cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Beginner
1,863 Views
Message 1 of 3

HH5 Event log

Hi Guys,

 

Remote Administration has been trying to grt through?

 

together with CWMP: Server URL: //pbthdm.bt.mo; Connecting as user: ACS user name

 

hes been contacting for the last 4days, I thought it could be the NAS or other computors, so last night all computor and NAs removed HH5 had it all to its self.

 

Can anyone explain what is happening, or could you point me to an area to find out more on event log answers.

 

thanks,

 ps https removed

6:31:39, 03 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 129.82.138.44->86.134.234.148 on ppp3)
06:01:32, 03 Jan.(60885.700000) CWMP: session completed successfully
06:01:32, 03 Jan.(60885.490000) CWMP: HTTP authentication success from ://pbthdm.bt.mo
06:01:28, 03 Jan.(60881.400000) CWMP: Server URL: ://pbthdm.bt.mo; Connecting as user: ACS username
06:01:28, 03 Jan.(60881.400000) CWMP: Session start now. Event code(s): '4 VALUE CHANGE'
06:01:26, 03 Jan.(60878.880000) WAN operating mode is VDSL
06:01:26, 03 Jan.(60878.880000) Last WAN operating mode was VDSL
06:01:25, 03 Jan.(60877.860000) CWMP: session closed due to error: Could not resolve host
06:01:25, 03 Jan.(60877.840000) CWMP: Server URL: https://pbthdm.bt.mo; Connecting as user: ACS username
06:01:25, 03 Jan.(60877.830000) CWMP: Session start now. Event code(s): '4 VALUE CHANGE'
06:01:25, 03 Jan.(60878.030000) PPP IPCP Receive Configuration ACK
06:01:25, 03 Jan.(60878.010000) PPP IPCP Send Configuration Request
06:01:25, 03 Jan.(60878.010000) PPP IPCP Receive Configuration NAK
06:01:25, 03 Jan.(60878.000000) PPP IPCP Send Configuration ACK
06:01:25, 03 Jan.(60878.000000) PPP IPCP Receive Configuration Request
06:01:25, 03 Jan.(60878.000000) PPP IPCP Send Configuration Request
06:01:25, 03 Jan.(60877.990000) CHAP authentication successful
06:01:25, 03 Jan.(60877.870000) CHAP Receive Challenge
06:01:25, 03 Jan.(60877.870000) Starting CHAP authentication with peer
06:01:25, 03 Jan.(60877.870000) PPP LCP Receive Configuration ACK
06:01:25, 03 Jan.(60877.860000) PPP LCP Send Configuration Request
06:01:25, 03 Jan.(60877.860000) PPP LCP Receive Configuration Reject
06:01:25, 03 Jan.(60877.850000) PPP LCP Send Configuration ACK
06:01:25, 03 Jan.(60877.850000) PPP LCP Receive Configuration Request
06:01:25, 03 Jan.(60877.850000) PPP LCP Send Configuration Request
06:01:24, 03 Jan.(60877.650000) CWMP: Initializing transaction for event code 4 VALUE CHANGE
06:01:18, 03 Jan.(60871.150000) PPP LCP Send Termination Request [User request]
05:30:07, 03 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 128.9.168.98->86.134.234.148 on ppp3)
02:54:31, 03 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 203.178.148.19->86.134.234.148 on ppp3)
02:27:53, 03 Jan.IN: BLOCK [16] Remote administration (TCP 89.248.172.58:11837->86.134.234.148:22 on ppp3)
02:27:13, 03 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 129.82.138.44->86.134.234.148 on ppp3)
01:45:51, 03 Jan.IN: BLOCK [16] Remote administration (TCP 111.241.47.202:12200->86.134.234.148:8080 on ppp3)
00:53:50, 03 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 128.9.168.98->86.134.234.148 on ppp3)
00:32:52, 03 Jan.IN: BLOCK [16] Remote administration (TCP 222.189.239.72:6000->86.134.234.148:22 on ppp3)
00:18:03, 03 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 203.178.148.19->86.134.234.148 on ppp3)
23:21:13, 02 Jan.IN: BLOCK [16] Remote administration (TCP 142.54.177.122:9921->86.134.234.148:22 on ppp3)
23:11:48, 02 Jan.IN: BLOCK [16] Remote administration (TCP 95.87.196.92:4294->86.134.234.148:80 on ppp3)
23:11:44, 02 Jan.IN: BLOCK [16] Remote administration (TCP 95.87.196.92:4291->86.134.234.148:8080 on ppp3)
22:35:15, 02 Jan.IN: BLOCK [16] Remote administration (TCP 124.115.18.12:8470->86.134.234.148:22 on ppp3)
22:26:01, 02 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 14.41.54.41->86.134.234.148 on ppp3)
21:50:06, 02 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 129.82.138.44->86.134.234.148 on ppp3)
21:46:39, 02 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 128.9.168.98->86.134.234.148 on ppp3)
21:39:20, 02 Jan.IN: BLOCK [16] Remote administration (TCP 218.77.79.34:31307->86.134.234.148:80 on ppp3)
20:59:57, 02 Jan.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 203.178.148.19->86.134.234.148 on ppp3)
0 Ratings
2 REPLIES 2
Highlighted
Aspiring Contributor
1,856 Views
Message 2 of 3

Re: HH5 Event log

I'm no expert but did a trace route on some of the IP addresses in that log and they originate in China, Bulgaria along with a few other places around the world ... 

0 Ratings
Highlighted
Beginner
1,850 Views
Message 3 of 3

Re: HH5 Event log

Thanks David,

 

trace route, OK got it, went through the lot, as you say china, Bulgaria, Japan and the USA.

 

Well HH5 firewall is doing its stuff " me thinks"

 

So that's 1/2 done clues on the rest anyone?

0 Ratings