cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Contributor
18,481 Views
Message 1 of 2

Lots of Remote Administration in my event log.

Hi guys.

 

I seem to be getting a lot of "remote administration" lines in my event log all the time. Even though my event log says they are blocked I was wondering if anyone would know why I keep getting them or who is trying to access my router.

 

Here is a snippet from my event log today:

 

16:58:04, 14 Mar. (138695.100000) Lease for IP 192.168.1.64 renewed by host Ganymede (MAC ). Lease duration: 10080 min
16:58:04, 14 Mar. (138695.100000) Device connected: Hostname: Ganymede IP: 192.168.1.64 MAC:  Lease time: 10080 min. Link rate: 100.0 Mbps
16:58:04, 14 Mar. (138695.010000) Lease requested
16:57:48, 14 Mar. (138679.510000) Wire Lan Port 1 up
16:57:45, 14 Mar. (138676.510000) Wire Lan Port 1 down
16:57:42, 14 Mar. (138673.510000) Wire Lan Port 1 up
16:53:47, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
16:48:09, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 86.179.98.69:60806-?>64.186.176.170:443 on ppp1)
16:33:39, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
16:31:54, 14 Mar. IN: BLOCK [16] Remote administration (TCP 119.247.65.241:57132-?>86.179.98.69:80 on ppp1)
16:13:42, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
16:13:22, 14 Mar. IN: BLOCK [16] Remote administration (TCP 218.77.79.34:52498-?>86.179.98.69:443 on ppp1)
16:03:32, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
15:53:53, 14 Mar. BLOCKED 1 more packets (because of Remote administration)
15:33:44, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
15:27:25, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 61.228.233.120-?>86.179.98.69 on ppp1)
15:13:37, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
15:11:05, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 201.164.238.126-?>86.179.98.69 on ppp1)
15:03:31, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
15:01:07, 14 Mar. IN: BLOCK [16] Remote administration (TCP 80.82.64.130:34778-?>86.179.98.69:22 on ppp1)
15:00:03, 14 Mar. IN: BLOCK [16] Remote administration (TCP 116.10.191.190:6000-?>86.179.98.69:22 on ppp1)
14:53:52, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
14:38:46, 14 Mar. IN: BLOCK [16] Remote administration (TCP 1.93.34.211:35435-?>86.179.98.69:22 on ppp1)
14:38:44, 14 Mar. IN: BLOCK [16] Remote administration (TCP 1.93.34.211:35434-?>86.179.98.69:22 on ppp1)
14:33:53, 14 Mar. BLOCKED 1 more packets (because of Remote administration)
14:33:52, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
14:23:34, 14 Mar. BLOCKED 1 more packets (because of Remote administration)
14:23:34, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
14:20:15, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 89.214.26.2-?>86.179.98.69 on ppp1)
14:13:57, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
14:09:54, 14 Mar. IN: BLOCK [16] Remote administration (TCP 198.20.99.130:25472-?>86.179.98.69:8443 on ppp1)
14:06:24, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 178.78.42.120-?>86.179.98.69 on ppp1)
14:03:42, 14 Mar. BLOCKED 1 more packets (because of Remote administration)
13:53:59, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
13:52:24, 14 Mar. IN: BLOCK [16] Remote administration (TCP 61.147.107.87:6000-?>86.179.98.69:22 on ppp1)
13:46:51, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52600-?>23.35.212.136:443 on ppp1)
13:46:32, 14 Mar. BLOCKED 48 more packets (because of Packet invalid in connection)
13:46:31, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52617-?>115.178.6.45:80 on ppp1)
13:46:30, 14 Mar. BLOCKED 49 more packets (because of Packet invalid in connection)
13:46:28, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52614-?>115.178.6.43:80 on ppp1)
13:46:28, 14 Mar. BLOCKED 14 more packets (because of Packet invalid in connection)
13:46:26, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52616-?>115.178.6.45:80 on ppp1)
13:46:26, 14 Mar. BLOCKED 14 more packets (because of Packet invalid in connection)
13:46:26, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52615-?>115.178.6.45:80 on ppp1)
13:46:25, 14 Mar. BLOCKED 1 more packets (because of Packet invalid in connection)
13:46:24, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52610-?>124.108.99.134:80 on ppp1)
13:45:46, 14 Mar. BLOCKED 3 more packets (because of Packet invalid in connection)
13:45:45, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52525-?>23.35.212.136:443 on ppp1)
13:45:38, 14 Mar. IN: BLOCK [16] Remote administration (TCP 124.122.114.250:12838-?>86.179.98.69:80 on ppp1)
13:45:37, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52485-?>95.100.194.217:443 on ppp1)
13:45:35, 14 Mar. IN: BLOCK [16] Remote administration (TCP 124.122.114.250:12838-?>86.179.98.69:80 on ppp1)
13:45:24, 14 Mar. BLOCKED 49 more packets (because of Packet invalid in connection)
13:45:23, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52552-?>115.178.6.8:80 on ppp1)
13:45:18, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52547-?>124.108.99.134:80 on ppp1)
13:45:11, 14 Mar. BLOCKED 1 more packets (because of Packet invalid in connection)
13:45:10, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52438-?>93.184.220.97:443 on ppp1)
13:44:58, 14 Mar. BLOCKED 1 more packets (because of Packet invalid in connection)
13:44:56, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52446-?>66.235.138.59:443 on ppp1)
13:44:07, 14 Mar. BLOCKED 2 more packets (because of Packet invalid in connection)
13:44:05, 14 Mar. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.70:52429-?>68.232.35.139:443 on ppp1)
13:43:51, 14 Mar. BLOCKED 1 more packets (because of Remote administration)
13:43:50, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
13:40:22, 14 Mar. IN: BLOCK [16] Remote administration (TCP 61.174.51.204:6000-?>86.179.98.69:22 on ppp1)
13:33:30, 14 Mar. IN: BLOCK [16] Remote administration (ICMP type 8 code 0 130.161.3.170-?>86.179.98.69 on ppp1)
13:31:28, 14 Mar. IN: BLOCK [16] Remote administration (TCP 118.244.225.100:52717-?>86.179.98.69:8080 on ppp1)
13:31:01, 14 Mar. IN: BLOCK [16] Remote administration (TCP 218.77.79.34:39051-?>86.179.98.69:80 on ppp1)
13:23:48, 14 Mar. BLOCKED 1 more packets (because of Remote administration)

 

Just unsure if i should be concerned about all of these events in the log or if I am at risk due to them.

 

Any help is appreciated, Jay.

0 Ratings
1 REPLY 1
Highlighted
Contributor
18,372 Views
Message 2 of 2

Re: Lots of Remote Administration in my event log.

Hi

Here is one link that discusses same thing, maybe help to ease your mind a little:

http://www.dslreports.com/forum/r26209213-My-Firewall-Security-Log-is-scary

Regards from Livingston, Scotland
0 Ratings