs investigating, but should be posted on the 'Fibre' board, where people who have the experience can help - I'm afraid I can't, and the amount of personal troubleshooting you can do is somewhat more restricted than is possible on an ADSL connection.
Re: Remote Administration, and other stuff in router event log.
22-01-2021 7:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Ok. Thanks for your help anyway!
The reason I posted here in the 'Router' forum was the because the crux of my concern at the time was the deluge of stuff in the Hub Manager Event Log.
I was worried that there was an unusual amount of... I don't know... attacks(?) going on.
I've looked at the Event Log in the past and there was never this much incident. After all, that great sprawl of log information I posted in my first post all occurred within two and a half hours. Is that normal?
I thought the disconnects may have occurred as a consequence of the router fighting of this barrage of attempts. Or something. I really don't know about this stuff!
But if you can assure me that this log does not communicate anything alarming, and also that it does not give a clue as to the reasons of the disconnection, then yes I will ask more simply about the disconnects in another forum.
Thanks
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Remote Administration, and other stuff in router e...