Slightly misleading title although its 100% true, its just that it was over a month ago, still not got a clue what is (was) going on, hence why I'm here. Its actually my mothers Broadband & WiFi but being in her 80's, calls Sat Nav, Nat Sav, she hasn't got a clue how anything works (still great for her age though) and unfortunately I'm not that much better. I really need some urgent help from a patient trustworthy, intelligent type of person with, well, the whole network really. The settings via the new home hub 5 have suddenly changed, I've got IPV6 settings (a first) can't access my broadband username & password & among other things suddenly can't save the logs? Really could do with someone in the know checkimg my IP, if ive the correct DNS, submask (subnet?) etc, as well as some idea about the prior issues like 49 unknown devices able to log in (mostly by cloud servers) Devices shown as logged in via Ethernet when the Ethernet ports had never once been used? Constant DDOS attacks, ARP spoofing? Getting locked out the account etc, its endless. But as I said that's prior the new hub and although they seem to have stopped there's now other things going on but when I check the logs its all in totally new terminology compared to the last hub, ironically also a hub 5. I've countless logs, screenshots, pages I've copied etc but after 3 months trying to understand everything and get to the bottom of it all, I hate to admit I've bitten off more than I can chew, GRRRR :-) I could include specifics but I don't want to post something that would immediately let the **bleep** hackers right back in, yes, I absolutely think her network has been hacked and was (is?) being accessed remotely affecting every **bleep** smartphone & tablet that's come into contact with her "Box with the blue light on" (WiFi) especially mine. BT eventually admitted something was wrong when I dragged the kids gaming console round and ran tests while India were on the phone, no matter what we tried the IP wouldn't change. Programs kept saying the network was open (BT-fon?) even though everything else said it was encrypted, the DHCP server wasn't working & seemed it never had, something about "NetBIOS file system"? All my friends and family being able to sporadically read my emails, txs and even all my web searches with my IP randomly switching from private to public & visa versa. So they sent the new hub but I'm still worried if everything's OK or just more well disguised. But i can tell I'm boring both people who'll read this with an overload of useless info, so I'll stop now with this line. I need some **bleep** help lol. Mac
I've just had a quick look at the new logs and will list some things that are maybe 10 times per page & all of them I've never seen before with the previous hub.
IN BLOCK remote admin TCP *edited* ppp3 OUT BLOCK packet invalid in connection (TCP reset attack suspected). *these are constant & never seen before* BOCKED one more packets (because of packet invalid in connection) IN BLOCK packet invalid in connection (invalid TCP flags for current TCP state) IN BLOCK remote admin (ICMP type 8 code *edit* on ppp3) ath00 STA 00 *edit* IEEE 802.11 WiFi registration failed OUT BLOCK first packet is invalid (not in TCP window) BLOCKED five more packets (because of packet invalid in connection ) BLOCKED three more packets BLOCKED two more packets TCP reset attack suspected WPS registration completed successfully *I havnt used WPS* OPEN WIFI IP sec is up *what?* CWMP initializing transaction for event code 2 periodic CWMP session start now event code(s)2 periodic 4 value change CWMP Server URL https://pbthdm.BT.mo connecting as user A** username HTTP authentication success STP ALERT port eth0 leaving blocking state *what?* WAN auto sensing PTM over DSL is up PPP LCP Send config request PPPoe is up WAN operating mode is VDSL NTP sync start CWMP download file, file type=one BLOCK remote admin ICMP type 8 code
There are many, many more, and as I've said this is the first time I've seen any of these, only 6 weeks ago the logs were completely different and it was the same hub, a hub 5. It also says the broadband password is not configured but whenever I try to click on anything to do with broadband password, username or settings, it just says "internet is working you have no need"? Nice
the broadband password is not needed as the home hub uses your phone number to authenticate the rest I just the hubs firewall doing its job you have nothing to worry over WPS is just showing it is available and CWMP Server is just your hub talking to BT's hub update server again nothing to worry over
Well thanks for answering and especially for explaining the broadband password issue for me has no one had before, cheers. It puts my mind somewhat at ease, I knew that because I was seeing all the blocks etc that it meant that, this time, the firewall was actually working, but I'm still curious as the big change in the event logs and why I'm no longer able to save them? Or do a backup of the hub? I just want to understand what I'm working with now really, is it completely new software that's made the change perhaps? I've got screenshots etc of the old settings showing all the unkown devices etc but not sure how to post them on here. My main problem was the unknown devices that got through the previous hubs firewall, the hub manager saying an unknown device was connected via Ethernet when nothing was and why all of a sudden I'm able to access settings in the IPV6? Really appreciate someone giving a quick explanation to link local address or a link? And also ULA under IPV6 settings. * Spoke to soon lol, the IPV6 settings have suddenly vanished back to the old look "Your devices can't connect" yet a few hours earlier it clearly said I was using it?? And in logs the newest one 12.04 am, which was REALLY WEIRD as it was 10 seconds after midnight :-/ Crazy.
Thanks for your comment, I've recently found out that the IP only changes with a hub restart, we tried that with the faults team in India, and a reboot, factory reset, still no change hence why they sent me a new hub I guess. It seemed that somehow the old one was using a link local address that was assigned from my phone (underneath the IP address in settings it even shows the fe08:** etc) and was showing that all.over the internet whenever the security randomly turned itself off from Encrypted to Open. But thanks for the comment.
IPV6 is now being activated by BT but is still in a trial state and does occasionally get turned off so again nothing to worry over the firmware only make minor changes like activating IPV6 etc. there are many references to IPV 6 just do a google search for more information