Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows 8 bigpond Elite wireless routor being attack by busybox


  • Please log in to reply
4 replies to this topic

#1 Sauly25

Sauly25

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 28 February 2013 - 06:38 PM

Running windows 8 on a desktop computer, using a bigpond Elite wireless router using the next g network or adsl   network, the speed appears to be slow so i looked up the routers ip address and then had a look at the system log and it shows up alert and warning busybox version one changing kernel. so i think someone is hacking in but will put up the log later today and see for your selves not sure if the mac address needs to be changed or not so any help much appreciated



BC AdBot (Login to Remove)

 


#2 Sauly25

Sauly25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 28 February 2013 - 07:47 PM

Here is the log

 


System Log

Date/Time     Facility     Severity     Message
Jan 1 00:00:05     user     warn     kernel: Broadcom Packet CMF (Experimental) [6369-B2] v0.1 Feb 26 2009 13:53:45 Loaded
Jan 1 00:00:05     user     warn     kernel: bcmxtmcfg: bcmxtmcfg_init entry
Jan 1 00:00:05     user     warn     kernel: adsl: adsl_init entry
Jan 1 00:00:05     user     warn     kernel: *** dslThread dslPid=143
Jan 1 00:00:05     user     warn     kernel: KLOB extended to 2 pools
Jan 1 00:00:05     user     warn     kernel: Broadcom BCM6369B2 Ethernet Network Device v0.1 Oct 25 2012 14:32:02
Jan 1 00:00:05     user     warn     kernel: KLOB extended to 3 pools
Jan 1 00:00:05     user     warn     kernel: dgasp: kerSysRegisterDyingGaspHandler: bcmsw registered
Jan 1 00:00:05     user     warn     kernel: Broadcom Packet CMF (Experimental) SWC RESET.
Jan 1 00:00:05     user     warn     kernel: Broadcom Packet CMF (Experimental) SWC INITIALIZED.
Jan 1 00:00:05     user     warn     kernel: KLOB extended to 4 pools
Jan 1 00:00:05     user     warn     kernel: KLOB extended to 5 pools
Jan 1 00:00:05     user     warn     kernel: KLOB extended to 6 pools
Jan 1 00:00:05     user     warn     kernel: KLOB extended to 7 pools
Jan 1 00:00:05     user     warn     kernel: KLOB extended to 8 pools
Jan 1 00:00:05     user     warn     kernel: Broadcom Packet CMF (Experimental) Forwarder Net Device 0 v0.1 Feb 26 2009 13:53:46 Registered
Jan 1 00:00:05     user     warn     kernel: Broadcom Packet CMF (Experimental) Forwarder Net Device 1 v0.1 Feb 26 2009 13:53:46 Registered
Jan 1 00:00:05     user     warn     kernel: Broadcom Packet CMF (Experimental) ENABLED.
Jan 1 00:00:05     user     warn     kernel: eth0: MAC Address: 00:60:64:4B:43:BE
Jan 1 00:00:05     user     warn     kernel: eth1: MAC Address: 00:60:64:4B:43:BE
Jan 1 00:00:05     user     warn     kernel: eth2: MAC Address: 00:60:64:4B:43:BE
Jan 1 00:00:05     user     warn     kernel: eth3: MAC Address: 00:60:64:4B:43:BE
Jan 1 00:00:05     user     crit     kernel: eth0 Link UP 100 mbps full duplex
Jan 1 00:00:05     user     warn     kernel: PCI: Enabling device 0000:00:01.0 (0000 -> 0002)
Jan 1 00:00:05     user     warn     kernel: wl0: Broadcom BCM4351 802.11 Wireless Controller 5.10.120.0.cpe4.402.9
Jan 1 00:00:05     user     warn     kernel: dgasp: kerSysRegisterDyingGaspHandler: wl0 registered
Jan 1 00:00:05     user     warn     kernel: p8021ag: p8021ag_init entry
Jan 1 00:00:05     user     warn     kernel: usb 1-2: config 1 has an invalid interface number: 7 but max is 4
Jan 1 00:00:05     user     warn     kernel: usb 1-2: config 1 has no interface number 2
Jan 1 00:00:07     user     warn     kernel: BcmAdsl_Initialize=0xC00996FC, g_pFnNotifyCallback=0xC00BFD04
Jan 1 00:00:07     user     warn     kernel: Clocks for QPROC and AFE are being aligned with step through ...
Jan 1 00:00:07     user     warn     kernel: AFE is aligned, i = 048, PhaseValue = -082, PhaseCntl = 0x7FD10000
Jan 1 00:00:07     user     warn     kernel: QPROC is aligned, i = 033, PhaseValue = 0138, PhaseCntl = 0x7FD10020
Jan 1 00:00:07     user     warn     kernel: Clocks for QPROC and AFE are aligned with syn_status AFE = 0x78, QPROC = 0x70
Jan 1 00:00:07     user     warn     kernel: AFE phase control reg @0xb0f570f8 default actual = 0x0021C38F, exp = 0x0021c38f
Jan 1 00:00:07     user     warn     kernel: QPRC phase control reg @0xb0f5f0c0 default actual = 0x0421C38F, exp = 0x0421c38f
Jan 1 00:00:07     user     warn     kernel: pSdramPHY=0xA1FFFFF8, 0xAE51AA55 0xAA55AB55
Jan 1 00:00:07     user     warn     kernel: *** PhySdramSize got adjusted: 0xC8CFC => 0xE8A50 ***
Jan 1 00:00:07     user     warn     kernel: AdslCoreSharedMemInit: shareMemAvailable=95632
Jan 1 00:00:07     user     warn     kernel: AdslCoreHwReset: AdslOemDataAddr = 0xA1FA4460
Jan 1 00:00:07     user     warn     kernel: dgasp: kerSysRegisterDyingGaspHandler: dsl0 registered
Jan 1 00:00:08     user     warn     kernel: bcmxtmrt: MAC address: 00 60 64 4b 43 bf
Jan 1 00:00:08     user     warn     kernel: Register interface usb0 !!
Jan 1 00:01:04     user     warn     kernel: ip_tables: © 2000-2006 Netfilter Core Team
Jan 1 00:01:04     user     warn     kernel: Netfilter messages via NETLINK v0.30.
Jan 1 00:01:04     user     warn     kernel: nf_conntrack version 0.5.0 (248 buckets, 1984 max)
Mar 1 07:38:53     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:28:01:00 SRC=114.80.119.132 DST=58.166.112.242 LEN=40 TOS=0x00 PREC=0x00 TTL=98 ID=256 PROTO=TCP SPT=6000 DPT=3389 WINDOW=1638
Mar 1 07:48:26     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:28:01:00 SRC=180.186.27.68 DST=58.166.112.242 LEN=40 TOS=0x00 PREC=0x00 TTL=95 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384
Mar 1 07:51:27     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:28:01:00 SRC=58.218.199.250 DST=58.166.112.242 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 DF PROTO=TCP SPT=12200 DPT=7212 WINDOW
Mar 1 08:03:33     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:3c:9e:8a SRC=192.95.29.38 DST=58.166.112.242 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=40586 DF PROTO=TCP SPT=46171 DPT=8080 WINDOW=
Mar 1 08:22:29     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:3c:c7:89 SRC=58.42.105.87 DST=58.166.112.242 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=51081 DF PROTO=TCP SPT=4336 DPT=23 WINDOW=580
Mar 1 08:53:00     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:2c:01:00 SRC=221.176.113.106 DST=58.166.112.242 LEN=44 TOS=0x00 PREC=0x00 TTL=98 ID=256 PROTO=TCP SPT=41024 DPT=3306 WINDOW=16
Mar 1 09:29:10     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:28:01:00 SRC=203.156.198.123 DST=58.166.112.242 LEN=40 TOS=0x00 PREC=0x00 TTL=100 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16
Mar 1 09:55:11     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:28:01:00 SRC=210.110.6.250 DST=58.166.112.242 LEN=40 TOS=0x00 PREC=0x00 TTL=98 ID=256 PROTO=TCP SPT=6000 DPT=3306 WINDOW=16384
Mar 1 10:09:55     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:40:e5:d2 SRC=47.54.168.1 DST=58.166.112.242 LEN=64 TOS=0x00 PREC=0x00 TTL=37 ID=58834 DF PROTO=TCP SPT=63250 DPT=38110 WINDOW=
Mar 1 10:09:57     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:40:3e:e9 SRC=47.54.168.1 DST=58.166.112.242 LEN=64 TOS=0x00 PREC=0x00 TTL=37 ID=16105 DF PROTO=TCP SPT=63250 DPT=38110 WINDOW=
Mar 1 10:23:03     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:30:7b:0f SRC=207.192.213.50 DST=58.166.112.242 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=31503 PROTO=TCP SPT=40274 DPT=5900 WINDOW=
Mar 1 10:45:12     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:34:32:3e SRC=72.95.53.143 DST=58.166.112.242 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=12862 DF PROTO=TCP SPT=60724 DPT=27505 WINDO
Mar 1 11:00:07     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:30:4f:4b SRC=121.101.214.69 DST=58.166.112.242 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=20299 PROTO=TCP SPT=4961 DPT=22 WINDOW=655
Mar 1 11:30:32     user     alert     kernel: Intrusion -> IN=usb0 OUT= MAC=c2:12:41:b8:01:07:00:00:00:00:00:00:08:00:45:00:00:28:01:00 SRC=119.97.195.202 DST=58.166.112.242 LEN=40 TOS=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=163
 



#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:13 PM

Posted 06 March 2013 - 02:29 PM

Are you using Microsoft SQL, a FTP Server, or MySQL server on that machine? Personally it looks like your network is getting portscanned.

#4 Sauly25

Sauly25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 19 November 2013 - 04:09 AM

Grinler thanks for the post as i am always trying to learn more about computers can you please tell me how i can check what server it is as i think your on the right track but i don't know how to go about this.



#5 Sauly25

Sauly25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 23 November 2013 - 05:58 AM

how do i find out what server i am using I know that it is a 4g/3g telstra bigpond internet.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users