Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | 216.218.206.86 in VPN log

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Networking

216.218.206.86 in VPN log
Reply
 
Thread Tools
Old 23-07-2019, 20:21   #1
roughbeast
cf.mega poster
 
roughbeast's Avatar
 
Join Date: Jul 2008
Location: Coventry
Services: Vodafone/City Fibre Gigafast 900
Posts: 1,781
roughbeast has reached the bronze age
roughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze age
216.218.206.86 in VPN log

What's all this then?

Jul 18 03:06:19 13[IKE] 216.218.206.86 is initiating a Main Mode IKE_SAJul 18 14:29:25 06[IKE] 218.75.37.18 is initiating a Main Mode IKE_SAJul 18 14:55:12 10[IKE] 218.75.40.147 is initiating a Main Mode IKE_SAJul 19 03:39:10 09[IKE] 216.218.206.126 is initiating a Main Mode IKE_SAJul 20 03:14:32 02[IKE] 216.218.206.78 is initiating a Main Mode IKE_SAJul 21 04:35:26 02[IKE] 216.218.206.122 is initiating a Main Mode IKE_SAJul 22 02:24:01 06[IKE] 216.218.206.102 is initiating a Main Mode IKE_SAJul 23 03:17:03 10[IKE] 216.218.206.90 is initiating a Main Mode IKE_SA

I spotted this in my IPSec VPN log. What are the IP addresses 218: ** 216: ** ? Is this something malevolent. My general router log doesn't show a successful attempt to connect to my VPN, but is this an attempt?
__________________
Join Date: Jul 2008
Location: Coventry
Services: FACTCO/CityFibre 1GB FTTP; Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV boxes x2; Synology DS920+ used as Plex server
roughbeast is offline   Reply With Quote
Advertisement
Old 23-07-2019, 21:33   #2
Hom3r
Mum 15/08/46 - 30/09/20
 
Hom3r's Avatar
 
Join Date: Mar 2004
Location: Galactic Sector ZZ9 Plural Z Alpha, www.daves-world.co.uk. A secret Moonbase (shh don't tell anybody)
Age: 55
Services: 1 V6, 2x1TB TiVo, SH3. Samsung Galaxy Note 10+ 5G, Ton's of Smart Home stuff, & Cuddy Toy
Posts: 16,864
Hom3r has a pair of shiny starsHom3r has a pair of shiny starsHom3r has a pair of shiny starsHom3r has a pair of shiny stars
Hom3r has a pair of shiny stars
Re: 216.218.206.86 in VPN log

What IP is the VPN using?
__________________
STAY AT HOME: I found out that mum will never walk again as the coronavirus attacked her nervous system. She died on September 30th, wearing a mask and she still might be alive today.
Hom3r is offline   Reply With Quote
Old 24-07-2019, 00:30   #3
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: 216.218.206.86 in VPN log

A Whois lookup of the first IP reveals this.

https://www.abuseipdb.com/check/216.218.206.86
pip08456 is offline   Reply With Quote
Old 24-07-2019, 09:43   #4
roughbeast
cf.mega poster
 
roughbeast's Avatar
 
Join Date: Jul 2008
Location: Coventry
Services: Vodafone/City Fibre Gigafast 900
Posts: 1,781
roughbeast has reached the bronze age
roughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze age
Re: 216.218.206.86 in VPN log

Quote:
Originally Posted by Hom3r View Post
What IP is the VPN using?
My VPN is using my WAN IP but I also have DDNS configured.

---------- Post added at 08:43 ---------- Previous post was at 08:32 ----------

Quote:
Originally Posted by pip08456 View Post
A Whois lookup of the first IP reveals this.

https://www.abuseipdb.com/check/216.218.206.86
Thanks for the info.

So we are talking about an illegal hack attempt? I assume malevolence, but is it dangerous? If so, what can the attack achieve for the hackers? Given that this is a common and potentially widespread issue the attack is probably automated.

My security keys are strong, but I guess I ought to change them more often.

It's popped up again this morning, but this time with a variation in source IP.

Jul 24 01:41:02 05[IKE] 216.218.206.98 is initiating a Main Mode IKE_SA
__________________
Join Date: Jul 2008
Location: Coventry
Services: FACTCO/CityFibre 1GB FTTP; Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV boxes x2; Synology DS920+ used as Plex server

Last edited by roughbeast; 24-07-2019 at 09:51.
roughbeast is offline   Reply With Quote
Old 24-07-2019, 11:22   #5
tweetiepooh
Virgin Media Employee
 
tweetiepooh's Avatar
 
Join Date: Sep 2005
Location: Winchester
Services: Staff MyRates BB: VM XXL TV: VM XL Phone : VM XL
Posts: 3,107
tweetiepooh has a bronzed appealtweetiepooh has a bronzed appeal
tweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appealtweetiepooh has a bronzed appeal
Re: 216.218.206.86 in VPN log

That last address is the same owner as the previous.

Could this simply be that someone/thing has spotted the service on your IP and is now probing and trying to force a connection?
__________________
I work for VMO2 but reply here in my own right. Any help or advice is made on a best-effort basis. No comments construe any obligation on VMO2 or its employees.
tweetiepooh is offline   Reply With Quote
Old 24-07-2019, 14:24   #6
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: 216.218.206.86 in VPN log

Quote:
Originally Posted by tweetiepooh View Post
That last address is the same owner as the previous.

Could this simply be that someone/thing has spotted the service on your IP and is now probing and trying to force a connection?
I tend to agree. Automated port sniffers are widespread.

Quote:
There is no question whether hackers are, in fact, currently sweeping the Internet for the presence of exposed and vulnerable consumer Internet routers in order to gain access to the private networks residing behind them. Just such hacking packets are now being detected across the Internet. Scanning is underway and the threat is real.
I suggest you give Shield's Up test a go.

https://www.grc.com/x/ne.dll?bh0bkyd2
pip08456 is offline   Reply With Quote
Old 24-07-2019, 15:10   #7
roughbeast
cf.mega poster
 
roughbeast's Avatar
 
Join Date: Jul 2008
Location: Coventry
Services: Vodafone/City Fibre Gigafast 900
Posts: 1,781
roughbeast has reached the bronze age
roughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze ageroughbeast has reached the bronze age
Re: 216.218.206.86 in VPN log

Quote:
Originally Posted by pip08456 View Post
I tend to agree. Automated port sniffers are widespread.



I suggest you give Shield's Up test a go.

https://www.grc.com/x/ne.dll?bh0bkyd2
OK I tried your link, first of all without, VPN. My unique "machine name" was revealed. However, when I tried a VPN location in the Netherlands, it wasn't revealed.

I then proceeded to the all-important test without VPN. Here I got "THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES!"

That is good news, especially considering I have UPnP enabled on my ASUS.

I was running uTorrent at the time, well known for letting outside servers know your local ip address, but that is behind a proxy server.

Would I be right in saying that I am pretty secure? I am visible to hacker scanners, because my WAN IP is easily found, but I am impenetrable with or without VPN. Naturally, I have my router firewall enabled, also DoS protection. Ping response is turned on.
__________________
Join Date: Jul 2008
Location: Coventry
Services: FACTCO/CityFibre 1GB FTTP; Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV boxes x2; Synology DS920+ used as Plex server

Last edited by roughbeast; 24-07-2019 at 15:36.
roughbeast is offline   Reply With Quote
Old 24-07-2019, 15:31   #8
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: 216.218.206.86 in VPN log

Sounds like you'll be OK.
pip08456 is offline   Reply With Quote
Old 26-07-2019, 05:01   #9
alanbjames
R.I.P.
 
Join Date: Jun 2012
Location: Swansea, South Wales UK.
Age: 72
Services: XL Phone, XXXL Gig1 BB SH4 (wired).
Posts: 2,753
alanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these partsalanbjames is just so famous around these parts
Re: 216.218.206.86 in VPN log

Does that shields up test still stand up to todays security? its years old.
alanbjames is offline   Reply With Quote
Old 26-07-2019, 05:02   #10
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: 216.218.206.86 in VPN log

Quote:
Originally Posted by alanbjames View Post
Does that shields up test still stand up to todays security? its years old.
Yes.
pip08456 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 23:14.


Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.