Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Router system Log showing concerning entries.

Options
  • 23-09-2015 1:10pm
    #1
    Tinder Surprise
    Registered Users Posts: 1,462 ✭✭✭


    Hi,

    My router is showing some attempted logins from foreign I.P addresses (mainly eastern European) on numerous occasions from different I.P's which I am concerned about.

    (eg)

    Sep 22 00:37:37 HTTP login: Detect abnormal logins at 40 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:38 HTTP login: Detect abnormal logins at 45 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:39 HTTP login: Detect abnormal logins at 50 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:40 HTTP login: Detect abnormal logins at 55 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:41 HTTP login: Detect abnormal logins at 60 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:42 HTTP login: Detect abnormal logins at 65 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:43 HTTP login: Detect abnormal logins at 70 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:44 HTTP login: Detect abnormal logins at 75 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:45 HTTP login: Detect abnormal logins at 80 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:46 HTTP login: Detect abnormal logins at 85 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:47 HTTP login: Detect abnormal logins at 90 times. The newest one was from 91.226.212.39.
    Sep 22 00:37:48 HTTP login: Detect abnormal logins at 95 times. The newest one was from 91.226.212.39.


    Sep 22 15:06:30 HTTP login: Detect abnormal logins at 5 times. The newest one was from 82.118.237.100.
    Sep 22 15:06:32 HTTP login: Detect abnormal logins at 10 times. The newest one was from 82.118.237.100.
    Sep 22 15:06:35 HTTP login: Detect abnormal logins at 15 times. The newest one was from 82.118.237.100.
    Sep 22 15:06:37 HTTP login: Detect abnormal logins at 20 times. The newest one was from 82.118.237.100.
    Sep 22 15:06:40 HTTP login: Detect abnormal logins at 25 times. The newest one was from 82.118.237.100.
    Sep 22 15:06:42 HTTP login: Detect abnormal logins at 30 times. The newest one was from 82.118.237.100.


    any ideas or recommendations on what to do next?


Comments

  • Options
    #2
    Cuddlesworth
    Registered Users Posts: 13,981 ✭✭✭✭Cuddlesworth


    Probably just bots trying to brute force the username/password.

    Do you need remote management? If not turn it off.

    Otherwise enable timeout settings on your router.


  • Options
    #3
    Tinder Surprise
    Registered Users Posts: 1,462 ✭✭✭Tinder Surprise


    Cuddlesworth wrote: »
    Probably just bots trying to brute force the username/password.

    Do you need remote management? If not turn it off.

    Otherwise enable timeout settings on your router.

    thanks for the reply!

    Can you explain a bit more about 'timeout settings' please


  • Options
    #4
    Cuddlesworth
    Registered Users Posts: 13,981 ✭✭✭✭Cuddlesworth


    You would usually have an option to set a timeout or lockout on failed login attempts. Depends on the manufacturer where its located or what its called exactly.


  • Options
    #5
    ED E
    Registered Users Posts: 36,166 ✭✭✭✭ED E


    What router is that? It really shouldnt allow 5 attempts per second continually.

    Really you should turn of remote access unless theres a strong reason to keep it on.


  • Options
    #6
    Tinder Surprise
    Registered Users Posts: 1,462 ✭✭✭Tinder Surprise


    ED E wrote: »
    What router is that? It really shouldnt allow 5 attempts per second continually.

    Really you should turn of remote access unless theres a strong reason to keep it on.


    Asus .. cant see anywhere to change timeouts etc

    I need to remote access for VPN options, and if wife at home has issues whilst i am in work.

    edit:

    I have changed WAN access port from the default 8080 to something else.
    I know, I know silly me.:o

    this should help, right?


  • Advertisement
  • Options
    #7
    Cuddlesworth
    Registered Users Posts: 13,981 ✭✭✭✭Cuddlesworth


    Tinder Surprise wrote: »
    Asus .. cant see anywhere to change timeouts etc

    I need to remote access for VPN options, and if wife at home has issues whilst i am in work.

    edit:

    I have changed WAN access port from the default 8080 to something else.
    I know, I know silly me.:o

    this should help, right?

    Doubt it, it presents a HTTP or HTTPS connection external which bots will pick up on regardless of the source. Asus doesn't have any real options on remote lockout if you're not using AIcloud.

    I'm not sure why you would possibly need access to the web interface for VPN issues. It sounds like a silly solution to a bad problem.


  • Options
    #8
    ED E
    Registered Users Posts: 36,166 ✭✭✭✭ED E


    Cuddlesworth wrote: »
    I'm not sure why you would possibly need access to the web interface for VPN issues. It sounds like a silly solution to a bad problem.

    This. Unless you're IPSEC tunneling everything from your router to another.

    Kill remote management and setup Teamviewer on the wifes devices. You can open an on demand connection to help if needed but be stealthed to port scans.


Advertisement