| 
	
		
 
 216.218.206.86  in VPN log 
	
	
		
	
	
	
		|  23-07-2019, 19:21 | #1 |  
	| cf.mega poster 
				 
				Join Date: Jul 2008 Location: Coventry Services: Fusion Fibre 900 
					Posts: 1,789
				      | 
				
				216.218.206.86  in VPN log
			 
 
			
			What's all this then?
 Jul 18 03:06:19 13[IKE] 216.218.206.86 is initiating a Main Mode IKE_SAJul 18 14:29:25 06[IKE] 218.75.37.18 is initiating a Main Mode IKE_SAJul 18 14:55:12 10[IKE] 218.75.40.147 is initiating a Main Mode IKE_SAJul 19 03:39:10 09[IKE] 216.218.206.126 is initiating a Main Mode IKE_SAJul 20 03:14:32 02[IKE] 216.218.206.78 is initiating a Main Mode IKE_SAJul 21 04:35:26 02[IKE] 216.218.206.122 is initiating a Main Mode IKE_SAJul 22 02:24:01 06[IKE] 216.218.206.102 is initiating a Main Mode IKE_SAJul 23 03:17:03 10[IKE] 216.218.206.90 is initiating a Main Mode IKE_SA
 
 I spotted this in my IPSec VPN log.  What are the IP addresses 218: **  216: ** ?   Is this something malevolent. My general router log doesn't show a successful attempt to connect to my VPN, but is this an attempt?
 
				__________________Join Date: Jul 2008
 Location: Coventry
 Services: FusionFibre/CityFibre (900Mb FTTP;  Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV box; Synology DS920+ used as Plex server (PlexWindblown)
 |  
	|   |   |  
	
		
	
	
	
		|  23-07-2019, 20:33 | #2 |  
	| Mum 30/09/20 Dad 08/08/24 
				 
				Join Date: Mar 2004 Location: Galactic Sector ZZ9 Plural Z Alpha, A secret Moonbase (shh don't tell anybody) Age: 56 Services: 2 x TiVo 360s, SH5. Samsung Galaxy Note 10+ 5G, Ton's of Smart Home stuff, & Cuddy Toy 
					Posts: 17,257
				      | 
				
				Re: 216.218.206.86  in VPN log
			 
 
			
			What IP is the VPN using?
		 
				__________________I'm a Trustee & Secretary for a local charity
 
 STAY AT HOME: I found out that mum will never walk again as the coronavirus attacked her nervous system. She died on September 30th.
 |  
	|   |   |  
	
		
	
	
	
		|  23-07-2019, 23:30 | #3 |  
	| Sad Doig Fan! 
				 
				Join Date: Aug 2007 Location: Barry South Wales Age: 69 Services: With VM for BB 250Mb service.(Deal) 
					Posts: 11,826
				      | 
				
				Re: 216.218.206.86  in VPN log
			 
 |  
	|   |   |  
	
		
	
	
	
		|  24-07-2019, 08:43 | #4 |  
	| cf.mega poster 
				 
				Join Date: Jul 2008 Location: Coventry Services: Fusion Fibre 900 
					Posts: 1,789
				      | 
				
				Re: 216.218.206.86  in VPN log
			 
 
			
			
	Quote: 
	
		| 
					Originally Posted by Hom3r  What IP is the VPN using? |  My VPN  is using my WAN IP but I also have DDNS configured. 
 ---------- Post added at 08:43 ---------- Previous post was at 08:32 ----------
 
 
 
	Quote: 
	
		| 
					Originally Posted by pip08456   |  Thanks for the info.
 
So we are talking about an illegal hack attempt? I assume malevolence, but is it dangerous? If so, what can the attack achieve for the hackers? Given that this is a common and potentially widespread issue the attack is probably automated.
 
My security keys are strong, but I guess I ought to change them more often.
 
It's popped up again this morning, but this time with a variation in source IP.
 
Jul 24 01:41:02 05[IKE] 216.218.206.98  is initiating a Main Mode IKE_SA
		 
				__________________Join Date: Jul 2008
 Location: Coventry
 Services: FusionFibre/CityFibre (900Mb FTTP;  Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV box; Synology DS920+ used as Plex server (PlexWindblown)
 
				 Last edited by roughbeast; 24-07-2019 at 08:51.
 |  
	|   |   |  
	
		
	
	
	
		|  24-07-2019, 10:22 | #5 |  
	| Virgin Media Employee 
				 
				Join Date: Sep 2005 Location: Winchester Services: Staff MyRates  
BB: VM 1Gb
TV: VM XL
Phone : VM XL 
					Posts: 3,327
				      | 
				
				Re: 216.218.206.86  in VPN log
			 
 
			
			That last address is the same owner as the previous.
 Could this simply be that someone/thing has spotted the service on your IP and is now probing and trying to force a connection?
 
				__________________I work for VMO2 but reply here in my own right.  Any help or advice is made on a best-effort basis. No comments construe any obligation on VMO2 or its employees.
 |  
	|   |   |  
	
		
	
	
	
		|  24-07-2019, 13:24 | #6 |  
	| Sad Doig Fan! 
				 
				Join Date: Aug 2007 Location: Barry South Wales Age: 69 Services: With VM for BB 250Mb service.(Deal) 
					Posts: 11,826
				      | 
				
				Re: 216.218.206.86  in VPN log
			 
 
			
			
	Quote: 
	
		| 
					Originally Posted by tweetiepooh  That last address is the same owner as the previous.
 Could this simply be that someone/thing has spotted the service on your IP and is now probing and trying to force a connection?
 |  I tend to agree. Automated port sniffers are widespread.
 
	Quote: 
	
		| There is no question whether hackers are, in fact, currently sweeping the Internet for the presence of exposed and vulnerable consumer Internet routers in order to gain access to the private networks residing behind them. Just such hacking packets are now being detected across the Internet. Scanning is underway and the threat is real. |  I suggest you give Shield's Up test a go. 
https://www.grc.com/x/ne.dll?bh0bkyd2 |  
	|   |   |  
	
		
	
	
	
		|  24-07-2019, 14:10 | #7 |  
	| cf.mega poster 
				 
				Join Date: Jul 2008 Location: Coventry Services: Fusion Fibre 900 
					Posts: 1,789
				      | 
				
				Re: 216.218.206.86  in VPN log
			 
 
			
			
	Quote: 
	
		| 
					Originally Posted by pip08456   |  OK I tried your link,  first of all without, VPN.  My unique "machine name" was revealed.  However, when I tried a VPN location in the Netherlands,  it wasn't revealed.
 
I then proceeded to the all-important test without VPN. Here I got  "THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES!" 
 
That is good news, especially considering I have UPnP enabled on my ASUS.
 
I was running uTorrent at the time, well known for letting outside servers know your local ip address, but that is behind a proxy server.
 
Would I be right in saying that I am pretty secure? I am visible to hacker scanners, because my  WAN IP is easily found, but I am impenetrable with or without VPN. Naturally, I have my router firewall enabled, also DoS protection. Ping response is turned on.
		 
				__________________Join Date: Jul 2008
 Location: Coventry
 Services: FusionFibre/CityFibre (900Mb FTTP;  Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV box; Synology DS920+ used as Plex server (PlexWindblown)
 
				 Last edited by roughbeast; 24-07-2019 at 14:36.
 |  
	|   |   |  
	
		
	
	
	
		|  24-07-2019, 14:31 | #8 |  
	| Sad Doig Fan! 
				 
				Join Date: Aug 2007 Location: Barry South Wales Age: 69 Services: With VM for BB 250Mb service.(Deal) 
					Posts: 11,826
				      | 
				
				Re: 216.218.206.86  in VPN log
			 
 
			
			Sounds like you'll be OK.
		 |  
	|   |   |  
	
		
	
	
	
		|  26-07-2019, 04:01 | #9 |  
	| R.I.P. 
				 
				Join Date: Jun 2012 Location: Swansea, South Wales UK. Age: 74 Services: XL Phone, XXXL Gig1 BB SH4 (wired). 
					Posts: 2,753
				      | 
				
				Re: 216.218.206.86  in VPN log
			 
 
			
			Does that shields up test still stand up to todays security? its years old.
		 |  
	|   |   |  
	
		
	
	
	
		|  26-07-2019, 04:02 | #10 |  
	| Sad Doig Fan! 
				 
				Join Date: Aug 2007 Location: Barry South Wales Age: 69 Services: With VM for BB 250Mb service.(Deal) 
					Posts: 11,826
				      | 
				
				Re: 216.218.206.86  in VPN log
			 
 
			
			
	Quote: 
	
		| 
					Originally Posted by alanbjames  Does that shields up test still stand up to todays security? its years old. |  Yes.
		 |  
	|   |   |  
	
		
	
	
	
	
	| 
	|  Posting Rules |  
	| 
		
		You may not post new threads You may not post replies You may not post attachments You may not edit your posts 
 HTML code is Off 
 |  |  |  All times are GMT +1. The time now is 00:00. |