216.218.206.86 in VPN log
23-07-2019, 19:21
|
#1
|
cf.mega poster
Join Date: Jul 2008
Location: Coventry
Services: Vodafone/City Fibre Gigafast 900
Posts: 1,781
|
216.218.206.86 in VPN log
What's all this then?
Jul 18 03:06:19 13[IKE] 216.218.206.86 is initiating a Main Mode IKE_SAJul 18 14:29:25 06[IKE] 218.75.37.18 is initiating a Main Mode IKE_SAJul 18 14:55:12 10[IKE] 218.75.40.147 is initiating a Main Mode IKE_SAJul 19 03:39:10 09[IKE] 216.218.206.126 is initiating a Main Mode IKE_SAJul 20 03:14:32 02[IKE] 216.218.206.78 is initiating a Main Mode IKE_SAJul 21 04:35:26 02[IKE] 216.218.206.122 is initiating a Main Mode IKE_SAJul 22 02:24:01 06[IKE] 216.218.206.102 is initiating a Main Mode IKE_SAJul 23 03:17:03 10[IKE] 216.218.206.90 is initiating a Main Mode IKE_SA
I spotted this in my IPSec VPN log. What are the IP addresses 218: ** 216: ** ? Is this something malevolent. My general router log doesn't show a successful attempt to connect to my VPN, but is this an attempt?
__________________
Join Date: Jul 2008
Location: Coventry
Services: FACTCO/CityFibre 1GB FTTP; Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV boxes x2; Synology DS920+ used as Plex server
|
|
|
23-07-2019, 20:33
|
#2
|
Mum 15/08/46 - 30/09/20
Join Date: Mar 2004
Location: Galactic Sector ZZ9 Plural Z Alpha, www.daves-world.co.uk. A secret Moonbase (shh don't tell anybody)
Age: 55
Services: 1 V6, 2x1TB TiVo, SH3. Samsung Galaxy Note 10+ 5G, Ton's of Smart Home stuff, & Cuddy Toy
Posts: 16,889
|
Re: 216.218.206.86 in VPN log
What IP is the VPN using?
__________________
STAY AT HOME: I found out that mum will never walk again as the coronavirus attacked her nervous system. She died on September 30th, wearing a mask and she still might be alive today.
|
|
|
23-07-2019, 23:30
|
#3
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 68
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,666
|
Re: 216.218.206.86 in VPN log
|
|
|
24-07-2019, 08:43
|
#4
|
cf.mega poster
Join Date: Jul 2008
Location: Coventry
Services: Vodafone/City Fibre Gigafast 900
Posts: 1,781
|
Re: 216.218.206.86 in VPN log
Quote:
Originally Posted by Hom3r
What IP is the VPN using?
|
My VPN is using my WAN IP but I also have DDNS configured.
---------- Post added at 08:43 ---------- Previous post was at 08:32 ----------
Quote:
Originally Posted by pip08456
|
Thanks for the info.
So we are talking about an illegal hack attempt? I assume malevolence, but is it dangerous? If so, what can the attack achieve for the hackers? Given that this is a common and potentially widespread issue the attack is probably automated.
My security keys are strong, but I guess I ought to change them more often.
It's popped up again this morning, but this time with a variation in source IP.
Jul 24 01:41:02 05[IKE] 216.218.206. 98 is initiating a Main Mode IKE_SA
__________________
Join Date: Jul 2008
Location: Coventry
Services: FACTCO/CityFibre 1GB FTTP; Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV boxes x2; Synology DS920+ used as Plex server
Last edited by roughbeast; 24-07-2019 at 08:51.
|
|
|
24-07-2019, 10:22
|
#5
|
Virgin Media Employee
Join Date: Sep 2005
Location: Winchester
Services: Staff MyRates
BB: VM XXL
TV: VM XL
Phone : VM XL
Posts: 3,122
|
Re: 216.218.206.86 in VPN log
That last address is the same owner as the previous.
Could this simply be that someone/thing has spotted the service on your IP and is now probing and trying to force a connection?
__________________
I work for VMO2 but reply here in my own right. Any help or advice is made on a best-effort basis. No comments construe any obligation on VMO2 or its employees.
|
|
|
24-07-2019, 13:24
|
#6
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 68
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,666
|
Re: 216.218.206.86 in VPN log
Quote:
Originally Posted by tweetiepooh
That last address is the same owner as the previous.
Could this simply be that someone/thing has spotted the service on your IP and is now probing and trying to force a connection?
|
I tend to agree. Automated port sniffers are widespread.
Quote:
There is no question whether hackers are, in fact, currently sweeping the Internet for the presence of exposed and vulnerable consumer Internet routers in order to gain access to the private networks residing behind them. Just such hacking packets are now being detected across the Internet. Scanning is underway and the threat is real.
|
I suggest you give Shield's Up test a go.
https://www.grc.com/x/ne.dll?bh0bkyd2
|
|
|
24-07-2019, 14:10
|
#7
|
cf.mega poster
Join Date: Jul 2008
Location: Coventry
Services: Vodafone/City Fibre Gigafast 900
Posts: 1,781
|
Re: 216.218.206.86 in VPN log
Quote:
Originally Posted by pip08456
|
OK I tried your link, first of all without, VPN. My unique "machine name" was revealed. However, when I tried a VPN location in the Netherlands, it wasn't revealed.
I then proceeded to the all-important test without VPN. Here I got "THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES!"
That is good news, especially considering I have UPnP enabled on my ASUS.
I was running uTorrent at the time, well known for letting outside servers know your local ip address, but that is behind a proxy server.
Would I be right in saying that I am pretty secure? I am visible to hacker scanners, because my WAN IP is easily found, but I am impenetrable with or without VPN. Naturally, I have my router firewall enabled, also DoS protection. Ping response is turned on.
__________________
Join Date: Jul 2008
Location: Coventry
Services: FACTCO/CityFibre 1GB FTTP; Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV boxes x2; Synology DS920+ used as Plex server
Last edited by roughbeast; 24-07-2019 at 14:36.
|
|
|
24-07-2019, 14:31
|
#8
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 68
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,666
|
Re: 216.218.206.86 in VPN log
Sounds like you'll be OK.
|
|
|
26-07-2019, 04:01
|
#9
|
R.I.P.
Join Date: Jun 2012
Location: Swansea, South Wales UK.
Age: 72
Services: XL Phone, XXXL Gig1 BB SH4 (wired).
Posts: 2,753
|
Re: 216.218.206.86 in VPN log
Does that shields up test still stand up to todays security? its years old.
|
|
|
26-07-2019, 04:02
|
#10
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 68
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,666
|
Re: 216.218.206.86 in VPN log
Quote:
Originally Posted by alanbjames
Does that shields up test still stand up to todays security? its years old.
|
Yes.
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 15:26.
|