Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | [4] | 5 | (show all)   Print Thread
Standard User BatBoy
(sensei) Tue 02-May-17 10:47:39
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
My HG612 was supplied by BT so the default state of the firewall was named "BT" which prevented any access at all. I don't know which of the various firewall settings are default on yours.

The request to drop PPPoE is sent by BT's TR069 server. This is standard practice and plagues everyone on BT as I've already said. It is what led me to unlocking my HG612 in the first place to disable TR069 to stop it happening, as soon as Asbokid's unlocked firmware was available.

Did you use the Mega firmware suffixed by _webgui to unlock yours? That's the one I recommend as it has TR069 disabled by default.
Standard User bowdon
(committed) Tue 02-May-17 11:07:30
Print Post

Re: Hacked?


[re: BatBoy] [link to this post]
 
Its the router that decides what to do with the connection. The HG612 acting as a modem acts on whatever the router is saying.

As you say the TR069 thing is what plagues a lot of BT devices, mainly the home hubs.

To the OP, I'd recommend you use a different compatable router. I use the ASUS RT-N66U. But I'm not sure of what connection your on, and others can recommend other routers too.

From what I can tell you've done everything right as far as the HG612 is concerned, as long as you turned off the settings recommended earlier in the thread. Imho you need a better router to replace the HH.

Demon => Freeserve => Pipex => Be => Sky => BT Infinity 2
Standard User wolvesmad
(fountain of knowledge) Tue 02-May-17 11:44:03
Print Post

Re: Hacked?


[re: bowdon] [link to this post]
 
The PTM settings I have now removed. Bit reluctant to leave the HG612 running whilst at work today so will test and monitor it later.

I'm not sure if the HH5 still does its 14 day reboot when running in PPPOE but up until Friday the PPP connection had been up for over a month no issues.

Looking at the logs it does look as if the HH5 has asked the HG612 to drop the PPPOE.

Why it doesn't do this when running the DSL connection I don't understand.

-

BT BroadbandInfinity 2


Register (or login) on our website and you will not see this ad.

Standard User kitcat
(experienced) Tue 02-May-17 20:23:58
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
Could attempts be linked to the regular HTTP authentication fails I see in my log?

00:49:39,29 Apr. HTTP authentication Fail from 123.151.42.xx
19:47:10,29 Apr. HTTP authentication Fail from 93.174.93.xxx
01:17:23,30 Apr. HTTP authentication Fail from 123.151.42.xx
12:59:57,30 Apr. HTTP authentication Fail from 185.40.4.xxx
00:06:08,01 May. HTTP authentication Fail from 93.174.93.xxx
02:51:00,01 May. HTTP authentication Fail from 123.151.42.xx
03:13:37,02 May. HTTP authentication Fail from 123.151.42.xx
03:35:31,02 May. HTTP authentication Fail from 93.174.93.xxx
16:09:13,02 May. HTTP authentication Fail from 139.162.87.xxx

I have also had a successful authentication that appears to be from BT asking the hub to reboot
CWMP:Reboot.

which it did, as is 'normal' every so often.
Standard User wolvesmad
(fountain of knowledge) Wed 03-May-17 08:49:25
Print Post

Re: Hacked?


[re: kitcat] [link to this post]
 
In the HG612 I changed the default password, removed TR069 and made sure CWMP was disabled.

Checking the logs etc the connection survived the night and no traces of PPP drops in the router logs.

Checked the HG612 and it has dropped at some point as the line rate has dropped from 61403 kbit/s / 20000 kbit/s to 59990kbit/s which is strange as the line will usually sit at 62/63 for months.

Is there a log in the HG612 which will tell me when the PPP dropped and why?

The only thing I can think of is DLM as Monday night the HH5 rebooted 3 times.

-

BT BroadbandInfinity 2
Standard User BatBoy
(sensei) Wed 03-May-17 11:09:45
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
As far as I'm aware, DLM will take action if you have too many Error Seconds or too many disconnections in 24 hours. I think banding is applied for too many disconnections.

The best way I know to monitor this is to run the modem monitor DSLStats 24*7 and upload to mydslwebstats which takes care of all the monitoring for you. You can run DSLStats on a Raspberry Pi if you don't have a 24*7 server available.
Standard User wolvesmad
(fountain of knowledge) Wed 03-May-17 11:29:36
Print Post

Re: Hacked?


[re: BatBoy] [link to this post]
 
This is what I find hard to believe as the HG612 was saying 340 CRC errors, 170 HEC errors and very little errors on the upstream in 12 hours uptime.

G.INP is running on the line.

I've had a dig around online and now know how to view the logs on the HG612 so i'll monitor what time it is re-syncing now.

I haven't got a Rasperry Pi but do have an Android box running Android 6, not sure if it can be configured on that?

-

BT BroadbandInfinity 2

Edited by wolvesmad (Wed 03-May-17 11:31:11)

Standard User BatBoy
(sensei) Wed 03-May-17 12:37:22
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
I don't think the stats reported by the HG612 web interface are correct, I think you have to get them from telnet

I don't think DSLStats runs on android.
Standard User wolvesmad
(fountain of knowledge) Wed 03-May-17 13:05:48
Print Post

Re: Hacked?


[re: BatBoy] [link to this post]
 
I'll check via Telnet later after work.

What would you say are high error figures for nearly 24 hours uptime?

-

BT BroadbandInfinity 2
Standard User BatBoy
(sensei) Wed 03-May-17 15:01:18
Print Post

Re: Hacked?


[re: wolvesmad] [link to this post]
 
Kitz has a DLM calculator http://www.kitz.co.uk/adsl/DLM_calculator.php

And detailed info http://www.kitz.co.uk/adsl/DLM.htm
Pages in this thread: 1 | 2 | 3 | [4] | 5 | (show all)   Print Thread

Jump to