Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Networking (https://www.cableforum.uk/board/forumdisplay.php?f=87)
-   -   216.218.206.86 in VPN log (https://www.cableforum.uk/board/showthread.php?t=33707902)

roughbeast 23-07-2019 19:21
216.218.206.86 in VPN log
 
What's all this then?

Jul 18 03:06:19 13[IKE] 216.218.206.86 is initiating a Main Mode IKE_SAJul 18 14:29:25 06[IKE] 218.75.37.18 is initiating a Main Mode IKE_SAJul 18 14:55:12 10[IKE] 218.75.40.147 is initiating a Main Mode IKE_SAJul 19 03:39:10 09[IKE] 216.218.206.126 is initiating a Main Mode IKE_SAJul 20 03:14:32 02[IKE] 216.218.206.78 is initiating a Main Mode IKE_SAJul 21 04:35:26 02[IKE] 216.218.206.122 is initiating a Main Mode IKE_SAJul 22 02:24:01 06[IKE] 216.218.206.102 is initiating a Main Mode IKE_SAJul 23 03:17:03 10[IKE] 216.218.206.90 is initiating a Main Mode IKE_SA

I spotted this in my IPSec VPN log. What are the IP addresses 218: ** 216: ** ? Is this something malevolent. My general router log doesn't show a successful attempt to connect to my VPN, but is this an attempt?

Hom3r 23-07-2019 20:33
Re: 216.218.206.86 in VPN log
 
What IP is the VPN using?

pip08456 23-07-2019 23:30
Re: 216.218.206.86 in VPN log
 
A Whois lookup of the first IP reveals this.

https://www.abuseipdb.com/check/216.218.206.86

roughbeast 24-07-2019 08:43
Re: 216.218.206.86 in VPN log
 
Quote:
Originally Posted by Hom3r (Post 36003864)
What IP is the VPN using?
My VPN is using my WAN IP but I also have DDNS configured.

---------- Post added at 08:43 ---------- Previous post was at 08:32 ----------

Quote:
Originally Posted by pip08456 (Post 36003878)
A Whois lookup of the first IP reveals this.

https://www.abuseipdb.com/check/216.218.206.86
Thanks for the info.

So we are talking about an illegal hack attempt? I assume malevolence, but is it dangerous? If so, what can the attack achieve for the hackers? Given that this is a common and potentially widespread issue the attack is probably automated.

My security keys are strong, but I guess I ought to change them more often.

It's popped up again this morning, but this time with a variation in source IP.

Jul 24 01:41:02 05[IKE] 216.218.206.98 is initiating a Main Mode IKE_SA

tweetiepooh 24-07-2019 10:22
Re: 216.218.206.86 in VPN log
 
That last address is the same owner as the previous.

Could this simply be that someone/thing has spotted the service on your IP and is now probing and trying to force a connection?

pip08456 24-07-2019 13:24
Re: 216.218.206.86 in VPN log
 
Quote:
Originally Posted by tweetiepooh (Post 36003911)
That last address is the same owner as the previous.

Could this simply be that someone/thing has spotted the service on your IP and is now probing and trying to force a connection?
I tend to agree. Automated port sniffers are widespread.

Quote:
There is no question whether hackers are, in fact, currently sweeping the Internet for the presence of exposed and vulnerable consumer Internet routers in order to gain access to the private networks residing behind them. Just such hacking packets are now being detected across the Internet. Scanning is underway and the threat is real.
I suggest you give Shield's Up test a go.

https://www.grc.com/x/ne.dll?bh0bkyd2

roughbeast 24-07-2019 14:10
Re: 216.218.206.86 in VPN log
 
Quote:
Originally Posted by pip08456 (Post 36003926)
I tend to agree. Automated port sniffers are widespread.



I suggest you give Shield's Up test a go.

https://www.grc.com/x/ne.dll?bh0bkyd2
OK I tried your link, first of all without, VPN. My unique "machine name" was revealed. However, when I tried a VPN location in the Netherlands, it wasn't revealed.

I then proceeded to the all-important test without VPN. Here I got "THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES!"

That is good news, especially considering I have UPnP enabled on my ASUS.

I was running uTorrent at the time, well known for letting outside servers know your local ip address, but that is behind a proxy server.

Would I be right in saying that I am pretty secure? I am visible to hacker scanners, because my WAN IP is easily found, but I am impenetrable with or without VPN. Naturally, I have my router firewall enabled, also DoS protection. Ping response is turned on.

pip08456 24-07-2019 14:31
Re: 216.218.206.86 in VPN log
 
Sounds like you'll be OK.

alanbjames 26-07-2019 04:01
Re: 216.218.206.86 in VPN log
 
Does that shields up test still stand up to todays security? its years old.

pip08456 26-07-2019 04:02
Re: 216.218.206.86 in VPN log
 
Quote:
Originally Posted by alanbjames (Post 36004161)
Does that shields up test still stand up to todays security? its years old.
Yes.


All times are GMT +1. The time now is 17:49.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.