Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Bales1983
(regular) Fri 11-Dec-15 07:11:49
Print Post

Random overnight activity on router log


[link to this post]
 
Hi Guys,

Have a new Plusnet Hub One (rebranded BT Home Hub 5A) last night i saw some activity which i was wondering if anyone could interpret?

It seems to be incoming connections aimed at a device that was switched off at the time?

Can anyone make sense of what this may be? (replaced my external IP with ***.***.***.***) also i have no port forwarding set up so maybe UPNP?

Many thanks all smile

05:15:14, 11 Dec. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [178.93.251.109]:6881 ppp3 NAPT)
05:13:14, 11 Dec. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [178.93.251.109]:6881 ppp3 NAPT)
05:09:26, 11 Dec. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]]:6889 -&#8203; -&#8203; -&#8203; [137.175.217.57]:9232 ppp3 NAPT)
05:07:26, 11 Dec. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [137.175.217.57]:9232 ppp3 NAPT)
05:00:48, 11 Dec. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;>[***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [110.142.118.100]:50321 ppp3 NAPT)
04:58:48, 11 Dec. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [110.142.118.100]:50321 ppp3 NAPT)
04:57:30, 11 Dec. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [52.1.199.191]:8618 ppp3 NAPT)
04:57:10, 11 Dec. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [61.150.43.122]:1727 ppp3 NAPT)
04:55:30, 11 Dec. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [52.1.199.191]:8618 ppp3 NAPT)
04:55:11, 11 Dec. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [61.150.43.122]:1727 ppp3 NAPT)
04:52:37, 11 Dec. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [41.37.184.5]:6881 ppp3 NAPT)
04:50:38, 11 Dec. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [41.37.184.5]:6881 ppp3 NAPT)
04:50:12, 11 Dec. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [121.216.47.78]:50348 ppp3 NAPT)
04:48:12, 11 Dec. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]]:6889 -&#8203; -&#8203; -&#8203; [121.216.47.78]:50348 ppp3 NAPT)
04:38:01, 11 Dec. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [95.56.67.130]:12767 ppp3 NAPT)
04:36:01, 11 Dec. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]]:6889 -&#8203; -&#8203; -&#8203; [95.56.67.130]:12767 ppp3 NAPT)
04:20:17, 11 Dec. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;> [***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [202.169.225.52]:58050 ppp3 NAPT)
04:18:17, 11 Dec. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.99]:6889 <-&#8203;-&#8203;>[***.***.***.***]:6889 -&#8203; -&#8203; -&#8203; [202.169.225.52]:58050 ppp3 NAPT)

Plusnet 40/2 VDSL (10000 Miles from the nearest Cabinet!)
[img width=222 height=100]http://www.speedtest.net/result/4899838342.png[/img][img width=222 height=100]http://www.pingtest.net/result/135730778.png[/img]
Standard User caffn8me
(knowledge is power) Fri 11-Dec-15 13:35:43
Print Post

Re: Random overnight activity on router log


[re: Bales1983] [link to this post]
 
Do you play World of Warcraft? Age of Conan?

Use P2P networking?

Have a look at http://www.speedguide.net/port.php?port=6889

I see the occasional port 6889 connection attempt on my firewall logs but it's very rare.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs

Edited by caffn8me (Fri 11-Dec-15 19:55:40)

Standard User Malwaremike
(committed) Fri 11-Dec-15 15:13:40
Print Post

Re: Random overnight activity on router log


[re: Bales1983] [link to this post]
 
Might be this? From PN Broadband Usage FAQ:

3. Why is usage shown at times when I'm not using broadband?
Your router will respond to network traffic even if your computers are switched off. This causes tiny amounts of usage (classed as background traffic, rarely more than a few KB or MB) to be recorded. This is perfectly normal and nothing to worry about. We recommend leaving your router on at all times so you can get the best broadband speed


Register (or login) on our website and you will not see this ad.

  Print Thread

Jump to