Menu
What's new
By:
Filters Better Search

Hackage or paranoia?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

howardmoon

howardmoon

Occasional Visitor
Found some suspicious activity in my system log and was trying to figure it out. MAC address 00:30:88:01:b4:5c is a neighbor that was blocked in the wireless MAC filter long ago, but seems to be connecting anyway. Nothing shows in the Traffic Monitor, which I assume is normal? There were lots of bytes sent and received which concerns me. If this is hackage, how can I find out what was perused/pilfered?

Code: 
Dec 31 18:00:33 pppd[692]: RP-PPPoE plugin version 3.11 compiled against pppd 2.4.5
Dec 31 18:00:33 pppd[693]: pppd 2.4.5 started by adm1n, uid 0
Dec 31 18:00:34 pppd[693]: PPP session is 4952 (0x1358)
Dec 31 18:00:34 pppd[693]: Connected to 00:30:88:01:b4:5c via interface eth0
Dec 31 18:00:34 pppd[693]: Using interface ppp0
Dec 31 18:00:34 pppd[693]: Connect: ppp0 <--> eth0
Dec 31 18:00:34 pppd[693]: CHAP authentication succeeded: CHAP authentication success, unit 172
Dec 31 18:00:34 pppd[693]: CHAP authentication succeeded
Dec 31 18:00:34 pppd[693]: peer from calling number 00:30:88:01:B4:5C authorized

Dec 31 18:00:35 pppd[693]: local  IP address (my external subnet).23
Dec 31 18:00:35 pppd[693]: remote IP address (my external subnet).1

(large part of logs missing or dates above wrong)

Nov 20 13:29:15 pppd[693]: System time change detected.

Nov 20 19:15:36 pppd[693]: Connect time 346.6 minutes.
Nov 20 19:15:36 pppd[693]: Sent 57986977 bytes, received 921643464 bytes.
Nov 20 19:15:39 pppd[693]: Modem hangup

Nov 20 19:15:49 pppd[693]: PPP session is 5904 (0x1710)
Nov 20 19:15:49 pppd[693]: Connected to 00:30:88:01:b4:5c via interface eth0
Nov 20 19:15:49 pppd[693]: Using interface ppp0
Nov 20 19:15:49 pppd[693]: Connect: ppp0 <--> eth0
Nov 20 19:15:49 pppd[693]: CHAP authentication succeeded: CHAP authentication success, unit 172
Nov 20 19:15:49 pppd[693]: CHAP authentication succeeded
Nov 20 19:15:49 pppd[693]: peer from calling number 00:30:88:01:B4:5C authorized
Nov 20 19:15:50 miniupnpd[1315]: Failed to get IP for interface ppp0
Nov 20 19:15:50 miniupnpd[1315]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping
Nov 20 19:15:50 miniupnpd[1315]: Failed to get IP for interface ppp0
Nov 20 19:15:50 miniupnpd[1315]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping
Nov 20 19:15:50 miniupnpd[1315]: Failed to get IP for interface ppp0
Nov 20 19:15:50 miniupnpd[1315]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping
Nov 20 19:15:50 pppd[693]: local  IP address (my external subnet).23
Nov 20 19:15:50 pppd[693]: remote IP address (my external subnet).1

Nov 21 01:31:14 pppd[693]: No response to 10 echo-requests
Nov 21 01:31:14 pppd[693]: Serial link appears to be disconnected.
Nov 21 01:31:14 pppd[693]: Connect time 375.4 minutes.
Nov 21 01:31:14 pppd[693]: Sent 27628529 bytes, received 849282991 bytes.

Nov 21 01:31:20 pppd[693]: Connection terminated.
Nov 21 01:31:20 pppd[693]: Sent PADT
Nov 21 01:31:20 pppd[693]: Modem hangup
Nov 21 01:31:35 pppd[693]: PPP session is 168 (0xa8)
Nov 21 01:31:35 pppd[693]: Connected to 00:30:88:01:b4:5c via interface eth0
Nov 21 01:31:35 pppd[693]: Using interface ppp0
Nov 21 01:31:35 pppd[693]: Connect: ppp0 <--> eth0
Nov 21 01:31:36 pppd[693]: CHAP authentication succeeded: CHAP authentication success, unit 172
Nov 21 01:31:36 pppd[693]: CHAP authentication succeeded
Nov 21 01:31:36 pppd[693]: peer from calling number 00:30:88:01:B4:5C authorized
Nov 21 01:31:36 miniupnpd[2589]: Failed to get IP for interface ppp0
Nov 21 01:31:36 miniupnpd[2589]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping
Nov 21 01:31:36 miniupnpd[2589]: Failed to get IP for interface ppp0
Nov 21 01:31:36 miniupnpd[2589]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping
Nov 21 01:31:36 miniupnpd[2589]: Failed to get IP for interface ppp0
Nov 21 01:31:36 miniupnpd[2589]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping
Nov 21 01:31:36 pppd[693]: local  IP address (my external subnet).23
Nov 21 01:31:36 pppd[693]: remote IP address (my external subnet).1
Nov 21 01:31:36 dnsmasq[4353]: read /etc/hosts - 5 addresses
Nov 21 01:31:36 dnsmasq[4353]: read /etc/hosts.dnsmasq - 29 addresses
Nov 21 01:31:36 dnsmasq-dhcp[4353]: read /etc/ethers - 29 addresses
Nov 21 01:31:36 dnsmasq[4353]: using nameserver 8.8.8.8#53
Nov 21 01:31:36 dnsmasq[4353]: using nameserver 8.8.4.4#53
Nov 21 01:31:36 rc_service: ip-up 4368:notify_rc start_firewall
Nov 21 01:31:36 start_nat_rules: apply the nat_rules(/tmp/nat_rules_ppp0_eth0)!
Nov 21 01:31:36 dnsmasq[4353]: exiting on receipt of SIGTERM
Nov 21 01:31:36 rc_service: ip-up 4368:notify_rc stop_upnp
Nov 21 01:31:36 rc_service: waitting "start_firewall" via ip-up ...
Nov 21 01:31:36 dnsmasq[4387]: started, version 2.72test3 cachesize 1500
Nov 21 01:31:36 dnsmasq[4387]: warning: interface ppp1* does not currently exist
Nov 21 01:31:36 dnsmasq[4387]: asynchronous logging enabled, queue limit is 5 messages
Nov 21 01:31:36 dnsmasq-dhcp[4387]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
Nov 21 01:31:36 dnsmasq[4387]: read /etc/hosts - 5 addresses
Nov 21 01:31:36 dnsmasq[4387]: read /etc/hosts.dnsmasq - 29 addresses
Nov 21 01:31:36 dnsmasq-dhcp[4387]: read /etc/ethers - 29 addresses
Nov 21 01:31:36 dnsmasq[4387]: using nameserver 8.8.8.8#53
Nov 21 01:31:36 dnsmasq[4387]: using nameserver 8.8.4.4#53
Nov 21 01:31:37 rc_service: ip-up 4368:notify_rc start_upnp
Nov 21 01:31:37 rc_service: waitting "stop_upnp" via ip-up ...
Nov 21 01:31:37 miniupnpd[2589]: shutting down MiniUPnPd
Nov 21 01:31:38 miniupnpd[4411]: HTTP listening on port 52560
Nov 21 01:31:38 miniupnpd[4411]: Listening for NAT-PMP/PCP traffic on port 5351
Nov 21 01:31:38 WAN Connection: WAN was restored.
 
This is your router connecting with your ISP over PPPoE, and that MAC should be either your modem, or the concentrator at your ISP's. That MAC belongs to an Ericsson device.
 
Haha. It's odd that I found that MAC while scanning my neighbors' wifi last year, thinking it couldn't hurt to block them. I must have been drunk and copied the wrong address. I should just stay out of the logs/router/public eye.
 
Last edited:
But the internet needs you, your apostrophe usage is impeccable.
 
You must log in or register to reply here.

Similar threads

L
ASUS RT-AX58U - devices kicked-off wifi over 60 times a day
2
Replies
21
Views
1K
ColinTaylor
C
W
RT-AX86U with latest version 3004.388.8_2 always crash and reboot
2 3
Replies
41
Views
5K
bennor
B
S
WAN Disconnections ASUS RT-AX86U Pro
Replies
4
Views
2K
Lynx
Lynx
N
RT-AX86U-Pro, WAN disconnect every 36 hours
2
Replies
25
Views
2K
Nick24
N
Y
Frequent disconnects
Replies
3
Views
937
heywire
H

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 694 (members: 26, guests: 668)
Top