cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Aspiring Contributor
315 Views
Message 31 of 35

Re: My network is under attack

I think he's getting bored;

21:57:14, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [195.181.164.15]:443-​>[86.170.221.8]:49976 on ppp3)
21:57:09, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [195.181.164.15]:443-​>[86.170.221.8]:49939 on ppp3)
21:57:05, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [195.181.164.15]:443-​>[86.170.221.8]:49976 on ppp3)
21:57:02, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:57:01, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [195.181.164.15]:443-​>[86.170.221.8]:49939 on ppp3)
21:56:59, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [195.181.164.15]:443-​>[86.170.221.8]:49976 on ppp3)
21:56:55, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [195.181.164.15]:443-​>[86.170.221.8]:49939 on ppp3)
21:55:16, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [13.91.108.19]:443-​>[86.170.221.8]:49849 on ppp3)
21:43:23, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [209.197.3.15]:443-​>[86.170.221.8]:49364 on ppp3)
21:42:14, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.206.99]:443-​>[86.170.221.8]:49476 on ppp3)
21:17:27, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:17:26, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [99.86.255.66]:443-​>[86.170.221.8]:65081 on ppp3)
21:17:11, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:17:01, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [99.86.255.66]:443-​>[86.170.221.8]:65081 on ppp3)
21:17:01, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [99.86.255.15]:443-​>[86.170.221.8]:65080 on ppp3)
21:16:58, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:16:57, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [99.86.255.15]:443-​>[86.170.221.8]:65080 on ppp3)
21:16:56, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:16:55, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [99.86.255.15]:443-​>[86.170.221.8]:65080 on ppp3)
21:08:15, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:08:14, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.210.35]:443-​>[86.170.221.8]:64824 on ppp3)
21:07:58, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.210.35]:443-​>[86.170.221.8]:64826 on ppp3)
21:07:57, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.210.35]:443-​>[86.170.221.8]:64824 on ppp3)
21:07:50, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:07:49, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.210.35]:443-​>[86.170.221.8]:64824 on ppp3)
21:07:47, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:07:46, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [54.241.152.182]:443-​>[86.170.221.8]:64797 on ppp3)
21:07:46, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:07:45, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.210.35]:443-​>[86.170.221.8]:64824 on ppp3)
21:07:44, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
21:07:43, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.210.35]:443-​>[86.170.221.8]:64824 on ppp3)
20:55:02, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [199.232.57.140]:443-​>[86.170.221.8]:64453 on ppp3)
20:48:02, 13 Apr. OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [86.170.221.8]:33561-​>[193.113.11.77]:53060 on ppp3)
20:47:54, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [157.240.1.35]:443-​>[86.170.221.8]:64154 on ppp3)
20:42:08, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [157.240.1.35]:443-​>[86.170.221.8]:63847 on ppp3)
20:42:07, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
20:42:06, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [178.250.2.146]:443-​>[86.170.221.8]:63921 on ppp3)
20:42:05, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [178.250.0.157]:443-​>[86.170.221.8]:63943 on ppp3)
20:42:05, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
20:42:04, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [185.235.84.72]:443-​>[86.170.221.8]:63945 on ppp3)
20:41:52, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [109.144.3.145]:443-​>[86.170.221.8]:63852 on ppp3)
20:41:19, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [157.240.1.35]:443-​>[86.170.221.8]:63820 on ppp3)
20:39:38, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.211.162]:443-​>[86.170.221.8]:63918 on ppp3)
20:39:38, 13 Apr. BLOCKED 3 more packets (because of Packet invalid in connection)
20:39:37, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.61.140]:443-​>[86.170.221.8]:63903 on ppp3)
20:39:37, 13 Apr. BLOCKED 2 more packets (because of Packet invalid in connection)
20:39:37, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.61.140]:443-​>[86.170.221.8]:63899 on ppp3)
20:39:22, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.211.162]:443-​>[86.170.221.8]:63918 on ppp3)
20:39:22, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
20:39:22, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.61.140]:443-​>[86.170.221.8]:63906 on ppp3)
20:39:22, 13 Apr. BLOCKED 4 more packets (because of Packet invalid in connection)
20:39:21, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.61.140]:443-​>[86.170.221.8]:63899 on ppp3)
20:39:14, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.211.162]:443-​>[86.170.221.8]:63918 on ppp3)
20:39:14, 13 Apr. BLOCKED 6 more packets (because of Packet invalid in connection)
20:39:13, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.61.140]:443-​>[86.170.221.8]:63899 on ppp3)
20:39:10, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.211.162]:443-​>[86.170.221.8]:63918 on ppp3)
20:39:10, 13 Apr. BLOCKED 7 more packets (because of Packet invalid in connection)
20:39:08, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.211.162]:443-​>[86.170.221.8]:63918 on ppp3)
20:39:08, 13 Apr. BLOCKED 1 more packets (because of Packet invalid in connection)
20:39:08, 13 Apr. IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [88.221.0.26]:443-​>[86.170.221.8]:63793 on ppp3)
20:39:08, 13 Apr. BLOCKED 6 more packets (because of Packet invalid in connection)
20:39:07, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.61.140]:443-​>[86.170.221.8]:63899 on ppp3)
20:39:01, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [68.142.70.29]:443-​>[86.170.221.8]:63844 on ppp3)
20:38:28, 13 Apr. BLOCKED 2 more packets (because of Packet invalid in connection)
20:38:27, 13 Apr. IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp
0 Ratings
Reply
Aspiring Contributor
272 Views
Message 32 of 35

Re: My network is under attack

Hi Chris.  I bet this is an HH5 type A isn’t it?  Unfortunately, they are a bit overly enthusiastic about what they log.  The type B is far better.  Sadly, there are automated bots all over the internet today probing any system they can find and then flagging the hacker when they find a vulnerable system.  Most modern kit doesn’t even bother to log this unless it’s told to.  I’m pretty sure. as someone pointed out, that the machine that is toast is down to a failed hard disk.  I’d rebuild your system, give it a thorough antivirus scan, ignore the logs and carry on as normal if I were you.

 

The stuff you really need to worry about is the things the firewall sees as legit and lets through without logging…just messing with you there.  Well, sort of.  The default on most basic firewalls is allow all outgoing traffic, block all unsolicited incoming.  If someone was getting through the firewall the most likely scenario is malware in your system sending an outgoing connection that the bad guys then use it to get in.  As this is a reply to outgoing traffic “you” solicited, the firewall sees it as legit and doesn’t even log it.  As I said, do a though AV scan, including any backups you restored data from.

 

Let me give you an example.  My old-age pensioner mother had an HH5A for 4 or 5 years that I used to maintain.  Every time I looked at the logs it was full of this nonsense but her “network” consisted of a laptop that was turned off 99% of the time and a Youview box.  I never bothered about the logs because I know this sort of nonsense is normal today and even if anyone had got in, they would not be able to go anywhere.  Did she have any problems in that 4-5 year?  No, not one.  It’s always difficult to be sure without having seen it first hand, but I’m reasonably sure you don’t need to worry here.

Aspiring Contributor
239 Views
Message 33 of 35

Re: My network is under attack

Is this normal?

09:16:53, 17 Apr. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [188.244.143.254]:17571 ppp3 NAPT)
09:16:52, 17 Apr. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [5.251.38.99]:6889 ppp3 NAPT)
09:16:52, 17 Apr. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [5.189.157.90]:12057 ppp3 NAPT)
09:16:51, 17 Apr. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [177.181.171.190]:44661 ppp3 NAPT)
09:16:46, 17 Apr. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [171.98.37.118]:60281 ppp3 NAPT)
09:16:43, 17 Apr. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [147.158.238.215]:22114 ppp3 NAPT)
09:16:41, 17 Apr. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [71.56.85.127]:6881 ppp3 NAPT)
09:16:41, 17 Apr. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [188.115.253.0]:48956 ppp3 NAPT)
09:16:41, 17 Apr. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [157.34.171.70]:44976 ppp3 NAPT)
09:16:38, 17 Apr. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.67]:43062 <-​-​> [86.170.221.8]:43062 -​ -​ -​ [202.67.46.12]:45537 ppp3 NAPT)
0 Ratings
Reply
Distinguished Sage
Distinguished Sage
231 Views
Message 34 of 35

Re: My network is under attack

Depends if you have set up port forwarding for port 43062 to IP address 192.168.1.67 or have UPnP enabled.

0 Ratings
Reply
Aspiring Contributor
205 Views
Message 35 of 35

Re: My network is under attack

As in previous replies, still have all ports disabled, UDP off, and UPnP off.

Now ordered a new TP-link router.

0 Ratings
Reply