Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3


1267 posts

Uber Geek
+1 received by user: 179

Trusted

  # 1354168 29-Jul-2015 09:56
Send private message

freitasm: Have you run a full anti-spyware scan with Malwarebytes yet?



No Windows machines in the house, Macs are on 10.10.4 and one updating from 10.10.3 as we speak. Not sure what to check on them? Don't run any browser extensions except uBlock
Otherwise there's an Apple TV, an Epson printer, and various iPhones and iPads etc.

8651 posts

Uber Geek
+1 received by user: 2975

Lifetime subscriber

  # 1354173 29-Jul-2015 10:01
Send private message

are you just pulling that posted info from the logs?

can you try disconnecting everything and turning off the wifi. then leave it for maybe an hour then reconnect 1 device and check the logs again and see if there are still entries in there. that should tell you if its a device or modem issue. then maybe connect one pc back at a time slowly, say every 30 mins and keep checking the logs and see if/when it comes back.


 
 
 
 




1267 posts

Uber Geek
+1 received by user: 179

Trusted

  # 1354845 29-Jul-2015 20:34
Send private message

Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.

5473 posts

Uber Geek
+1 received by user: 1914


  # 1354850 29-Jul-2015 20:57
Send private message

Are the intrusion attempts actually causing a problem? May just be bots probing random IPs looking for vulnerabilities, and not related to your original problem.

3344 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  # 1354851 29-Jul-2015 20:58
Send private message

josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.

4103 posts

Uber Geek
+1 received by user: 2859

Trusted

  # 1354853 29-Jul-2015 21:00
One person supports this post
Send private message

Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.




1267 posts

Uber Geek
+1 received by user: 179

Trusted

  # 1354854 29-Jul-2015 21:01
Send private message

ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Ta, I have disabled the DNS proxy yesterday, no change.

 
 
 
 




1267 posts

Uber Geek
+1 received by user: 179

Trusted

  # 1354856 29-Jul-2015 21:02
Send private message

ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Accepted that they are a normal part of life, but after rebooting modem, and getting a new IP address, is it reasonable to start getting these attempt after just a couple of minutes?

3344 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  # 1354857 29-Jul-2015 21:03
Send private message

josephhinvest:
ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Ta, I have disabled the DNS proxy yesterday, no change.


OK, that done, suggest starting a machine to ping both the router and something stable on the Internet (eg. 8.8.8.8 which is Google DNS) continuously to see where it's going wrong



1267 posts

Uber Geek
+1 received by user: 179

Trusted

  # 1354860 29-Jul-2015 21:05
Send private message

Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph

3344 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  # 1354887 29-Jul-2015 21:24
Send private message

josephhinvest:
ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Accepted that they are a normal part of life, but after rebooting modem, and getting a new IP address, is it reasonable to start getting these attempt after just a couple of minutes?


Yes.  IP addresses are constantly being scanned.  Unfortunately these swines have access to massive botnets, thanks to insecure websites, servers, and PCs

1447 posts

Uber Geek
+1 received by user: 275

Subscriber

  # 1354899 29-Jul-2015 21:42
One person supports this post
Send private message

ubergeeknz:
josephhinvest:
ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Accepted that they are a normal part of life, but after rebooting modem, and getting a new IP address, is it reasonable to start getting these attempt after just a couple of minutes?


Yes.  IP addresses are constantly being scanned.  Unfortunately these swines have access to massive botnets, thanks to insecure websites, servers, and PCs


Awww, that is pretty mean to pigs - at lest pigs provide delicious bacon where as these bot masters provide nothing beneficial to society :P




Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone XS Max 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple Watch 4 44mm
Services: YouTube Premium, Wordpress, Skinny Mobile and Broadband

 


2734 posts

Uber Geek
+1 received by user: 1243

Trusted
Lifetime subscriber

  # 1355193 30-Jul-2015 12:02
Send private message

josephhinvest:
Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph


That to me sounds very much like you have malware, or some untwoard application running on a machine that is killing your internet.

I wouldn't be surprised if it was a torrent client as they love to use random ports. Or just some generic grade of malware.

Switch each machine on systematically until you find the culprit and........







1267 posts

Uber Geek
+1 received by user: 179

Trusted

  # 1355292 30-Jul-2015 13:53
Send private message

BarTender:
josephhinvest:
Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph


That to me sounds very much like you have malware, or some untwoard application running on a machine that is killing your internet.

I wouldn't be surprised if it was a torrent client as they love to use random ports. Or just some generic grade of malware.

Switch each machine on systematically until you find the culprit and........


Yep it's possible, the only torrents are done on a brand new Mac mini using Transmission. I don't think any malware has crept onto the machine but will check.
I'm still confused about the port scanning. Would be interested if another Spark customer could examine their logs an see if they are getting continuously scanned like me?

4103 posts

Uber Geek
+1 received by user: 2859

Trusted

  # 1355293 30-Jul-2015 13:55
One person supports this post
Send private message

josephhinvest:
BarTender:
josephhinvest:
Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph


That to me sounds very much like you have malware, or some untwoard application running on a machine that is killing your internet.

I wouldn't be surprised if it was a torrent client as they love to use random ports. Or just some generic grade of malware.

Switch each machine on systematically until you find the culprit and........


Yep it's possible, the only torrents are done on a brand new Mac mini using Transmission. I don't think any malware has crept onto the machine but will check.
I'm still confused about the port scanning. Would be interested if another Spark customer could examine their logs an see if they are getting continuously scanned like me?


Being scanned on a public broadband IP is completely expected and normal, unfortunately. Unless you are receiving meaningful amounts of traffic (hundreds of connections per second, sustained) then it's pretty likely to be normal.

Cheers - N





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.