Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3


1272 posts

Uber Geek

Trusted

  # 1354168 29-Jul-2015 09:56
Send private message

freitasm: Have you run a full anti-spyware scan with Malwarebytes yet?



No Windows machines in the house, Macs are on 10.10.4 and one updating from 10.10.3 as we speak. Not sure what to check on them? Don't run any browser extensions except uBlock
Otherwise there's an Apple TV, an Epson printer, and various iPhones and iPads etc.

8754 posts

Uber Geek

Lifetime subscriber

  # 1354173 29-Jul-2015 10:01
Send private message

are you just pulling that posted info from the logs?

can you try disconnecting everything and turning off the wifi. then leave it for maybe an hour then reconnect 1 device and check the logs again and see if there are still entries in there. that should tell you if its a device or modem issue. then maybe connect one pc back at a time slowly, say every 30 mins and keep checking the logs and see if/when it comes back.


 
 
 
 




1272 posts

Uber Geek

Trusted

  # 1354845 29-Jul-2015 20:34
Send private message

Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.

5525 posts

Uber Geek


  # 1354850 29-Jul-2015 20:57
Send private message

Are the intrusion attempts actually causing a problem? May just be bots probing random IPs looking for vulnerabilities, and not related to your original problem.

3344 posts

Uber Geek

Trusted
Vocus

  # 1354851 29-Jul-2015 20:58
Send private message

josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.

4156 posts

Uber Geek

Trusted

  # 1354853 29-Jul-2015 21:00
One person supports this post
Send private message

Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.




1272 posts

Uber Geek

Trusted

  # 1354854 29-Jul-2015 21:01
Send private message

ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Ta, I have disabled the DNS proxy yesterday, no change.

 
 
 
 




1272 posts

Uber Geek

Trusted

  # 1354856 29-Jul-2015 21:02
Send private message

ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Accepted that they are a normal part of life, but after rebooting modem, and getting a new IP address, is it reasonable to start getting these attempt after just a couple of minutes?

3344 posts

Uber Geek

Trusted
Vocus

  # 1354857 29-Jul-2015 21:03
Send private message

josephhinvest:
ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Ta, I have disabled the DNS proxy yesterday, no change.


OK, that done, suggest starting a machine to ping both the router and something stable on the Internet (eg. 8.8.8.8 which is Google DNS) continuously to see where it's going wrong



1272 posts

Uber Geek

Trusted

  # 1354860 29-Jul-2015 21:05
Send private message

Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph

3344 posts

Uber Geek

Trusted
Vocus

  # 1354887 29-Jul-2015 21:24
Send private message

josephhinvest:
ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Accepted that they are a normal part of life, but after rebooting modem, and getting a new IP address, is it reasonable to start getting these attempt after just a couple of minutes?


Yes.  IP addresses are constantly being scanned.  Unfortunately these swines have access to massive botnets, thanks to insecure websites, servers, and PCs

1448 posts

Uber Geek

Subscriber

  # 1354899 29-Jul-2015 21:42
One person supports this post
Send private message

ubergeeknz:
josephhinvest:
ubergeeknz:
josephhinvest: Ok what next? I've disconnected almost all devices in the house, shut down all computers, Apple TV, chromecast, printer, receiver with wifi, tv with wifi. Upon rebooting the router, three devices only connect. 2 x iPhones running iOS 8.4 and one iPad running iOS 8.3. Nothing else is connected via Ethernet or wifi.
And I still get an intrusion attempt after a couple of minutes after rebooting the router. Wtf is going on. What next, contact Spark?

Nov 19 00:00:59 daemon crit syslog: Received valid IP address from server. Connection UP.
Nov 19 00:03:26 daemon alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=82.221.105.7 DST=122.57.187.189 LEN=40 TOS=0x08 PREC=0x00 TTL=109 ID=61585 PROTO=TCP SPT=34680 DPT=9080 WINDOW=43199 RES=0x00 SYN URGP=0 MARK=0x8000000

Excuse the incorrect date and time. Despite setting NZ time server pool it doesn't get the correct time.


Intrusion attempts are normal, you're on the Internet.  Don't get hung up on it.

Please try disabling DNS proxy.  I'm pretty sure it will help.  Have seen this problem on NF4V.


Accepted that they are a normal part of life, but after rebooting modem, and getting a new IP address, is it reasonable to start getting these attempt after just a couple of minutes?


Yes.  IP addresses are constantly being scanned.  Unfortunately these swines have access to massive botnets, thanks to insecure websites, servers, and PCs


Awww, that is pretty mean to pigs - at lest pigs provide delicious bacon where as these bot masters provide nothing beneficial to society :P




Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone XS Max 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple Watch 4 44mm
Services: YouTube Premium, Wordpress, Skinny Mobile and Broadband

 


2779 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1355193 30-Jul-2015 12:02
Send private message

josephhinvest:
Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph


That to me sounds very much like you have malware, or some untwoard application running on a machine that is killing your internet.

I wouldn't be surprised if it was a torrent client as they love to use random ports. Or just some generic grade of malware.

Switch each machine on systematically until you find the culprit and........







1272 posts

Uber Geek

Trusted

  # 1355292 30-Jul-2015 13:53
Send private message

BarTender:
josephhinvest:
Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph


That to me sounds very much like you have malware, or some untwoard application running on a machine that is killing your internet.

I wouldn't be surprised if it was a torrent client as they love to use random ports. Or just some generic grade of malware.

Switch each machine on systematically until you find the culprit and........


Yep it's possible, the only torrents are done on a brand new Mac mini using Transmission. I don't think any malware has crept onto the machine but will check.
I'm still confused about the port scanning. Would be interested if another Spark customer could examine their logs an see if they are getting continuously scanned like me?

4156 posts

Uber Geek

Trusted

  # 1355293 30-Jul-2015 13:55
One person supports this post
Send private message

josephhinvest:
BarTender:
josephhinvest:
Talkiet: Why haven't you followed my advice to test if it's IP connectivity being interrupted or just at the application level (like DNS)?

Cheers - N



Ta for your advice. At this stage all proper computers connected to the network are turned off. The stalling issue seems to have abated for the time being and the only devices are 2 iPhones and one iPad (all now on 8.4).

Cheers,
Joseph


That to me sounds very much like you have malware, or some untwoard application running on a machine that is killing your internet.

I wouldn't be surprised if it was a torrent client as they love to use random ports. Or just some generic grade of malware.

Switch each machine on systematically until you find the culprit and........


Yep it's possible, the only torrents are done on a brand new Mac mini using Transmission. I don't think any malware has crept onto the machine but will check.
I'm still confused about the port scanning. Would be interested if another Spark customer could examine their logs an see if they are getting continuously scanned like me?


Being scanned on a public broadband IP is completely expected and normal, unfortunately. Unless you are receiving meaningful amounts of traffic (hundreds of connections per second, sustained) then it's pretty likely to be normal.

Cheers - N





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01


Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46


Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26


The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57


Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43


Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.