My message #10 did not really go into great detail, obviously I assumed too much (getting old)
I started by manually noting when my line started to go down & when it came back up. Simple.
I then looked at the HH3 event log & found exact matches starting with the 'IN: BLOCK data'
This cannot be a coincidence.
The first IP string is China & the second is BT
It is called Remote administration.
Now, why is Remote administration bringing my HH down.
Do you see a "PPP LCP Send Termination Request [User request]" around the time of the disconnections? I've seen people mention this SO many times in relation to the broadband disconnecting, but yet to see anyone confirm what it is or what's causing it.
HH5 is a bit rubbish, in my short experience. Gone from flawless broadband with a well known competitor that stayed up almost 24/7, to one with anywhere between 5 and 20 disconnections per day.
No PPP LCP send etc
19:31:39, 03 Jan. (515149.520000) Wire Lan Port 1 up
19:24:19, 03 Jan. IN: BLOCK  Remote administration (TCP 18.104.22.168:49931->22.214.171.124:22 on ppp1)
As you can see this one lasted some time & I have no idea what remote admin is doing either. I don't actually care as long as it does its job properly, but if it brings my HH3 down then it is not!
I have monitored this for 4 days
I read these log messages as being an attempt at remote administration that is being blocked and given 126.96.36.199 appears to resolve to China it probably should be blocked unless BT are outsourcing network management.
It seems to me the hubs will either run more slowly during a denial of service attack or may fall over completely.
I have not had any issues with r6300v2 - it no longer reports DOS attacks so either it has been assimilated or potential remote administrators have lost interest.
I see a lot more of these messages on the HH5 so I suspect that a BT hub is more expected on a BT subnet. If my thesis is correct a non-BT hub with an Openreach modem might improve matters.
I was suspicioius (re: attack) but did not want to start a conspiricy theory thread.
On the other hand if the BT HHx does fall over due to these attemps then BT should be doing something about it.
Otherwise we are faced with a potential situation whereby an attacker located somewhere can bring down BTs hubs.
That is serious, after all there has been enough talk about 'Huawei' hasn't there.
Perhaps an official post is being readied