cancel
Showing results for 
Search instead for 
Did you mean: 
jgkilian777
Aspiring Contributor
768 Views
Message 1 of 11

Fishy log, please tell me if this is normal

Go to solution

I disconnect very briefly (not enough to fail to load a webpage, but enough to break connection to an online virtual machine thing). I'm not sure if this is related, but my phone always disconnects from internet (not from hub). Here's the log:

 

16:44:45, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [69.118.164.19]:42732 ppp3 NAPT)
16:42:40, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>69.118.164.19 on ppp3)
16:42:38, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [69.118.164.19]:42732 ppp3 NAPT)
16:42:33, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [98.176.6.9]:38782 ppp3 NAPT)
16:40:31, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>98.176.6.9 on ppp3)
16:40:27, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [98.176.6.9]:38782 ppp3 NAPT)
16:40:25, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:38:25, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:38:21, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:38:21, 31 Mar.IN: BLOCK [41] UDP Flood Protection (UDP [88.113.28.118]:56146-​>[192.168.1.67]:18141 on ppp3)
16:38:21, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:38:18, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:38:18, 31 Mar.IN: BLOCK [41] UDP Flood Protection (UDP [88.113.28.118]:56146-​>[192.168.1.67]:18141 on ppp3)
16:38:18, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:32:12, 31 Mar.BLOCKED 1 more packets (because of Remote administration)
16:32:11, 31 Mar.IN: BLOCK [16] Remote administration (TCP [141.212.122.106]:45525-​>[86.162.160.124]:443 on ppp3)
16:29:55, 31 Mar.(1021677.460000) Admin login successful by 192.168.1.67 on HTTP
16:29:48, 31 Mar.(1021669.910000) New GUI session from IP 192.168.1.67
16:27:30, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:26:37, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [69.118.164.19]:42732 ppp3 NAPT)
16:25:24, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>88.113.28.118 on ppp3)
16:25:22, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:24:31, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>69.118.164.19 on ppp3)
16:24:30, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [69.118.164.19]:42732 ppp3 NAPT)
0 Ratings
10 REPLIES 10
jgkilian777
Aspiring Contributor
763 Views
Message 2 of 11

Re: Fishy log, please tell me if this is normal

Go to solution

Mainly the udp flood protection and the remote administration ones that bother me, and the list is like 100 times longer but cant post it all here, heres a little more since im posting again anyway:

 

16:23:16, 31 Mar.(1021278.390000) Lease for IP 192.168.1.72 renewed by host android-​cc1a35d897b4968e (MAC 7c:f9:0e:e2:8c:cd). Lease duration: 1440 min
16:23:16, 31 Mar.(1021278.390000) Device connected: Hostname: android-​cc1a35d897b4968e IP: 192.168.1.72 MAC: 7c:f9:0e:e2:8c:cd Lease time: 1440 min. Link rate: 52.8 Mbps
16:23:16, 31 Mar.(1021278.330000) Lease requested
16:23:14, 31 Mar.ath00: STA 7c:f9:0e:e2:8c:cd IEEE 802.11: Client associated
16:21:54, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:19:48, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>88.113.28.118 on ppp3)
16:19:46, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:12:00, 31 Mar.IN: BLOCK [16] Remote administration (TCP [74.82.47.12]:44757-​>[86.162.160.124]:80 on ppp3)
16:11:15, 31 Mar.IN: BLOCK [16] Remote administration (TCP [93.174.93.94]:53707-​>[86.162.160.124]:80 on ppp3)
16:11:05, 31 Mar.BLOCKED 3 more packets (because of First packet is Invalid)
16:11:03, 31 Mar.OUT: BLOCK [65] First packet is Invalid (Invalid tcp flags for current tcp state: TCP [192.168.1.66]:64800-​>[213.123.252.144]:443 on ppp3)
16:09:12, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [98.176.6.9]:38782 ppp3 NAPT)
16:08:21, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:08:04, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [69.118.164.19]:42732 ppp3 NAPT)
16:07:06, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>98.176.6.9 on ppp3)
16:07:04, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [98.176.6.9]:38782 ppp3 NAPT)
16:06:59, 31 Mar.IN: BLOCK [16] Remote administration (TCP [178.187.138.191]:37960-​>[86.162.160.124]:22 on ppp3)
16:06:15, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>88.113.28.118 on ppp3)
16:06:13, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
16:05:59, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>69.118.164.19 on ppp3)
16:05:57, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [69.118.164.19]:42732 ppp3 NAPT)
15:54:41, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
15:52:35, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>88.113.28.118 on ppp3)
15:52:33, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [88.113.28.118]:56146 ppp3 NAPT)
15:49:50, 31 Mar.IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​ [69.118.164.19]:42732 ppp3 NAPT)
15:48:48, 31 Mar.IN: BLOCK [16] Remote administration (TCP [73.252.163.57]:38361-​>[86.162.160.124]:80 on ppp3)
15:48:48, 31 Mar.IN: BLOCK [16] Remote administration (TCP [73.252.163.57]:38360-​>[86.162.160.124]:80 on ppp3)
15:48:29, 31 Mar.IN: BLOCK [16] Remote administration (TCP [73.252.163.57]:38361-​>[86.162.160.124]:443 on ppp3)
15:48:29, 31 Mar.IN: BLOCK [16] Remote administration (TCP [73.252.163.57]:38360-​>[86.162.160.124]:443 on ppp3)
15:48:18, 31 Mar.IN: BLOCK [16] Remote administration (ICMP type 8 code 0 73.252.163.57-​>86.162.160.124 on ppp3)
15:47:44, 31 Mar.OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3 192.168.1.67-​>69.118.164.19 on ppp3)
15:47:42, 31 Mar.IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:18141 <-​-​> [86.162.160.124]:18141 -​ -​ -​
0 Ratings
Distinguished Sage
Distinguished Sage
749 Views
Message 3 of 11

Re: Fishy log, please tell me if this is normal

Go to solution

Assuming you have an application which is opening incoming ports to other users on the Internet, then there is nothing wrong.

If you are not knowingly opening ports, then go into the home hub settings and disable uPnP.

 

The device affected is at IP address 192.168.1.67. Port open is 18141.

 

jgkilian777
Aspiring Contributor
742 Views
Message 4 of 11

Re: Fishy log, please tell me if this is normal

Go to solution

Thats the ip of my pc, I was using a virtual machine at the time but I thought the logged events were the cause of the drop in connection to the virtual machine, not the other way around. I'll check the logs when I havent been using it for a while, is the udp flood also normal?

0 Ratings
Distinguished Sage
Distinguished Sage
740 Views
Message 5 of 11

Re: Fishy log, please tell me if this is normal

Go to solution

@jgkilian777 wrote:

Thats the ip of my pc, I was using a virtual machine at the time but I thought the logged events were the cause of the drop in connection to the virtual machine, not the other way around. I'll check the logs when I havent been using it for a while, is the udp flood also normal?


Just a lot of incoming UDP traffic.

 

 

jgkilian777
Aspiring Contributor
728 Views
Message 6 of 11

Re: Fishy log, please tell me if this is normal

Go to solution

Okay, thanks for your reassurance.

0 Ratings
Wren
Aspiring Contributor
473 Views
Message 7 of 11

Re: Fishy log, please tell me if this is normal

Go to solution

@Keith_Beddoe wrote:

Assuming you have an application which is opening incoming ports to other users on the Internet, then there is nothing wrong.

If you are not knowingly opening ports, then go into the home hub settings and disable uPnP.

 

The device affected is at IP address 192.168.1.67. Port open is 18141.

 


if that's your ip address mate, why is it showing up in my hub log!!!! 

0 Ratings
Wren
Aspiring Contributor
466 Views
Message 8 of 11

Re: Fishy log, please tell me if this is normal

Go to solution

 


@Keith_Beddoe wrote:

Assuming you have an application which is opening incoming ports to other users on the Internet, then there is nothing wrong.

If you are not knowingly opening ports, then go into the home hub settings and disable uPnP.

 

The device affected is at IP address 192.168.1.67. Port open is 18141.

 



I have just disabled my upnp too, thanks for the info 🙂 

0 Ratings
Wren
Aspiring Contributor
462 Views
Message 9 of 11

Re: Fishy log, please tell me if this is normal

Go to solution

@Wren wrote:

 


@Keith_Beddoe wrote:

Assuming you have an application which is opening incoming ports to other users on the Internet, then there is nothing wrong.

If you are not knowingly opening ports, then go into the home hub settings and disable uPnP.

 

The device affected is at IP address 192.168.1.67. Port open is 18141.

 



I have just disabled my upnp too, thanks for the info 🙂 

 

 

it didn't stop it though 😞 

 

0 Ratings
Distinguished Guru
402 Views
Message 10 of 11

Re: Fishy log, please tell me if this is normal

Go to solution
192.168.1.67 is in the private range of all BT homehubs.
(If I have helped you in any way please click the thumbs up. Thank You)
If I have solved your Issue please click the "Mark as accepted solution" button.