Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




512 posts

Ultimate Geek
+1 received by user: 31


# 208483 13-Feb-2017 22:59
Send private message

Whilst changing some wifi settings on my 7490 I noticed 5 entries this evening:

 

Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).

 

IP geo lookup shows the connection is from the Seychelles.

 

Googling the IP address shows that it is has been banned for allegedly being the source of hacking in from the last few years.

 

I have a static ip address and have had one for a few years. Any point in asking for a new static ip address.

 

I spoke to a 2degrees rep but she didn't really know what I was going on about. She did confirm that 2degrees weren't behind the access attempts via the Seychelles.

 

Any suggestions as to what I should/can do or is this merely run of the mill random attacks?


Filter this topic showing only the reply marked as answer Create new topic
3191 posts

Uber Geek
+1 received by user: 415


  # 1719761 13-Feb-2017 23:28
One person supports this post
Send private message

I think the term is.. were all being brute forced.

 

 You get the idea but I have pages of it.

 

 

      13.02.17 23:14:29 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 23:00:25 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 22:46:21 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 21:21:59 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 21:07:55 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).       13.02.17 20:39:47 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 20:25:43 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 20:11:39 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 19:57:34 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).                                                                                                                   

 

 

 

 

Guess thats why the rename the default admin name. They need to nullroute that IP


3191 posts

Uber Geek
+1 received by user: 415


  # 1719762 13-Feb-2017 23:35
One person supports this post
Send private message

Infact. lets turn off HTTPs/internet from the services section for a while.


 
 
 
 




512 posts

Ultimate Geek
+1 received by user: 31


  # 1719764 13-Feb-2017 23:38
Send private message

Thanks that makes me feel "better". Not seen this activity in many years of Snap and 2D patronage, mind you I only scan the logs when there is a problem, which is rare.

 

 

Oblivian:

 

I think the term is.. were all being brute forced.

 

 You get the idea but I have pages of it.

 

 

      13.02.17 23:14:29 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 23:00:25 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 22:46:21 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 21:21:59 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 21:07:55 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).       13.02.17 20:39:47 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 20:25:43 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 20:11:39 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 19:57:34 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).                                                                                                                   

 

 

 

 

 

 


3191 posts

Uber Geek
+1 received by user: 415


  # 1719765 13-Feb-2017 23:40
Send private message

You mean like... http://www.geekzone.co.nz/forums.asp?forumid=85&topicid=208479

 

I noticed from early january the external hits from India, Vietnam, Poland, Russia.. all increased


Mr Snotty
8680 posts

Uber Geek
+1 received by user: 4566

Moderator
Trusted
Lifetime subscriber

  # 1719766 13-Feb-2017 23:40
One person supports this post
Send private message

I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.




3191 posts

Uber Geek
+1 received by user: 415


  # 1719767 13-Feb-2017 23:43
Send private message

michaelmurfy: I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.

 

 

 

It would appear its how they manage the configurations and updates with CPS. They put a snapadmin user on with remote access afterall. And have seen it update before by them.


Mr Snotty
8680 posts

Uber Geek
+1 received by user: 4566

Moderator
Trusted
Lifetime subscriber

  # 1719774 14-Feb-2017 00:49
Send private message

Oblivian:

 

michaelmurfy: I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.

 

It would appear its how they manage the configurations and updates with CPS. They put a snapadmin user on with remote access afterall. And have seen it update before by them.

 

Crap that is bad. Opened to the world and not whitelisted to their own management network is a terribly bad security practice no matter how secure they think the Fritz!Box is. Any open ports on an embedded system is a terrible idea. I would say it could well be Mirai attempting to brute force.





 
 
 
 


1531 posts

Uber Geek
+1 received by user: 269

Trusted
2degrees

  # 1720123 14-Feb-2017 16:53
Send private message

Hi All,

 

This sounds a lot like the old exploit in the fritzbox firmware that has been patched for some time, it's almost as if the exploit remained after firmware updates, and is just now having access attempted (and failing as a result of the changes from the patching). Can those affected please message me with your broadband usernames, CWMP numbers from the bottom of the modems and current firmware version, and I'll check it out for you.

 

michaelmurfy:

 

Oblivian:

 

michaelmurfy: I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.

 

It would appear its how they manage the configurations and updates with CPS. They put a snapadmin user on with remote access afterall. And have seen it update before by them.

 

Crap that is bad. Opened to the world and not whitelisted to their own management network is a terribly bad security practice no matter how secure they think the Fritz!Box is. Any open ports on an embedded system is a terrible idea. I would say it could well be Mirai attempting to brute force.

 

 

Our CPE management is restricted to our management range only, and is only enabled on-request from our systems through TR-069 with our unique tokens. If the device has a snapadmin credential in it, this will be a very old config that has likely not successfully been migrated on to our managed system.

 

Thanks,

 

Ralph ^JOB


3191 posts

Uber Geek
+1 received by user: 415


  # 1720203 14-Feb-2017 21:23
Send private message

2degreesCare:

 

Hi All,

 

This sounds a lot like the old exploit in the fritzbox firmware that has been patched for some time, it's almost as if the exploit remained after firmware updates, and is just now having access attempted (and failing as a result of the changes from the patching). Can those affected please message me with your broadband usernames, CWMP numbers from the bottom of the modems and current firmware version, and I'll check it out for you.

 

michaelmurfy:

 

Oblivian:

 

michaelmurfy: I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.

 

It would appear its how they manage the configurations and updates with CPS. They put a snapadmin user on with remote access afterall. And have seen it update before by them.

 

Crap that is bad. Opened to the world and not whitelisted to their own management network is a terribly bad security practice no matter how secure they think the Fritz!Box is. Any open ports on an embedded system is a terrible idea. I would say it could well be Mirai attempting to brute force.

 

 

Our CPE management is restricted to our management range only, and is only enabled on-request from our systems through TR-069 with our unique tokens. If the device has a snapadmin credential in it, this will be a very old config that has likely not successfully been migrated on to our managed system.

 

Thanks,

 

Ralph ^JOB

 

 

 

 

Interesting. I'm still on a 7340 BTW. However thought it was managed fine as it's had FW updates applied that aren't public? I had to get it added at some point as it was missed.

 

FRITZ!OS 06.10-29288 BETA 

 

Or should I still be sending you deets (and probably turning remote access back on? :) )


1531 posts

Uber Geek
+1 received by user: 269

Trusted
2degrees

  # 1721131 16-Feb-2017 11:54
Send private message

Hi Oblivion,

 

If you are on a 7340, they are at the end of their support life through the manufacturer,t he firmware you have indicated there is the latest version, with that beta built to remedy past security issues and a couple of fixes of NZ use.

 

Can you please message the details, and we'll check this out further for you. It's likely the box just needs a reset, but we'd like to check it out first :)

 

Cheers,

 

Ralph ^JOB


32 posts

Geek
+1 received by user: 4


  # 1745961 22-Mar-2017 17:14
Send private message

Hi Ralph

 

My FritzBox 7490 shows over 70 failed wireless logins.

 

I am assuming these are from nearby networks just chancing their hand??

 

Is there any way of clearing this list other than the tedium of one at a time?? -

 


32 posts

Geek
+1 received by user: 4


  # 1745966 22-Mar-2017 17:23
Send private message

Duuh

 

Upgraded to Fritzbox OS and it cleared to list for me :-)


Filter this topic showing only the reply marked as answer Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.