Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3


1280 posts

Uber Geek

Trusted

  # 1354168 29-Jul-2015 09:56
Send private message

freitasm: Have you run a full anti-spyware scan with Malwarebytes yet?



No Windows machines in the house, Macs are on 10.10.4 and one updating from 10.10.3 as we speak. Not sure what to check on them? Don't run any browser extensions except uBlock
Otherwise there's an Apple TV, an Epson printer, and various iPhones and iPads etc.

8906 posts

Uber Geek

Lifetime subscriber

  # 1354173 29-Jul-2015 10:01
Send private message

are you just pulling that posted info from the logs?

can you try disconnecting everything and turning off the wifi. then leave it for maybe an hour then reconnect 1 device and check the logs again and see if there are still entries in there. that should tell you if its a device or modem issue. then maybe connect one pc back at a time slowly, say every 30 mins and keep checking the logs and see if/when it comes back.


 
 
 
 




1280 posts

Uber Geek

Trusted

  # 1354845 29-Jul-2015 20:34
Send private message

Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.

5595 posts

Uber Geek


  # 1354850 29-Jul-2015 20:57
Send private message

Are the intrusion attempts actually causing a problem? May just be bots probing random IPs looking for vulnerabilities, and not related to your original problem.

3344 posts

Uber Geek

Trusted
Vocus

  # 1354851 29-Jul-2015 20:58
Send private message

josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.

4223 posts

Uber Geek

Trusted

  # 1354853 29-Jul-2015 21:00
One person supports this post
Send private message

Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.




1280 posts

Uber Geek

Trusted

  # 1354854 29-Jul-2015 21:01
Send private message

ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Ta, I have disabled the DNS proxy yesterday, no change.

 
 
 
 




1280 posts

Uber Geek

Trusted

  # 1354856 29-Jul-2015 21:02
Send private message

ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Accepted that they are a normal part of life, but after rebooting modem, and getting a new IP address, is it reasonable to start getting these attempt after just a couple of minutes?

3344 posts

Uber Geek

Trusted
Vocus

  # 1354857 29-Jul-2015 21:03
Send private message

josephhinvest:
ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Ta, I have disabled the DNS proxy yesterday, no change.


OK, that done, suggest starting a machine to ping both the router and something stable on the Internet (eg. 8.8.8.8 which is Google DNS) continuously to see where it's going wrong



1280 posts

Uber Geek

Trusted

  # 1354860 29-Jul-2015 21:05
Send private message

Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph

3344 posts

Uber Geek

Trusted
Vocus

  # 1354887 29-Jul-2015 21:24
Send private message

josephhinvest:
ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Accepted that they are a normal part of life, but after rebooting modem, and getting a new IP address, is it reasonable to start getting these attempt after just a couple of minutes?


Yes.  IP addresses are constantly being scanned.  Unfortunately these swines have access to massive botnets, thanks to insecure websites, servers, and PCs

1473 posts

Uber Geek

Subscriber

  # 1354899 29-Jul-2015 21:42
One person supports this post
Send private message

ubergeeknz:
josephhinvest:
ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Accepted that they are a normal part of life, but after rebooting modem, and getting a new IP address, is it reasonable to start getting these attempt after just a couple of minutes?


Yes.  IP addresses are constantly being scanned.  Unfortunately these swines have access to massive botnets, thanks to insecure websites, servers, and PCs


Awww, that is pretty mean to pigs - at lest pigs provide delicious bacon where as these bot masters provide nothing beneficial to society :P




Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone XS Max 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key
Services: YouTube Premium, Wordpress, Skinny Mobile and Broadband

 


2883 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1355193 30-Jul-2015 12:02
Send private message

josephhinvest:
Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph


That to me sounds very much like you have malware, or some untwoard application running on a machine that is killing your internet.

I wouldn't be surprised if it was a torrent client as they love to use random ports. Or just some generic grade of malware.

Switch each machine on systematically until you find the culprit and........







1280 posts

Uber Geek

Trusted

  # 1355292 30-Jul-2015 13:53
Send private message

BarTender:
josephhinvest:
Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph


That to me sounds very much like you have malware, or some untwoard application running on a machine that is killing your internet.

I wouldn't be surprised if it was a torrent client as they love to use random ports. Or just some generic grade of malware.

Switch each machine on systematically until you find the culprit and........


Yep it's possible, the only torrents are done on a brand new Mac mini using Transmission. I don't think any malware has crept onto the machine but will check.
I'm still confused about the port scanning. Would be interested if another Spark customer could examine their logs an see if they are getting continuously scanned like me?

4223 posts

Uber Geek

Trusted

  # 1355293 30-Jul-2015 13:55
One person supports this post
Send private message

josephhinvest:
BarTender:
josephhinvest:
Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph


That to me sounds very much like you have malware, or some untwoard application running on a machine that is killing your internet.

I wouldn't be surprised if it was a torrent client as they love to use random ports. Or just some generic grade of malware.

Switch each machine on systematically until you find the culprit and........


Yep it's possible, the only torrents are done on a brand new Mac mini using Transmission. I don't think any malware has crept onto the machine but will check.
I'm still confused about the port scanning. Would be interested if another Spark customer could examine their logs an see if they are getting continuously scanned like me?


Being scanned on a public broadband IP is completely expected and normal, unfortunately. Unless you are receiving meaningful amounts of traffic (hundreds of connections per second, sustained) then it's pretty likely to be normal.

Cheers - N





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07


LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58


Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.