cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Aspiring Expert
514 Views
Message 21 of 35

Re: My network is under attack

Do you have a dynamic dns service running? That would also update your details.

 

0 Ratings
Reply
Highlighted
Aspiring Contributor
512 Views
Message 22 of 35

Re: My network is under attack

No, nothing like that active 😢

0 Ratings
Reply
Highlighted
Aspiring Expert
493 Views
Message 23 of 35

Re: My network is under attack

If you know the attack will start again after say 20 minutes, you could try restarting each individual network device, 1 every 30 minutes. That might point out the offending device. 

0 Ratings
Reply
Highlighted
Aspiring Contributor
488 Views
Message 24 of 35

Re: My network is under attack

Ok well this is interesting.

I turned off my PC and disconected it from the router. I factory reset the router.

I waited 15 minutes then I connected to the router, it had been under attack the entire time...
There was nothing connected to the network.

0 Ratings
Reply
Highlighted
Aspiring Expert
471 Views
Message 25 of 35

Re: My network is under attack

And your BT IP address changed to a new one?

0 Ratings
Reply
Highlighted
Aspiring Contributor
469 Views
Message 26 of 35

Re: My network is under attack

Yup 😥

It can't be someone in my neighbourhood because I disable wireless and it continues.
What the hell... Can the router have code in it?

0 Ratings
Reply
Highlighted
Aspiring Expert
457 Views
Message 27 of 35

Re: My network is under attack

What kind of router are you using?

i must admit I use a tp-link one so no idea if those are normal log messages for your type of router. 

As said before it appears that the router is doing it’s job blocking the traffic 

Highlighted
Aspiring Contributor
451 Views
Message 28 of 35

Re: My network is under attack

Homehub 5.

I've been running this set-up for about 6 years with my port forwarding rules and lack of protection and never had a problem like this. These are definitely not normal logs.

I can only assume the first attack a couple of weeks ago has left malware in my router, which i've never heard of being possible.

Are TP-link a brand you'd reccomend? I'm looking at an Archer C6 at the moment to try them out.

0 Ratings
Reply
Highlighted
Aspiring Expert
444 Views
Message 29 of 35

Re: My network is under attack

Not heard of router malware, but I guess it could be technically possible, however a factory reset should take care of that. 

I’ll have to leave it to someone with a hh5 to reply on the log files I’m afraid 

Highlighted
Aspiring Contributor
424 Views
Message 30 of 35

Re: My network is under attack

For anyone interested this is my standard event log now.
Before, it would be 5 or six entries a week.
Had to trim it to under 20,000 characters.

 

18:46:16, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [157.240.221.35]:443-​>[86.170.221.8]:60128 on ppp3)
18:46:14, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [157.240.221.16]:443-​>[86.170.221.8]:60126 on ppp3)
18:45:25, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [178.79.206.249]:443-​>[86.170.221.8]:60261 on ppp3)
18:45:12, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [178.79.250.143]:443-​>[86.170.221.8]:60242 on ppp3)
18:44:49, 13 Apr.BLOCKED 2 more packets (because of Packet invalid in connection)
18:44:48, 13 Apr.BLOCKED 1 more packets (because of Packet invalid in connection)
18:44:47, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [68.142.70.29]:443-​>[86.170.221.8]:60222 on ppp3)
18:44:41, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [68.142.68.29]:443-​>[86.170.221.8]:60189 on ppp3)
18:44:39, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [13.92.41.80]:443-​>[86.170.221.8]:60145 on ppp3)
18:44:22, 13 Apr.BLOCKED 1 more packets (because of Packet invalid in connection)
18:44:21, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [178.250.0.162]:443-​>[86.170.221.8]:59949 on ppp3)
18:43:21, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [157.240.221.35]:443-​>[86.170.221.8]:58929 on ppp3)
18:42:21, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.205.42]:443-​>[86.170.221.8]:60091 on ppp3)
18:42:16, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [178.250.0.163]:443-​>[86.170.221.8]:59872 on ppp3)
18:42:15, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [178.250.0.157]:443-​>[86.170.221.8]:59874 on ppp3)
18:42:15, 13 Apr.BLOCKED 1 more packets (because of Packet invalid in connection)
18:42:14, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [178.250.6.79]:443-​>[86.170.221.8]:59880 on ppp3)
18:42:08, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.205.42]:443-​>[86.170.221.8]:60054 on ppp3)
18:42:07, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [178.250.0.130]:443-​>[86.170.221.8]:59871 on ppp3)
18:42:01, 13 Apr.BLOCKED 1 more packets (because of Packet invalid in connection)
18:41:59, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.17.140]:443-​>[86.170.221.8]:60028 on ppp3)
18:41:51, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.205.42]:443-​>[86.170.221.8]:60054 on ppp3)
18:41:45, 13 Apr.BLOCKED 2 more packets (because of Packet invalid in connection)
18:41:43, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.17.140]:443-​>[86.170.221.8]:60028 on ppp3)
18:41:37, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.205.42]:443-​>[86.170.221.8]:60054 on ppp3)
18:41:35, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.61.140]:443-​>[86.170.221.8]:60029 on ppp3)
18:41:35, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.17.140]:443-​>[86.170.221.8]:60028 on ppp3)
18:41:32, 13 Apr.BLOCKED 1 more packets (because of Packet invalid in connection)
18:41:31, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.17.140]:443-​>[86.170.221.8]:60028 on ppp3)
18:41:30, 13 Apr.BLOCKED 1 more packets (because of Packet invalid in connection)
18:41:29, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [151.101.17.140]:443-​>[86.170.221.8]:60028 on ppp3)
18:40:54, 13 Apr.( 1751.190000) Lease for IP 192.168.1.66 issued for host Unknown-​00-​19-​fb-​42-​ea-​49 (MAC 00:19:fb:42:ea:49). Lease duration: 1440 min
18:40:54, 13 Apr.( 1751.190000) Device connected: Hostname: Unknown-​00-​19-​fb-​42-​ea-​49 IP: 192.168.1.66 MAC: 00:19:fb:42:ea:49 Lease time: 1440 min. Link rate: 100.0 Mbps
18:40:54, 13 Apr.( 1751.080000) Lease requested
18:40:52, 13 Apr.( 1749.440000) Wire Lan Port 1 up
18:40:27, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [204.109.13.121]:443-​>[86.170.221.8]:59940 on ppp3)
18:40:21, 13 Apr.IN: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP [13.91.108.19]:443-​>[86.170.221.8]:59741 on ppp3)
18:39:51, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.227]:443-​>[86.170.221.8]:59887 on ppp3)
18:39:49, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.227]:443-​>[86.170.221.8]:59882 on ppp3)
18:39:48, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [172.217.169.67]:443-​>[86.170.221.8]:59876 on ppp3)
18:39:35, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.227]:443-​>[86.170.221.8]:59887 on ppp3)
18:39:33, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.227]:443-​>[86.170.221.8]:59882 on ppp3)
18:39:32, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [172.217.169.67]:443-​>[86.170.221.8]:59876 on ppp3)
18:39:27, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.227]:443-​>[86.170.221.8]:59887 on ppp3)
18:39:25, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.227]:443-​>[86.170.221.8]:59882 on ppp3)
18:39:24, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [172.217.169.67]:443-​>[86.170.221.8]:59876 on ppp3)
18:39:23, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.227]:443-​>[86.170.221.8]:59887 on ppp3)
18:39:22, 13 Apr.BLOCKED 1 more packets (because of Packet invalid in connection)
18:39:21, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.227]:443-​>[86.170.221.8]:59882 on ppp3)
18:39:20, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [172.217.169.67]:443-​>[86.170.221.8]:59876 on ppp3)
18:39:19, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [216.58.204.227]:443-​>[86.170.221.8]:59882 on ppp3)
18:39:19, 13 Apr.BLOCKED 1 more packets (because of Packet invalid in connection)
18:39:18, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [172.217.169.67]:443-​>[86.170.221.8]:59876 on ppp3)
18:39:02, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [104.82.132.30]:443-​>[86.170.221.8]:59752 on ppp3)
18:38:59, 13 Apr.IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [68.142.68.29]:443-​>[86.170.221.8]:59831 on ppp3)
18:38:55, 13 Apr.BLOCKED 2 more packets (because of Packet invalid in connection)
0 Ratings
Reply