Menu
What's new
By:
Filters Better Search

What is this? Log from router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

brainosas

Occasional Visitor
Hi, I have RT-N66U with Merlin RT-N66U_3.0.0.4_374.40_alpha4 installed. Now I've logged to my router and found this in my log:

Feb 28 08:39:59 pptpd[2209]: CTRL: Client 183.60.48.25 control connection started
Feb 28 08:39:59 pptpd[2209]: CTRL: EOF or bad error reading ctrl packet length.
Feb 28 08:39:59 pptpd[2209]: CTRL: couldn't read packet header (exit)
Feb 28 08:39:59 pptpd[2209]: CTRL: CTRL read failed
Feb 28 08:39:59 pptpd[2209]: CTRL: Client 183.60.48.25 control connection finished

What that means? I'm located in Lithuania, that's Europe, and that IP address is from... China... Was it a hack try? I wasn't using my connection at that time, no PC left ON at home.
 
brainosas said:
Hi, I have RT-N66U with Merlin RT-N66U_3.0.0.4_374.40_alpha4 installed. Now I've logged to my router and found this in my log:

Feb 28 08:39:59 pptpd[2209]: CTRL: Client 183.60.48.25 control connection started
Feb 28 08:39:59 pptpd[2209]: CTRL: EOF or bad error reading ctrl packet length.
Feb 28 08:39:59 pptpd[2209]: CTRL: couldn't read packet header (exit)
Feb 28 08:39:59 pptpd[2209]: CTRL: CTRL read failed
Feb 28 08:39:59 pptpd[2209]: CTRL: Client 183.60.48.25 control connection finished

What that means? I'm located in Lithuania, that's Europe, and that IP address is from... China... Was it a hack try? I wasn't using my connection at that time, no PC left ON at home.
Click to expand...

Simply someone scanning the Internet, looking for non-secure PPTP VPN access. If you don't use the VPN server, disable it.
 
When I had the PPTP VPN enabled I would see scans like that from China, every day at the same time. Punctual hackers they are.
 
same here

i had the same ip in my log only one second then he was kicked :D every night at the same time.
the ip is located in small country in china.
regards
Michael
 
More then likely it was a random botnet going through a list of IPs trying to gain access to anything they can. Very common now days
 
random ??
Not the "atacker" I think, same IP in three cases above

with a huge list of IP:s then,
because three "random" internet users from 2-3 countries "scanned" from same IP.
With a load of other things in common such as router brand/model,
gmail perhaps, don't know,just wondering, how come.
 
cyborgpunte said:
random ??
Not the "atacker" I think, same IP in three cases above

with a huge list of IP:s then,
because three "random" internet users from 2-3 countries "scanned" from same IP.
With a load of other things in common such as router brand/model,
gmail perhaps, don't know,just wondering, how come.
Click to expand...

That's the whole idea of a botnet, find and infect as many computers as possible and add them as zombies. I at times have 100,000 IP's per week trying various things on my connection. For example the past few days my firewall addition has picked up almost 2000 random IP's from various spam countries.

Code: 
admin@RT-AC68R:/tmp/home/root# ipset -L | wc -l
1837

Nothing really to worry about as long as you have WAN connections to your router disabled.
 
Last year, That ip and several more Brute Forced my FTP server on my Windows Sever box I have. I noticed the attack when my daily IIS log txt files went from their normal 165k to 73MB in size.
 
Detected the same IP at my n66u
I have VPN activated and web access via Wan.

I´ve just disable VPN. What about Enabling Web Access from WAN ?
should I disable ?
 
zardox said:
Detected the same IP at my n66u
I have VPN activated and web access via Wan.

I´ve just disable VPN. What about Enabling Web Access from WAN ?
should I disable ?
Click to expand...

If you don't need it, then yes.
 
You must log in or register to reply here.

Similar threads

J
Problems with PPTP connection on cellular
Replies
5
Views
2K
eibgrad
eibgrad
N
Suspicious Activity?
Replies
6
Views
1K
L&LD
L&LD
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
1K
pattox
P
A
Setting up OpenVPN client
Replies
10
Views
1K
ColinTaylor
C
Sky
Solved Requesting log review of possible attack
Replies
7
Views
3K
Sky
Sky
Similar threads
Thread starter Title Forum Replies Date
G Traffic Monitor Daily Log is Always Blank ASUS Wireless 3
R RT-AC68u with Strange Log "rc_service: ahs 535:notify_rc rm -rf /jffs/asd/chknvram20230516" ASUS Wireless 2
Ripshod Anyone else suffered a runaway "messages" log? ASUS Wireless 5
C I have an AX86U Pro & the log keeps repeating MDIO error ASUS Wireless 3
P app router for android error 13000 ASUS Wireless 1
B Cant Setup Manuell IP if i Enter it reloades Router Page and i have to login again ASUS Wireless 3
N 12V ASUS router with the longest 2.4GHz WiFi range ASUS Wireless 39
HatfieldChris A NAS, two CT8 and a mobile router ASUS Wireless 8
R New router recommendation ASUS Wireless 18
A Router.asus.com being forced to https in Firefox again ASUS Wireless 3

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 977 (members: 22, guests: 955)
Top