Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about router logs in regard to port 7547?


  • Please log in to reply
5 replies to this topic

#1 HairyApricot

HairyApricot

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 01 December 2016 - 02:43 PM

So as I am sure many of you are aware, this week this happened :http://arstechnica.com/security/2016/11/notorious-iot-botnets-weaponize-new-flaw-found-in-millions-of-home-routers/. In light of this, I wanted to check my own router, a BT Smart Hub. Now I port scanned, and it said it was open, but since that is from within the network, it doesn't really tell us much. So I check my router logs on TR69, the protocol that the port in question handles, and I seen this:

 

19:28:13, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:28:13, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:25:11, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:25:11, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:24:37, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:24:37, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:23:45, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:23:45, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:21:27, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:21:27, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:21:26, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:21:26, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:21:25, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:21:25, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:15:34, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:15:34, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:15:33, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:15:33, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:15:32, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:15:32, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:05:28, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:05:28, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:05:28, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:05:28, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:05:28, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:05:28, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:04:45, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:04:45, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:04:44, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:04:44, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

19:04:43, 01 Dec.

ppp1:TR69 ConnectionRequest Failed

19:04:43, 01 Dec.

ppp1:TR69 ConnectionRequest: processing request from ACS

 

Now I am not expert in these matters, so I was hoping for some advice or insight, as my ISP offered none. There is not remote access option on my router, my passwords were changed from their defaults and UPnP and WPS are turned off. Any advice is appreciated, thank you :)



BC AdBot (Login to Remove)

 


#2 Kilroy

Kilroy

  • BC Advisor
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:06:40 AM

Posted 05 December 2016 - 02:08 PM

There was a comment on the Ars Technica article pointing to http://www.insecam.org/en/ and http://iotscanner.bullguard.com/ to see if you are vulnerable, though I would guess from the Failed Connection Requests that you probably aren't.



#3 CrushImages

CrushImages

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 06 December 2016 - 12:38 PM

Hello, you have a hub? How old is it?


Edited by CrushImages, 06 December 2016 - 12:39 PM.


#4 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 07 December 2016 - 02:36 PM

Its a few months old.



#5 CrushImages

CrushImages

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 07 December 2016 - 04:26 PM

Oh ok, I had mistaken your router for a hub.

 

I have a question, does your router reboot every 14 days by chance?



#6 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 08 December 2016 - 02:43 PM

I don't know if its 14 says but it does reboot every now and again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users