• October 12, 2024, 03:11:15 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Is this hacking?  (Read 8151 times)

mercurey

  • Level 1 Member
  • *
  • Posts: 23
Is this hacking?
« on: February 26, 2013, 10:30:23 AM »

Subject: Is this hacking?

Suspect 1: Who is trying the ping www.dlink.com ?
I have been used the model DIR-825 during 1 year, but I could not see that ping command in the log.

Suspect 2: I had experienced that my notebook alert that DIR-825’s shareport has reconnected. Why the DIR-825 lost the private connection while I sleeping?
Comment: DIR-825(IP: 10.10.100.97/28) is private using only. The internet gateway is setting to DIR-655(:192.168.90.97/29).

Please, see the log at Feb 26 05:00:04.
==
Feb 26 09:34:16    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 09:33:53    debug     UDHCPD sending ACK to 10.10.100.105
Feb 26 09:33:53    info     UDHCPD sending OFFER of 10.10.100.105
Feb 26 09:33:51    debug     UDHCPD sendOffer : find a free IP
Feb 26 08:50:26    notice     Blocked incoming TCP SynAck packet from 96.16.237.15:443 to 192.168.90.99:53028 with unexpected sequence
Feb 26 05:01:54    info     QoS engine: measured bandwidth is larger than 2048 kbps, not activated QoS.
Feb 26 05:00:04    info     ping www.dlink.com fail, try again.
Feb 26 04:59:12    info     read /etc/hosts - 1 addresses
Feb 26 04:59:12    info     using nameserver 8.8.8.8#53
Feb 26 04:59:12    info     using nameserver 192.168.90.97#53
Feb 26 04:59:12    info     reading /etc/resolv.conf
Feb 26 04:59:12    info     compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N no-TFTP
Feb 26 04:59:12    info     started, version 2.41 cachesize 150
Feb 26 04:59:12    notice     klogd started: BusyBox v1.01 (2012.01.20-10:24+0000)
Feb 26 04:59:02    info     read /etc/hosts - 1 addresses
Feb 26 04:59:02    info     using nameserver 8.8.8.8#53
Feb 26 04:59:02    info     using nameserver 192.168.90.97#53
Feb 26 04:59:02    info     reading /etc/resolv.conf
Feb 26 04:59:02    info     compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N no-TFTP
Feb 26 04:59:02    info     started, version 2.41 cachesize 150
Feb 26 04:59:02    notice     klogd started: BusyBox v1.01 (2012.01.20-10:24+0000)
Feb 26 04:26:29    notice     Blocked incoming TCP SynAck packet from 207.58.178.63:80 to 192.168.90.99:54334 with unexpected sequence
Feb 26 04:26:29    notice     Blocked incoming TCP SynAck packet from 207.58.178.63:80 to 192.168.90.99:54333 with unexpected sequence
Feb 26 04:26:29    notice     Blocked incoming TCP SynAck packet from 207.58.178.63:80 to 192.168.90.99:54336 with unexpected sequence
Feb 26 04:26:29    notice     Blocked incoming TCP SynAck packet from 207.58.178.63:80 to 192.168.90.99:54338 with unexpected sequence
Feb 26 04:24:20    notice     Blocked incoming TCP SynAck packet from 175.41.9.70:80 to 192.168.90.99:54311 with unexpected sequence
Feb 26 04:16:24    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 03:55:45    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 03:49:35    notice     Blocked incoming TCP SynAck packet from 175.41.9.130:80 to 192.168.90.99:53847 with unexpected sequence
Feb 26 03:48:33    notice     Blocked incoming TCP SynAck packet from 175.41.12.68:80 to 192.168.90.99:53698 with unexpected sequence
Feb 26 03:48:33    notice     Blocked incoming TCP SynAck packet from 175.41.12.68:80 to 192.168.90.99:53697 with unexpected sequence
Feb 26 03:47:12    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 03:45:22    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 03:04:03    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 02:10:22    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 02:08:53    debug     UDHCPD sending ACK to 10.10.100.105
Feb 26 02:08:53    info     UDHCPD sending OFFER of 10.10.100.105
Feb 26 02:08:53    debug     UDHCPD sendOffer : client is in lease/offered table
Feb 26 02:08:53    info     UDHCPD sendOffer : device_lan_ip=10.10.100.97 , device_lan_subnet_mask=255.255.255.240
Feb 26 01:50:40    info     Log cleared by Administrator
==

I have been use two router(DIR-655 & DIR-825).
One(DIR-655) is for the internet gateway; the other(DIR-825) is for the connection to the private notebooks behind internet.
* The DIR-655 scheduled rebooting at 4:59AM by AC timer.
** The DIR-825 connected AC adaptor(there is no timer).
*** The dir-825: Hardware Version: B1     Firmware Version: 2.07NA.

IS this hacking?

« Last Edit: February 26, 2013, 10:34:25 AM by mercurey »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Is this hacking?
« Reply #1 on: February 26, 2013, 10:39:53 AM »

Subject: Is this hacking?

Suspect 1: Who is trying the ping www.dlink.com ?
I have been used the model DIR-825 during 1 year, but I could not see that ping command in the log.
Maybe the router attempting to check for FW updates..

Suspect 2: I had experienced that my notebook alert that DIR-825’s shareport has reconnected. Why the DIR-825 lost the private connection while I sleeping? This might be the notebooks inability to recover from sleep mode the connection or the way it's configured when it goes to sleep and exits from sleep, all power is turned off to the WiFi adapter or LAN port while sleeping I believe.

Comment: DIR-825(IP: 10.10.100.97/28) is private using only. The internet gateway is setting to DIR-655(:192.168.90.97/29).

Please, see the log at Feb 26 05:00:04.
==
Feb 26 09:34:16    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 09:33:53    debug     UDHCPD sending ACK to 10.10.100.105
Feb 26 09:33:53    info     UDHCPD sending OFFER of 10.10.100.105
Feb 26 09:33:51    debug     UDHCPD sendOffer : find a free IP
Feb 26 08:50:26    notice     Blocked incoming TCP SynAck packet from 96.16.237.15:443 to 192.168.90.99:53028 with unexpected sequence
Feb 26 05:01:54    info     QoS engine: measured bandwidth is larger than 2048 kbps, not activated QoS.
Feb 26 05:00:04    info     ping www.dlink.com fail, try again.
Feb 26 04:59:12    info     read /etc/hosts - 1 addresses
Feb 26 04:59:12    info     using nameserver 8.8.8.8#53
Feb 26 04:59:12    info     using nameserver 192.168.90.97#53
Feb 26 04:59:12    info     reading /etc/resolv.conf
Feb 26 04:59:12    info     compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N no-TFTP
Feb 26 04:59:12    info     started, version 2.41 cachesize 150
Feb 26 04:59:12    notice     klogd started: BusyBox v1.01 (2012.01.20-10:24+0000)
Feb 26 04:59:02    info     read /etc/hosts - 1 addresses
Feb 26 04:59:02    info     using nameserver 8.8.8.8#53
Feb 26 04:59:02    info     using nameserver 192.168.90.97#53
Feb 26 04:59:02    info     reading /etc/resolv.conf
Feb 26 04:59:02    info     compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N no-TFTP
Feb 26 04:59:02    info     started, version 2.41 cachesize 150
Feb 26 04:59:02    notice     klogd started: BusyBox v1.01 (2012.01.20-10:24+0000)
Feb 26 04:26:29    notice     Blocked incoming TCP SynAck packet from 207.58.178.63:80 to 192.168.90.99:54334 with unexpected sequence
Feb 26 04:26:29    notice     Blocked incoming TCP SynAck packet from 207.58.178.63:80 to 192.168.90.99:54333 with unexpected sequence
Feb 26 04:26:29    notice     Blocked incoming TCP SynAck packet from 207.58.178.63:80 to 192.168.90.99:54336 with unexpected sequence
Feb 26 04:26:29    notice     Blocked incoming TCP SynAck packet from 207.58.178.63:80 to 192.168.90.99:54338 with unexpected sequence
Feb 26 04:24:20    notice     Blocked incoming TCP SynAck packet from 175.41.9.70:80 to 192.168.90.99:54311 with unexpected sequence
Feb 26 04:16:24    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 03:55:45    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 03:49:35    notice     Blocked incoming TCP SynAck packet from 175.41.9.130:80 to 192.168.90.99:53847 with unexpected sequence
Feb 26 03:48:33    notice     Blocked incoming TCP SynAck packet from 175.41.12.68:80 to 192.168.90.99:53698 with unexpected sequence
Feb 26 03:48:33    notice     Blocked incoming TCP SynAck packet from 175.41.12.68:80 to 192.168.90.99:53697 with unexpected sequence
Feb 26 03:47:12    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 03:45:22    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 03:04:03    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 02:10:22    info     UDHCPD Inform: add_lease 10.10.100.105
Feb 26 02:08:53    debug     UDHCPD sending ACK to 10.10.100.105
Feb 26 02:08:53    info     UDHCPD sending OFFER of 10.10.100.105
Feb 26 02:08:53    debug     UDHCPD sendOffer : client is in lease/offered table
Feb 26 02:08:53    info     UDHCPD sendOffer : device_lan_ip=10.10.100.97 , device_lan_subnet_mask=255.255.255.240
Feb 26 01:50:40    info     Log cleared by Administrator
==

I have been use two router(DIR-655 & DIR-825).
One(DIR-655) is for the internet gateway; the other(DIR-825) is for the connection to the private notebooks behind internet.
* The DIR-655 scheduled rebooting at 4:59AM by AC timer. Why do you reboot the 655?
** The DIR-825 connected AC adaptor(there is no timer). Is the 825 set up in AP mode or still using the WAN port connecting to the LAN port on the 655?
*** The dir-825: Hardware Version: B1     Firmware Version: 2.07NA.

IS this hacking? No

What ISP Service do you have? Cable or DSL?
What ISP Modem make and model do you have?

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.