
how-to block ads
|
|
Uniqs: 2802 |
Share Topic  |
 |
|
|
|
 | Strange router log entries So I just got Fios, I posted here like a week ago, about switching from comcast cable to fios, your replies helped alot in the decision i made, which I am happy with The TV service is great, and the internet is fast (much faster then cable), the install guy was nice
But today i decided to look through all the router settings, I needed to forward some ports that were forwarded on my old router
While looking through these settings, i found the security log, so i thought id take a look, and heres what i got:
quote: Jul 4 00:22:01 2009 Firewall Info User authentication success Username: admin
Jul 4 00:21:51 2009 Firewall Info User authentication failure Invalid password. Username: admin
Jul 4 00:48:48 2009 Firewall Setup Configuration change WBM user Unknown (0.0.0.0) has changed security settings[repeated 3 times, last time on Jul 4 00:49:50 2009]
Jul 3 19:06:37 2009 Firewall Info User authentication success Username: admin
Jul 3 18:52:33 2009 Firewall Setup Configuration change WBM user Unknown (0.0.0.0) has changed security settings[repeated 3 times, last time on Jul 3 18:54:59 2009]
Jul 3 18:33:04 2009 Firewall Setup Configuration change WBM user admin (192.168.1.5) has changed security settings[repeated 6 times, last time on Jul 3 18:52:16 2009]
Jul 3 17:39:26 2009 Firewall Info User authentication success Username: admin[repeated 2 times, last time on Jul 3 18:28:15 2009]
Jul 3 16:25:11 2009 Firewall Setup Configuration change WBM user Unknown (0.0.0.0) has changed security settings[repeated 7 times, last time on Jul 3 17:34:10 2009]
Jul 3 15:31:05 2009 Firewall Info User authentication success Username: admin
Jul 3 14:10:44 2009 Firewall Setup Configuration change WBM user Unknown (0.0.0.0) has changed security settings[repeated 2 times, last time on Jul 3 15:01:42 2009]
Jul 3 14:09:35 2009 Firewall Info User authentication success Username: admin
Jul 3 14:07:17 2009 Firewall Setup Firewall status changed enabled
Jul 3 14:07:16 2009 System Log Message The system is UP!
The WBM user Uknown is what im worried about, the admin's are me (the failed pass was me to cause im so used to my old pass)
At first I thought it was the fios guy, using his special thing to configure stuff, but its on there after the fios guy left, including today, and the router hasnt been shut off since it was first started up yesterday, so there would be no reboot settings changes
Also i have another wireless user on the network, the name is new-host, today its new-host2, it was there when the fios guy was here (after he set up the first computer i looked at some of the router settings) so i assumed it was him, but it was still there even after he left, but since it was there almost as soon as the router was up i figured it was just part of the network some how
Device information doesnt give alot of info on it, and testing the connectivity to it fails every time, so i thought it was some sort of glitch, but now the security changes from an unknown user has me wondering
Is new-host and the unknown security changes normal?
Router Info- Model: MI424WR-GEN2 (rev E) Firmware: 20.9.0
Also, how can you change the admin pass, i looked every where but cant find it | |  birdfeedrPremium,MVM join:2001-08-11 Warwick, RI kudos:5 1 edit | Take a look at this thread. »[northeast] Log From My Router - I'm Curious and Concerned It does not come to a conclusion, but it explains some things that might help you interpret what you see.
If it was me, I'd power off the router for a few seconds, then power back on. That will start the log fresh and you'll see every entry that you made happen. I'd also turn off UPnP, which is on by default. Unless you use applications which rely on it. It's not concluded in that thread, but I'd venture a good guess your log entry is what you'd get as a result of UPnP activity.
Changing your password is a great idea. Install tech probably set it to password1 as part of his SOP. You can change it in Advanced / Users / edit the entry
FWIW, this may be a slightly different version of your message. Jul 3 20:13:51 2009 Firewall Setup Configuration change Internal application has changed security settings
[edit to add source]From a Rev.A Actiontec with 10.0.11.6 firmware. | | |
|  | It might be UPnP, if thats the way upnp changes are shown in the log
I changed the pass for admin
Since I just got the router it was probably just setting up for some of the stuff I use, when I used it I forgot about UPnP
Im probably just worrying about nothing, but Ill keep a close eye on it
Thanks alot for all your help | |
|