Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




512 posts

Ultimate Geek
+1 received by user: 31


# 208483 13-Feb-2017 22:59
Send private message

Whilst changing some wifi settings on my 7490 I noticed 5 entries this evening:

 

Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).

 

IP geo lookup shows the connection is from the Seychelles.

 

Googling the IP address shows that it is has been banned for allegedly being the source of hacking in from the last few years.

 

I have a static ip address and have had one for a few years. Any point in asking for a new static ip address.

 

I spoke to a 2degrees rep but she didn't really know what I was going on about. She did confirm that 2degrees weren't behind the access attempts via the Seychelles.

 

Any suggestions as to what I should/can do or is this merely run of the mill random attacks?


Filter this topic showing only the reply marked as answer Create new topic
3162 posts

Uber Geek
+1 received by user: 411


  # 1719761 13-Feb-2017 23:28
One person supports this post
Send private message

I think the term is.. were all being brute forced.

 

 You get the idea but I have pages of it.

 

 

      13.02.17 23:14:29 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 23:00:25 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 22:46:21 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 21:21:59 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 21:07:55 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).       13.02.17 20:39:47 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 20:25:43 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 20:11:39 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 19:57:34 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).                                                                                                                   

 

 

 

 

Guess thats why the rename the default admin name. They need to nullroute that IP


3162 posts

Uber Geek
+1 received by user: 411


  # 1719762 13-Feb-2017 23:35
One person supports this post
Send private message

Infact. lets turn off HTTPs/internet from the services section for a while.


 
 
 
 




512 posts

Ultimate Geek
+1 received by user: 31


  # 1719764 13-Feb-2017 23:38
Send private message

Thanks that makes me feel "better". Not seen this activity in many years of Snap and 2D patronage, mind you I only scan the logs when there is a problem, which is rare.

 

 

Oblivian:

 

I think the term is.. were all being brute forced.

 

 You get the idea but I have pages of it.

 

 

      13.02.17 23:14:29 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 23:00:25 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 22:46:21 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 21:21:59 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 21:07:55 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).       13.02.17 20:39:47 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 20:25:43 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 20:11:39 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password). 13.02.17 19:57:34 Login of user admin to the FRITZ!Box user interface from the IP address 80.82.64.127 failed (incorrect password).                                                                                                                   

 

 

 

 

 

 


3162 posts

Uber Geek
+1 received by user: 411


  # 1719765 13-Feb-2017 23:40
Send private message

You mean like... http://www.geekzone.co.nz/forums.asp?forumid=85&topicid=208479

 

I noticed from early january the external hits from India, Vietnam, Poland, Russia.. all increased


Mr Snotty
8588 posts

Uber Geek
+1 received by user: 4492

Moderator
Trusted
Lifetime subscriber

  # 1719766 13-Feb-2017 23:40
One person supports this post
Send private message

I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.




3162 posts

Uber Geek
+1 received by user: 411


  # 1719767 13-Feb-2017 23:43
Send private message

michaelmurfy: I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.

 

 

 

It would appear its how they manage the configurations and updates with CPS. They put a snapadmin user on with remote access afterall. And have seen it update before by them.


Mr Snotty
8588 posts

Uber Geek
+1 received by user: 4492

Moderator
Trusted
Lifetime subscriber

  # 1719774 14-Feb-2017 00:49
Send private message

Oblivian:

 

michaelmurfy: I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.

 

It would appear its how they manage the configurations and updates with CPS. They put a snapadmin user on with remote access afterall. And have seen it update before by them.

 

Crap that is bad. Opened to the world and not whitelisted to their own management network is a terribly bad security practice no matter how secure they think the Fritz!Box is. Any open ports on an embedded system is a terrible idea. I would say it could well be Mirai attempting to brute force.





1531 posts

Uber Geek
+1 received by user: 269

Trusted
2degrees

  # 1720123 14-Feb-2017 16:53
Send private message

Hi All,

 

This sounds a lot like the old exploit in the fritzbox firmware that has been patched for some time, it's almost as if the exploit remained after firmware updates, and is just now having access attempted (and failing as a result of the changes from the patching). Can those affected please message me with your broadband usernames, CWMP numbers from the bottom of the modems and current firmware version, and I'll check it out for you.

 

michaelmurfy:

 

Oblivian:

 

michaelmurfy: I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.

 

It would appear its how they manage the configurations and updates with CPS. They put a snapadmin user on with remote access afterall. And have seen it update before by them.

 

Crap that is bad. Opened to the world and not whitelisted to their own management network is a terribly bad security practice no matter how secure they think the Fritz!Box is. Any open ports on an embedded system is a terrible idea. I would say it could well be Mirai attempting to brute force.

 

 

Our CPE management is restricted to our management range only, and is only enabled on-request from our systems through TR-069 with our unique tokens. If the device has a snapadmin credential in it, this will be a very old config that has likely not successfully been migrated on to our managed system.

 

Thanks,

 

Ralph ^JOB


3162 posts

Uber Geek
+1 received by user: 411


  # 1720203 14-Feb-2017 21:23
Send private message

2degreesCare:

 

Hi All,

 

This sounds a lot like the old exploit in the fritzbox firmware that has been patched for some time, it's almost as if the exploit remained after firmware updates, and is just now having access attempted (and failing as a result of the changes from the patching). Can those affected please message me with your broadband usernames, CWMP numbers from the bottom of the modems and current firmware version, and I'll check it out for you.

 

michaelmurfy:

 

Oblivian:

 

michaelmurfy: I'd strongly recommend turning off any external access to your routers services. It only takes a single exploit then they've got control over your whole network.

 

It would appear its how they manage the configurations and updates with CPS. They put a snapadmin user on with remote access afterall. And have seen it update before by them.

 

Crap that is bad. Opened to the world and not whitelisted to their own management network is a terribly bad security practice no matter how secure they think the Fritz!Box is. Any open ports on an embedded system is a terrible idea. I would say it could well be Mirai attempting to brute force.

 

 

Our CPE management is restricted to our management range only, and is only enabled on-request from our systems through TR-069 with our unique tokens. If the device has a snapadmin credential in it, this will be a very old config that has likely not successfully been migrated on to our managed system.

 

Thanks,

 

Ralph ^JOB

 

 

 

 

Interesting. I'm still on a 7340 BTW. However thought it was managed fine as it's had FW updates applied that aren't public? I had to get it added at some point as it was missed.

 

FRITZ!OS 06.10-29288 BETA 

 

Or should I still be sending you deets (and probably turning remote access back on? :) )


1531 posts

Uber Geek
+1 received by user: 269

Trusted
2degrees

  # 1721131 16-Feb-2017 11:54
Send private message

Hi Oblivion,

 

If you are on a 7340, they are at the end of their support life through the manufacturer,t he firmware you have indicated there is the latest version, with that beta built to remedy past security issues and a couple of fixes of NZ use.

 

Can you please message the details, and we'll check this out further for you. It's likely the box just needs a reset, but we'd like to check it out first :)

 

Cheers,

 

Ralph ^JOB


32 posts

Geek
+1 received by user: 4


  # 1745961 22-Mar-2017 17:14
Send private message

Hi Ralph

 

My FritzBox 7490 shows over 70 failed wireless logins.

 

I am assuming these are from nearby networks just chancing their hand??

 

Is there any way of clearing this list other than the tedium of one at a time?? -

 


32 posts

Geek
+1 received by user: 4


  # 1745966 22-Mar-2017 17:23
Send private message

Duuh

 

Upgraded to Fritzbox OS and it cleared to list for me :-)


Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.