Hello.

 

I signed up with Trustpower and converted to fibre last year. Things were good, but over the last few months I have been having the DNS inside the modem changed to MANUAL rather than 'Use DNS Relay'.

 

 

 

I have turned off Wi-fi and remote management and Upnp as experiments to see if that fixes it .. but no.

 

 

 

I have Norton Antivirus on my main WIN 7 PC. I have run Malabytes scanner and Spybot etc for last month or so and put a virus scanner on Cellphone, but nothing detects anything.

 

I also use Chromecasting a lot form cellphone to TV, over wi-fi.

 

 

 

The normal fix is to check The log on the modem and check if DNS is still automatic.. When it is set to manual then all sites going to HTTPS sites fail (thankfully) so i jump in and reset it and then repower modem.

 

Anything form a few hours to days later it will go back to Manual again.

 

 

 

The log in the modem I use is set to warning level and I can see a lot of stuff coming from addresses using dropbear and boa? whatever they are.

 

 

 

 

 

LOG looks a bit like this :

 

2:23:27authprivwarndropbear[3368]: bad password attempt for 'admin' from ::ffff:47.60.161.100:41697Jul 15 02:23:31authprivwarndropbear[3369]: bad password attempt for 'admin' from ::ffff:47.60.161.100:41742Jul 15 02:23:38authprivwarndropbear[3370]: bad password attempt for 'admin' from ::ffff:47.60.161.100:41920Jul 15 02:23:42authprivwarndropbear[3371]: bad password attempt for 'admin' from ::ffff:47.60.161.100:42099Jul 15 02:27:05authprivwarndropbear[3455]: login attempt for nonexistent user from ::ffff:103.99.1.237:50734Jul 15 02:27:12authprivwarndropbear[3456]: bad password attempt for 'admin' from ::ffff:103.99.1.237:53404Jul 15 02:27:17authprivwarndropbear[3458]: login attempt for nonexistent user from ::ffff:103.99.1.237:55679Jul 15 02:27:44authprivwarndropbear[3465]: login attempt for nonexistent user from ::ffff:103.99.1.237:52226Jul 15 02:27:49authprivwarndropbear[3466]: bad password attempt for 'admin' from ::ffff:103.99.1.237:53817Jul 15 02:27:52authprivwarndropbear[3471]: login attempt for nonexistent user from ::ffff:103.99.1.237:56894Jul 15 10:07:23daemonwarnradvd[352]: sendmsg: Invalid argumentJul 15 10:46:08authpriverrboa[281]: Authentication attempt failed for from because: Bad Password

 

The DNS gets changed even if I set it to Manual myself with Google DNS values. 8.8.8.8, 8.8.4.4 etc.

 

Sometimes it says 'dnsfork' errors and then 'dns truncated' messages.

 

 

 

I have rung Trustpower quite a few times asking if modem type has been hacked and if any new firmware etc. I have had to stick in another modem (with earlier firmware, but still having same issue) as the first one couldn't reset to automatic relay mode and seemed dead) Maybe too many resets?

 

 

 

I really don't know if problem is coming from The ONT to modem (WAN) communications, hacked firmware in the modem or one of my devices or software?

 

I think everyone gets their ports scanned frequently for weak passwords and open ports but I am at a loss, rather than to set DNS manually in all my devices. (Which seems like last option)

 

 

 

Lot of scanning seems to come from China/Vietnam.

 

Does anyone else have this kind of modem or problem?

 

 

 

Thanks for any help!