Review of my home broadband router logs (suspicious activity?)

Good to know. Thanks.

So that means it's an Apple device, like an iphone.

Not that it's someone working at Apple, inc.!

No, the control panel is on the computer.

You have to go to the router. The address is in the manual. In D-link and I think maybe all of them it's http://192.168.0.1

I had RCN too, dialup, but after years of their promising high-speed, I decided they were kidding, so I had to go to Verizon.

They said I could have email only, with no access to the net, for 3 a month, but then 4 months later, with no warning, they took away my ability to send email, and because of the way Eudora is set up, it's not totally obvious how to change the settings to send only via Verizon. (They also did 3 other bad things to me. And currently, if my credit card number changes and the automatic payment doesn't work, they told me I had told them not to send either an email or a postal mail. I never said that. So 3 times over several years they disconnected me with no warning, and one time they threw away all my email, including any I hadn't downloaded yet.

Later they raised it from 3 to 4 a month.

Now if they won't notify me both ways, I asked to be notified by email, but they said they won't do that. it's an email company but they won't notify me by email.

How has your customer service been?

That's what I said in another post. I was referring to Erols/RCN.

| > First, do you have a good, long password for | > your router? You should. Maybe 20 characters. | | The thing is that most routers don't allow a password greater | than 8 characters (from my experience). Sure, they'll *let* | you type a long password - but they'll take anything (or nothing) | after the first 8 characters. | | Try it. That's how "my" router works. |

I tried it. I entered the first 13 characters. It didn't let me in. I've never heard of an 8-char limit.

| > You didn't mention what computers you have. | > Assuming Windows... | | Oh, I have everything. Windows. Linux. OS/X. iOS, Android. | Printers. And other devices (like the playstation). |

I don't see any scanning or contact in my logs, but I also only use computers, with no networking, and get informed by my firewall about unrequested incoming. You may not have much option with Playstation. I assume it's not under your control. But you should have firewalls on your computers that will drop incoming requests. (Though that's one of the many shortcomings of Linux in my book. Last I checked, Linux firewalls could stop incoming but didn't monitor outgoing.)

...

Informational logs, not a warning or critical error.

It's how the games can only work. Your uPNP enabled router is port forwarding that incoming traffic to a specific machine on your LAN, your kid's playstation. It would take a flaw, or a hack, in your router for this traffic to go anywhere else.

Personally, I wouldn't have a problem with it.

Try playing about with anything that uses peer-to-peer services like Skype, Spotify or torrent programs and you'll see much the same logs.

Have your kid take a break from that game and you both have a read of the following Microsoft ebook on

or

--
Adrian C

| > That's interesting. I didn't know routers kept logs. Did | >you find that by logging in to the "control panel"? | | No, the control panel is on the computer. | | You have to go to the router. The address is in the manual. In | D-link and I think maybe all of them it's http://192.168.0.1

Yes. That's what I was referring to. I think of it as a control panel. I'm not sure whether it's called that. My web host, too, calls it a control panel when I log in.

| > | > I used to get a lot of attempts to get into my computer | >when I had dialup. That mostly stopped with cable, though | >I have caught my cable company, RCN, trying to get | | I had RCN too, dialup, but after years of their promising high-speed, | I decided they were kidding, so I had to go to Verizon. | | They said I could have email only, with no access to the net, for 3 a | month, but then 4 months later, with no warning, they took away my | ability to send email, and because of the way Eudora is set up, it's | not totally obvious how to change the settings to send only via | Verizon. (They also did 3 other bad things to me. And currently, | if my credit card number changes and the automatic payment doesn't | work, they told me I had told them not to send either an email or a | postal mail. I never said that. So 3 times over several years | they disconnected me with no warning, and one time they threw away all | my email, including any I hadn't downloaded yet. | | Later they raised it from 3 to 4 a month. | | Now if they won't notify me both ways, I asked to be notified by | email, but they said they won't do that. it's an email company but | they won't notify me by email. | | How has your customer service been? |

I've found the service to be very good. Customer service is 24/7, and seems to be American. Recently we got an upgraded modem because speeds were slow, and that seems to have fixed it. In the process they accidentally disconnected my separate RCN phone wire. But then they came the next morning and upgraded that as well, for free.

My only complaint is that they periodically raise the price for no reason. But then if we call up they agree to lower it again. ?? It seems to be the new strategy: Fleece the customer base and then be nice to anyone who complains. I suppose a lot of people are now on auto-payment and don't notice. Considering complaints I hear from customers of other companies, I feel very content with RCN. But I never had dialup with them.

I get ads about every two weeks for Verizon FIOS. They have several inches of tiny fine print, in light gray, that I can't even read with glasses on. There's no way to find out the actual cost of the service. It's like an ad out of a cartoon. I have no need for FIOS, anyway. Recently a salesman came to the door. He wanted to tell me that Verizon had some spiffy new wiring and that I should switch. I told him how Verizon keeps sending ads but won't even tell me what the product costs. He miled and said, "That's why I'm here." Then I said goodbye to him and closed the door. They must be making very big profits to justify sending out salesmen.

But that problem is not just with Verizon. A couple of years ago I went around to cellphone providers to find out what a basic plan costs. ATT/Verizon/Sprint/T-Mobile. All of them had plans starting at $40. Not one could/would tell me what the actual bill would be after the various scam fees and taxes were added on.

I have never not used DHCP.

How do we do assign permanent IP addresses when devices come on and off the network all the time?

Do we attach the IP address to the MAC address of the device?

For example, if the Android phone is MAC address DE:AD:BE:EF:CA:FE, do we attach the IP address 192.168.1.10 to *that* MAC address from the router?

Or, is there some other way of doing it from the device itself?

I have run wifi-radar, kismet, and iwscanner, but the output is horrendously cryptic.

I hear there is Wireshark, AirShark, netstumbler, & netcrumbler, so, maybe one of those has easier to read output?

In any browser session, you can also use "control F" and then type in what you're looking for.

Then select just that which you found.

F3 moves to the next find. Shift F3 moves backward to the previous find.

Makes sense.

Let me know if you figure out the email because I didn't figure it out myself on mine, and my firmware is fully up to date.

If you can get an IP address like I did on my router logs, you can run a "whois" command which will reverse IP check.

If it's coming from Apple, whois will tell you that.

Of course, most of the time "I" run it, the IP address is coming from China, but even that can be spoofed with VPN or some other means.

Are we talking about the ROUTER "admin" password? Or are we talking about the ESSID encryption passcode?

They're different things. "I" was talking about the router admin password.

I think you're talking about different things that have nothing to do with each other.

AFAIK, WPA2 is the strongest "we" can generally get (being normal homeowners and not corporations) on our routers.

For us, the PSK (pre-shared key) is the way "we" homeowners do WPA2. It just is.

However, if we were a corporation, we could do more with WPA2 than pre-shared keys, which, I don't remember what it's called, but it's some kind of rotating or assigned key that the IT department of the company can manage (instead of the router).a

What you seem to be talking about is the difference between various security options, such as:

• WPA-PSK [TKIP]

• WPA-PSK [AES]

• WPA-PSK [TKIP]

+ WPA-PSK [AES]

All of those above are WPA2/PSK.

| Are we talking about the ROUTER "admin" password? | Or are we talking about the ESSID encryption passcode? | | They're different things. | "I" was talking about the router admin password. |

Yes. I don't know why people are making this so complicated. There have been cases of routers being hacked, sometimes because they're set with default passwords that don't get changed. Not a big issue. Just one thing to make sure you have covered.

Micky wrote, on Wed, 23 Dec 2015 11:24:16 -0500:

You can't go wrong with almost any "ac" router nowadays. An "ac1200" router will be just fine for almost any household.

Don Y wrote, on Wed, 23 Dec 2015 12:57:02 -0700:

Jeff Liebermann knows this stuff much better than I do, but here is what he taught me.

WORSE THAN YOU SAID:

1. If you hide your SSID, then your laptop has to look for it on purpose, which it dutifully does (that's how it finds it). However, that also means that when you boot your laptop at Starbucks, it *still* looks *first* for your hidden IP (because your laptop has no idea you're at Starbucks yet). Only after your laptop can no longer find the SSID it wanted first, does the laptop look for *other* broadcast SSIDs.

Hence, you have *worse* privacy at a hotspot when you decide to not broadcast your SSID at home.

MOSTLY TRUE WHAT YOU SAID:

1. Making your SSID obscure is critical if you want to stay out of rainbow hash tables. Anyone who knows YOUR SSID already can download a hash table that allows them to log into your router using the SSID as a "salt".

So you really really really want to have a UNIQUE ESSID!

MORE CONSIDERATIONS:

1. In addition, you don't want your unique ESSID to pinpoint you, so don't name it after your last name or your address.

1. One more thing, the BSSID (i.e., the MAC address) of your router is what Google puts into its database when that spycar drives down your road. Short of putting up a sign saying "private road", you can't stop them from driving past your home and gathering your BSSID and those of your neighbors.

One thing you can do is change your ESSID to have "_nomap" on the end of it, which Google says they won't keep. Yes, I know, they expect the entire world to opt out manually that way, which is silly, but that's what they do.

Otherwise, you'll need to change *both* your ESSID and your BSSID (MAC address) periodically, so that Google databases no longer have accurate records. (You can't do anything about your stupid neighbors though, so, you're already doomed.)

Well, I just googled and there is something called SMTP Server / IP Address

How to Find My SMTP Server IP Address

Click "Start," then "Run" and type "cmd" in the box that appears.

Press enter. A command window will appear.

Type "ping," a space and then the name of your SMTP Server. For example, type "ping smtp.server.com" and press "Enter." The window will then try to contact the SMTP server by the IP address. It will say, "Pinging x.x.x.x with 32 bytes of data." The "x.x.x.x" will be the SMTP server's IP address.

So I'm debating whether I should put [ ] around the number and then it turns out, even without the [ ] there isn't enough room for the entire number!! Even thnough it's the standard length 3,2,3,3 = 11 plus 3 dots. So I removed the smtp value and put only the IP address, and sent it, and that didnt' work either.

Turn OFF PING BACK.

In case it isn't already off. Then ask your IP for a new address - which can be as simple as turning off your broadband router for five minutes.

John :-#)#

--
(Please post followups or tech inquiries to the USENET newsgroup) 
John's  Jukes Ltd. 2343 Main St., Vancouver, BC, Canada V5T 3C9 
(604)872-5757 or Fax 872-2010 (Pinballs, Jukes, Video Games) 
                      www.flippers.com 
        "Old pinballers never die, they just flip out."

If you are worried, block the port and see what happens.

You are seeing outside devices the "[LAN access from remote] from

93.38.179.187:9000" part, using port 9000 the ":9000 " part and trying to connect to your child's sony playstation. Presumably he or she is playing a game on-line and there is some sort of interactive content, maybe voice or video message chat or something.

Since your router appears to support UPNP, it is probably automatically opening connections on this port to allow network traffic like I described above (some sort of online in-game chat or something).

I don't think it is something to be too concerned about, but if you are concerned about this type of network traffic, you could either disable UPNP on your router or maybe disable port 9000 in the firewall rules (if the router supports this) of course this may disable the online gaming capability of the sony playstation, much to your childs' dismay.

Video games consoles that connect to the internet are likely sending all sorts of traffic back and forth through your router. You might try looking up what types of services typically use port 9000. I bet you find that it is a typical port used by sony playstions for on-line gaming. As everything from refrigerators to thermostats go online there will be much more unidentifiable traffic going through our routers.

Best of luck,

S Sinzig.