There is what appears to be an iPhone connecting to your router.
You can look up the first half of the MAC address (the OUI) to see what kind of device it appears to be from:
Denis' MAC address is the following: (70-3E-AC) (DE-14-94)
The organizationally unique part is the first half: (70-3E-AC)
That indeed is an Apple device OUI: 703EAC indeed resolves to "Apple, Inc."
I don't know of *any* router that does *not* keep logs. Usually they start at reboot time, and go on forever from there. For my Netgear router, I log in and then go to: Advanced > Administration > Logs
Cable should be the worst, as I understand it, since anyone in your neighborhood on the same cable is essentially connected to you as I understand it.
So, I'd be sure to have a router, but, as we all know, anyone who knows what they're doing can get past our cheap routers.
The thing is that most routers don't allow a password greater than 8 characters (from my experience). Sure, they'll *let* you type a long password - but they'll take anything (or nothing) after the first 8 characters.
Try it. That's how "my" router works.
Oh, I have everything. Windows. Linux. OS/X. iOS, Android. Printers. And other devices (like the playstation).
Which router password are you talking about?
I tried that but it highlighted the whole page, not just the data.
So it was easier to use to the cursor to choose what to highlight.
My firmware is almost 11 years old. Maybe D-Link has refined it by now.
Plus there are 20 pages of data, each requiring separate copying, so I was hoping to get all 20 pages in one email.
And that includes only System Activity, Attacks, and Notice, not Debug Information and Dropped Packets.
Later I will check those to see what shows up.
PSK? How about AES?
Mine doesn't show the time anywhere, but if yours shows the current time, that's good enough for me.
I noticed that because some families have so many wireless devices, they've redesigned routers and now many are 100 to 200 dollars. That means I should be able to get a 2-year old one cheap. Actually I bought cheap at a hamfest what I thought was identical, and only noticed a year later that it was a router like mine but without the wireless part. Now is a bad time to try it because every day I may wish to print the crossword.
Good to know. Thanks.
So that means it's an Apple device, like an iphone.
Not that it's someone working at Apple, inc.!
No, the control panel is on the computer.
You have to go to the router. The address is in the manual. In D-link and I think maybe all of them it's http://192.168.0.1
I had RCN too, dialup, but after years of their promising high-speed, I decided they were kidding, so I had to go to Verizon.
They said I could have email only, with no access to the net, for 3 a month, but then 4 months later, with no warning, they took away my ability to send email, and because of the way Eudora is set up, it's not totally obvious how to change the settings to send only via Verizon. (They also did 3 other bad things to me. And currently, if my credit card number changes and the automatic payment doesn't work, they told me I had told them not to send either an email or a postal mail. I never said that. So 3 times over several years they disconnected me with no warning, and one time they threw away all my email, including any I hadn't downloaded yet.
Later they raised it from 3 to 4 a month.
Now if they won't notify me both ways, I asked to be notified by email, but they said they won't do that. it's an email company but they won't notify me by email.
How has your customer service been?
That's what I said in another post. I was referring to Erols/RCN.
| > First, do you have a good, long password for | > your router? You should. Maybe 20 characters. | | The thing is that most routers don't allow a password greater | than 8 characters (from my experience). Sure, they'll *let* | you type a long password - but they'll take anything (or nothing) | after the first 8 characters. | | Try it. That's how "my" router works. |
I tried it. I entered the first 13 characters. It didn't let me in. I've never heard of an 8-char limit.
| > You didn't mention what computers you have. | > Assuming Windows... | | Oh, I have everything. Windows. Linux. OS/X. iOS, Android. | Printers. And other devices (like the playstation). |
I don't see any scanning or contact in my logs, but I also only use computers, with no networking, and get informed by my firewall about unrequested incoming. You may not have much option with Playstation. I assume it's not under your control. But you should have firewalls on your computers that will drop incoming requests. (Though that's one of the many shortcomings of Linux in my book. Last I checked, Linux firewalls could stop incoming but didn't monitor outgoing.)
...
Informational logs, not a warning or critical error.
It's how the games can only work. Your uPNP enabled router is port forwarding that incoming traffic to a specific machine on your LAN, your kid's playstation. It would take a flaw, or a hack, in your router for this traffic to go anywhere else.
Personally, I wouldn't have a problem with it.
Try playing about with anything that uses peer-to-peer services like Skype, Spotify or torrent programs and you'll see much the same logs.
Have your kid take a break from that game and you both have a read of the following Microsoft ebook on
| > That's interesting. I didn't know routers kept logs. Did | >you find that by logging in to the "control panel"? | | No, the control panel is on the computer. | | You have to go to the router. The address is in the manual. In | D-link and I think maybe all of them it's http://192.168.0.1
Yes. That's what I was referring to. I think of it as a control panel. I'm not sure whether it's called that. My web host, too, calls it a control panel when I log in.
| > | > I used to get a lot of attempts to get into my computer | >when I had dialup. That mostly stopped with cable, though | >I have caught my cable company, RCN, trying to get | | I had RCN too, dialup, but after years of their promising high-speed, | I decided they were kidding, so I had to go to Verizon. | | They said I could have email only, with no access to the net, for 3 a | month, but then 4 months later, with no warning, they took away my | ability to send email, and because of the way Eudora is set up, it's | not totally obvious how to change the settings to send only via | Verizon. (They also did 3 other bad things to me. And currently, | if my credit card number changes and the automatic payment doesn't | work, they told me I had told them not to send either an email or a | postal mail. I never said that. So 3 times over several years | they disconnected me with no warning, and one time they threw away all | my email, including any I hadn't downloaded yet. | | Later they raised it from 3 to 4 a month. | | Now if they won't notify me both ways, I asked to be notified by | email, but they said they won't do that. it's an email company but | they won't notify me by email. | | How has your customer service been? |
I've found the service to be very good. Customer service is 24/7, and seems to be American. Recently we got an upgraded modem because speeds were slow, and that seems to have fixed it. In the process they accidentally disconnected my separate RCN phone wire. But then they came the next morning and upgraded that as well, for free.
My only complaint is that they periodically raise the price for no reason. But then if we call up they agree to lower it again. ?? It seems to be the new strategy: Fleece the customer base and then be nice to anyone who complains. I suppose a lot of people are now on auto-payment and don't notice. Considering complaints I hear from customers of other companies, I feel very content with RCN. But I never had dialup with them.
I get ads about every two weeks for Verizon FIOS. They have several inches of tiny fine print, in light gray, that I can't even read with glasses on. There's no way to find out the actual cost of the service. It's like an ad out of a cartoon. I have no need for FIOS, anyway. Recently a salesman came to the door. He wanted to tell me that Verizon had some spiffy new wiring and that I should switch. I told him how Verizon keeps sending ads but won't even tell me what the product costs. He miled and said, "That's why I'm here." Then I said goodbye to him and closed the door. They must be making very big profits to justify sending out salesmen.
But that problem is not just with Verizon. A couple of years ago I went around to cellphone providers to find out what a basic plan costs. ATT/Verizon/Sprint/T-Mobile. All of them had plans starting at $40. Not one could/would tell me what the actual bill would be after the various scam fees and taxes were added on.
I have never not used DHCP.
How do we do assign permanent IP addresses when devices come on and off the network all the time?
Do we attach the IP address to the MAC address of the device?
For example, if the Android phone is MAC address DE:AD:BE:EF:CA:FE, do we attach the IP address 192.168.1.10 to *that* MAC address from the router?
Or, is there some other way of doing it from the device itself?
I have run wifi-radar, kismet, and iwscanner, but the output is horrendously cryptic.
I hear there is Wireshark, AirShark, netstumbler, & netcrumbler, so, maybe one of those has easier to read output?
In any browser session, you can also use "control F" and then type in what you're looking for.
Then select just that which you found.
F3 moves to the next find. Shift F3 moves backward to the previous find.
Makes sense.
Let me know if you figure out the email because I didn't figure it out myself on mine, and my firmware is fully up to date.
If you can get an IP address like I did on my router logs, you can run a "whois" command which will reverse IP check.
If it's coming from Apple, whois will tell you that.
Of course, most of the time "I" run it, the IP address is coming from China, but even that can be spoofed with VPN or some other means.
Are we talking about the ROUTER "admin" password? Or are we talking about the ESSID encryption passcode?
They're different things. "I" was talking about the router admin password.
I think you're talking about different things that have nothing to do with each other.
AFAIK, WPA2 is the strongest "we" can generally get (being normal homeowners and not corporations) on our routers.
For us, the PSK (pre-shared key) is the way "we" homeowners do WPA2. It just is.
However, if we were a corporation, we could do more with WPA2 than pre-shared keys, which, I don't remember what it's called, but it's some kind of rotating or assigned key that the IT department of the company can manage (instead of the router).a
What you seem to be talking about is the difference between various security options, such as:
All of those above are WPA2/PSK.
[snip]
LOL!
Aw, c'mon, Ed, don't be a spoilsport. Won't you share her response to that "perfect squelch" with us?
Your attack surface is *anything* that can be exposed and/or infiltrated from the outside.
There may be an exploit *on* the PlayStation that is being probed (or, actively being USED!). If can get a foothold, anywhere, then it can advance from there further into your internet.
Your son's -- along with your own -- activities OUTSIDE your personal internet make your "public" IP address (the one on the upstream side of your router) visible to external entities.
[unless you are double NAT'ed by your upstream provider]Anything that your "house" (network) talks to now knows where you are. Likewise for anything you talk *through* (e.g., any of your provider's equipment, any other routers on The Internet, etc.). You've in effect, said, "Here We Are!"
This is just common sense: if you wanted something *from* something (else) on The Internet, you had to contact that and, in doing so, provide a means by which it could deliver a REPLY to *you* (and not your neighbor, the guy down the block, etc.)
They may not be "attacks". They may be *probes* -- machines trying to connect to the machine in question to determine if an exploit is "available", there ("Hmmm... let me see if I can infiltrate this particular machine at this particular IP address by taking advantage of a BUG that exists in its software; a bug that I can tickle by doing THIS!...")
It may also be "normal operation" for some application that is running on that machine. Or, that *was* running, there.
You'd actually have to use a packet sniffer to examine the actual messages being sent to the machine/port in question and hope to recognize them as hostile or benign.
Of course, if the messages originate at HackersRUs.com, that cold give you a heads up! :>
Some possible scenarios (without examining the IP's in detail) without trying to be exhaustive nor in any particular order:
- Someone (your son?) is participating in an online, multiagent activity (e.g., game) and the nature of the activity requires others to share information about each participant's actions, etc.
This can be done with a large, single-server that handles every player currently engaged in that activity. Each person (player) connects to that server and learns what is happening in the activity, interacts with that server which, in turn, informs the other players of his activities while informing *him* of their activities.
This would manifest (in your logs) as lots of traffic to a single IP; the IP of the "server" for that activity (game).
But, this sort of approach doesn't "scale well". It requires a single server to handle all of the activities of EVERYONE participating in that shared event! As more folks want to participate, things can get sluggish -- more work for the server in the same amount of time!
This can be alleviated, to some extent, by hiding a BUNCH of servers behind a single address (a "cluster") and *internally* splitting out the work to different physical machines. This is how google can appear to be so fast -- there are literally thousands of machines handling all those requests yet giving the illusion of a single one!
But, it still funnels all network traffic to a single point. So, makes the "shared activity" more vulnerable to network congestion. A bottleneck at any point is reflected back to the participants as a "pause"/hiccup in normal operation. For an INTERACTIVE activity, this is highly undesireable. You don't want the activity to appear to progress in fits and spurts!
And, it's not very reliable: the server crashes (or, it's single external contact point) and the world ends!
So, you *distribute* the activity to other servers -- potentially in physically distant locations! They talk with each other (directly or indirectly) to coordinate their knowledge of The Activity and also communicate with the participants to inform them of the current state of the activity as well as get input regarding their desired actions.
This could explain why several different IP's are connecting to your machine -- each trying to update some information about your actions *or* update the software in your machine regarding their "models" of the current state of the activity, from their individual points of view.
They may simply be trying to determine if you're "still playing".
- Something has made some *other* thing aware of your presence and that other thing has informed still others of your location. E.g., you connected to an application's server and it has told other entities about your whereabouts -- for whatever purpose. They are then attempting to connect to an application in your machine (one that is expected to be listening on port 9000) to offer their services. E.g., they may be "advertising" shared activities (see above) that are currently happening on their servers so you can opt to join in.
- Something is aware of your presence and is trying to probe a potential weakness/exploit on your system by connecting to some buggy software that is currently listening on port 9000. Based on how/if you respond to its probes, it may refine its probes to more specifically target your particular version of said software ("Ah, he's running version XYZ! That one has patched this old bug but hasn't, yet, patched this *new* bug! Let me try to get in using this OTHER trick...")
- Something is just hammering away at everything it finds in the hope that it encounters something that it can use (abuse). This, for example, is how spam works: send it to EVERYONE and hope *someone* is foolish enough to reply!
- Something in your machine (malware?) is reaching out and INVITING others to connect to it -- for whatever purpose. It may be part of a distributed command and control cluster that is delivering SPAM to folks. Or, actively targeting a defense contractor. Or...
That's why network security is hard! Most folks don't have the tools *or* the expertise to understand what is happening. Nor the vigilance to catch it *as* it is happening!
Next time you grumble about some highly publicized "breach", imagine what it's like for the security folks at some of these "ripe targets" trying to sort through millions of contacts each hour and determine which are malicious vs. benign!
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.