dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
456
hardstyler
join:2013-02-17
34100

hardstyler

Member

strange logs usg 100 with no pc, server, nas active: internet only!!!

log.txt
139,914 bytes
log
Please help me for this log if you can:

details:

this is the usg 100 log from 2.26 am to 8 am: modem/router dsl connected to internet and the usg 100 connected to it and stop, no pc, no nas, no server, nothing: they are all powered off!!!

I have in the usg IDP service active but, before activating logs, they were the same with idp off and daily check for updates on. (and updates off?? trying...)
in the usg I have no vpn active, there are rules but are off, no nat for servers, is only active the http/https of, of course, the WWW settings for the gui but it is not reachable from the web, no rules active for that.

the modem/router dsl also have nothing strange, no services, upnp off, dhcp server on, wifi off, remote management off, nothing.

all for both appliances is set as before, no changes. And....yes, I re-applied latest firmwares in both and re-set all by hand, no config files applied, so I can't really understand this logs cause they were the only appliances connected to internet, no pc, servers, nas etc...

could be that primary telecom company is upgrading lines from copper only, to fiber and copper? (fttc introduced and started installations november 2012 for a stupid 30/3 Mb/s) but IPs are not from italy?

note: when you see "192.168.100.1" don't panic, is the first hop and is correct to block it, but if it is not blocked, nothing changes, is normal according to the isp.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

Brano

MVM

Just ignore, the USG is blocking these as it should.

The 192.168.100.1 to 224.0.0.1 are multicast advertisements from your ISP's router.

Some reading here »en.wikipedia.org/wiki/Mu ··· _address
hardstyler
join:2013-02-17
34100

hardstyler

Member

mmmmh Brano multicast is not the problem...the problem is that log shows constant attempts from IP from India, USA, Russia, China, Brazil, Canada, Poland, Korea etc....they warned me cause they occur,also, when the dsl modem and usg are connected to internet and there is NO pc, server, nas, nothing, connected to them and active.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

1 edit

Brano

MVM

That's absolutely normal chatter on internet. (Malicious) IP's are trying, firewalls are blocking them. Your firewall is doing it's job. Turn off logging on your default rule if it's bothering you too much. There's nothing else you can do about it.
hardstyler
join:2013-02-17
34100

hardstyler

Member

ok thank you. The reason about asking this is not cause I'm new in networking (really not!) but because till 10 days ago I never seen tons of malicious traffic and the fact this is happening ahahah I was thinking my appliance usg or the modem could be compromised...but yes, as you can say the firewall is blocking so there is no problem.

thank you, hope these attacks will stop soon!
hardstyler

hardstyler

Member

another problem now, had in the past and solved only with a total reset then reconfig from zero by hand of course.

the problem is that when i want to browse the gui it is fast. When i want to load a page fro example google, it is super slow or if loading other pages they will never be loaded or extremly slow to load them.

I had this problem sometimes but the only solution was reset and reconfigure, loading a config file was impossible cause never solved the problem! Trying for hours now...the only solution is saturday night to reconfigure all. Frustrating appliance, really annoing!!!!

tried also reset button, reloaded of the firmware, load of the base config file provided with the fw then reboot and apply my config file =impossible to browse fast, only the gui.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

I'd start examining MTU size, maybe something funky is going on there. Another possibility is that your WAN side is hammered too hard with attacks. Try renewing the ISP connection and obtaining new IP.
...and check your IM.
hardstyler
join:2013-02-17
34100

hardstyler

Member

ok thank you. Solved only reconfiguring all by hand, really don't know why but was the only solution. Ah...also that attacks stopped!