cancel
Showing results for 
would you rather see results for 
Did you mean: 
Need help?

HG633 router constantly getting hacked

Reply
9 REPLIES 9
cyberpunk
Chatterbox

i removed my ip address (DST=), i have removed ( LEN=40 TOS=0x00 PREC=0x00 WINDOW=1 PROTO=TCP) just so its easier to read, and i removed my chromecast and wifi devices MAC addresses from the below log files. I have not added any software to any device on the network. Nothing on my network has changed. I have looked up the intrusions and they seem to be consistent with other TalkTalk user's. The service is bad, its getting to be a job tracking all the problems with your service and/or devices like this router. i getting scanned all the time and the service drops out a lot, and trying to watch chromecast is becoming painful it constantly resorts to the lowest definition when watching youtube videos (240p). I have turned off WPS and SAMBA.

 

Manufacturer:Huawei Technologies Co., Ltd.
Product Style:HG633
Serial Number:C4REQ16420004254
Hardware Version:H.1.01
Software Version:v2.00t
2019-06-10 00:09:30 User Level Notice User admin(192.168.1.3) modify WPS.Enable; WPS.Enable; .
2019-06-10 00:06:10 Security Warning Intrusion -> src=185.176.27.90 TTL=244 ID=37437 SPT=40391 DPT=30501
2019-06-09 23:56:12 Security Warning Intrusion -> src=81.22.45.190 TTL=249 ID=44415 SPT=53604 DPT=26799
2019-06-09 23:46:13 Security Warning Intrusion -> src=185.176.26.9 TTL=244 ID=19422 SPT=43559 DPT=12136
2019-06-09 23:39:32 User Level Notice User admin login from 192.168.1.3 successfully.
2019-06-09 23:39:09 WIFI Notice Static is connected.
2019-06-09 23:39:03 WIFI Notice Static is disconnected.
2019-06-09 23:36:15 Security Warning Intrusion -> src=172.104.242.173 TTL=247 ID=16594 SPT=57153 DPT=111
2019-06-09 23:30:59 WIFI Notice Static is connected.
2019-06-09 23:30:48 WIFI Notice Static is disconnected.
2019-06-09 23:28:27 Security Warning ACCEPT UDP SAMBA Request
2019-06-09 23:28:24 WIFI Notice Static is connected.
2019-06-09 23:27:00 Security Warning Intrusion -> src=81.22.45.219 TTL=248 ID=64684 SPT=52917 DPT=7075
2019-06-09 23:23:56 WIFI Notice androidis disconnected.
2019-06-09 23:16:06 Security Warning Intrusion -> src=81.22.45.51 TTL=249 ID=6963 SPT=50883 DPT=7175
2019-06-09 23:06:18 Security Warning Intrusion -> src=198.108.67.77 TTL=35 ID=59393 SPT=23318 DPT=4523
2019-06-09 22:58:34 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 22:58:21 WIFI Notice androidis connected.
2019-06-09 22:58:09 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 22:56:21 Security Warning Intrusion -> src=81.22.45.190 TTL=249 ID=29810 SPT=53604 DPT=25086
2019-06-09 22:47:24 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 22:47:12 WIFI Notice androidis connected.
2019-06-09 22:46:59 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 22:46:20 Security Warning Intrusion -> src=37.44.215.107 LEN=44 TTL=43 ID=44026 SPT=41772 DPT=27017
2019-06-09 22:36:37 Security Warning Intrusion -> src=81.22.45.190 TTL=249 ID=53897 SPT=53604 DPT=26484
2019-06-09 22:26:21 Security Warning Intrusion -> src=81.22.45.107 TTL=248 ID=17773 SPT=53505 DPT=19946
2019-06-09 22:16:08 Security Warning Intrusion -> src=81.22.45.116 TTL=248 ID=55002 SPT=53554 DPT=21525
2019-06-09 22:06:12 Security Warning Intrusion -> src=81.22.45.190 TTL=248 ID=12083 SPT=53604 DPT=25189
2019-06-09 22:01:19 Security Debug DROP HTTP Request
2019-06-09 21:57:11 WIFI Notice androidis connected.
2019-06-09 21:56:56 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 21:56:54 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 21:56:20 Security Warning Intrusion -> src=5.188.86.114 TTL=249 ID=25652 SPT=49717 DPT=4100
2019-06-09 21:56:11 WIFI Notice androidis connected.
2019-06-09 21:55:59 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 21:55:56 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 21:49:37 WIFI Notice androidis connected.
2019-06-09 21:49:23 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 21:49:19 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 21:48:59 Security Warning Detect IP Spoofing Attack, packet from 192.168.1.1.

2019-06-09 21:46:31 Security Warning Intrusion -> src=81.22.45.254 TTL=249 ID=54047 SPT=53108 DPT=8935
2019-06-09 21:36:59 Security Warning Intrusion -> src=81.22.45.190 TTL=248 ID=38401 SPT=53604 DPT=24322
2019-06-09 21:28:35 Security Warning Intrusion -> src=120.52.152.17 LEN=44 TTL=239 ID=44194 SPT=58914 DPT=69
2019-06-09 21:28:16 Security Warning Intrusion -> src=81.22.45.76 TTL=249 ID=57598 SPT=48872 DPT=12780

2019-06-09 21:27:31 Security Warning DROP TCP SAMBA Request
2019-06-09 21:27:29 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 21:27:24 WIFI Notice androidis connected.
2019-06-09 21:27:07 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 21:27:05 Security Warning Intrusion -> src=81.22.45.116 TTL=248 ID=22020 SPT=53554 DPT=23613
2019-06-09 21:26:43 Security Warning Intrusion -> src=198.108.67.87 TTL=35 ID=45416 SPT=44127 DPT=6881
2019-06-09 21:26:05 Security Warning Intrusion -> src=3.94.145.191 TTL=231 ID=49703 SPT=53387 DPT=3391
2019-06-09 21:25:33 User Level Notice CWMP:Cwmp post inform success.
2019-06-09 21:25:33 User Level Notice CWMP or STUN parameter be changed.
2019-06-09 21:25:33 User Level Notice User ACS(62.24.243.161) modify ManagementServer.PeriodicInformEnable; ManagementServer.PeriodicInformTime; ManagementServer.PeriodicInformInterval; .
2019-06-09 21:25:33 User Level Notice User ACS(62.24.243.161) modify ManagementServer.ConnectionRequestPassword; ManagementServer.ConnectionRequestUsername; .
2019-06-09 21:25:32 User Level Notice CWMP inform message: parameter change.
2019-06-09 21:25:32 User Level Notice CWMP inform message: event: 4 VALUE CHANGE.
2019-06-09 21:25:27 System Notice WAN connection INTERNET_TR069_R_VID_101:IPv4 connected.
2019-06-09 21:25:26 Security Debug ACCEPT HTTP Request
2019-06-09 21:25:23 System Notice DSL connection is active.
2019-06-09 21:24:53 System Notice WAN connection INTERNET_TR069_R_VID_101:IPv4 disconnected.(ERROR_NO_CARRIER)
2019-06-09 21:24:53 System Notice DSL connection is inactive.
2019-06-09 21:15:57 Security Warning Intrusion -> src=81.22.45.116 TTL=248 ID=64427 SPT=53554 DPT=23770
2019-06-09 21:05:32 Security Warning Intrusion -> src=81.22.45.49 TTL=249 ID=43528 SPT=43477 DPT=31813 0
2019-06-09 20:56:23 Security Warning Intrusion -> src=81.22.45.251 TTL=248 ID=3195 SPT=55791 DPT=5926 02
2019-06-09 20:46:07 Security Warning Intrusion -> src=178.128.49.98 LEN=48 TTL=117 ID=26267 SPT=8014 DPT=22 6553
2019-06-09 20:45:32 WIFI Notice androidis connected.
2019-06-09 20:45:26 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 20:45:19 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 20:36:02 Security Warning Intrusion -> src=91.203.209.182 TTL=53 ID=29670 SPT=7843 DPT=23 6511
2019-06-09 20:25:43 Security Warning Intrusion -> src=81.22.45.52 TTL=248 ID=45556 SPT=43858 DPT=37273 0
2019-06-09 20:15:33 Security Warning Intrusion -> src=46.101.160.122 TTL=240 ID=54321 SPT=60626 DPT=179 6
2019-06-09 20:06:40 Security Warning Intrusion -> src=81.22.45.37 TTL=249 ID=49579 SPT=42777 DPT=30000 0
2019-06-09 19:56:16 Security Warning Intrusion -> src=81.22.45.116 TTL=248 ID=55392 SPT=53554 DPT=22879
2019-06-09 19:55:49 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 19:55:39 WIFI Notice androidis connected.
2019-06-09 19:55:25 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 19:50:26 WIFI Notice androidis connected.
2019-06-09 19:50:13 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 19:50:10 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 19:45:31 Security Warning Intrusion -> src=193.29.13.20 TTL=246 ID=58743 SPT=48203 DPT=3391 0
2019-06-09 19:35:41 Security Warning Intrusion -> src=81.22.45.190 TTL=248 ID=41992 SPT=53604 DPT=25876
2019-06-09 19:25:59 Security Warning DROP TCP SAMBA Request
2019-06-09 19:25:28 Security Warning Intrusion -> src=74.82.47.42 TTL=245 ID=54321 SPT=50718 DPT=8080 655
2019-06-09 19:25:26 Security Warning DROP FTP Request
2019-06-09 19:17:45 Security Warning Intrusion -> src=185.176.27.62 TTL=244 ID=40747 SPT=40030 DPT=6583
2019-06-09 19:17:05 WIFI Notice androidis connected.
2019-06-09 19:17:04 Security Warning Intrusion -> src=81.22.45.38 TTL=248 ID=36576 SPT=42818 DPT=18581 0
2019-06-09 19:16:59 WIFI Notice Chromecast-Wireless is connected.
2019-06-09 19:16:52 WIFI Notice Chromecast-Wireless is disconnected.
2019-06-09 19:16:50 Security Debug DROP HTTP Request
2019-06-09 19:16:05 Security Warning Intrusion -> src=141.98.81.77 TTL=247 ID=39521 SPT=42378 DPT=9073 0
2019-06-09 19:15:52 Security Warning Intrusion -> src=81.22.45.116 TTL=249 ID=26988 SPT=53554 DPT=22910
2019-06-09 19:15:29 User Level Notice CWMP:Cwmp post inform success.
2019-06-09 19:15:29 User Level Notice CWMP or STUN parameter be changed.
2019-06-09 19:15:29 User Level Notice User ACS(62.24.243.161) modify ManagementServer.PeriodicInformEnable; ManagementServer.PeriodicInformTime; ManagementServer.PeriodicInformInterval; .
2019-06-09 19:15:29 User Level Notice User ACS(62.24.243.161) modify ManagementServer.ConnectionRequestPassword; ManagementServer.ConnectionRequestUsername; .
2019-06-09 19:15:29 Security Warning Intrusion -> src=125.64.94.212 TTL=242 ID=54321 SPT=45635 DPT=27016
2019-06-09 19:15:28 User Level Notice CWMP inform message: parameter change.
2019-06-09 19:15:28 User Level Notice CWMP inform message: event: 4 VALUE CHANGE.

 

KeithFrench
Community Star

You cannot stop any form of attempted intrusion attack on your router, that hasn't been previously blocked typically by the ISP. These attack attempts are far too far apart from each other as far as IP networking goes, to have any effect on your router.

Once this attempted attack comes into the router, it is blocked by the router's firewall. This firewall then sends a message to the router itself, telling it that this was blocked. The router then adds this for you to see in the log.

That does not mean that you do not need the extra level of defence such as antivirus software and personal a firewall on your device.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they? 

KeithFrench
Community Star

When it drops out, what do is the status of the lights on the front of the router? Do you use wired, wireless or both connection types from your devices to the router? If both, is wired better than wireless?

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they? 

cyberpunk
Chatterbox
Thanks for your response, wireless connections to router, (just phone, a laptop and chromecast). Never had drop out issues when using ADSL2 and a TP-LINK Archer D50 router. 99% of my internet activity is Youtube. i very rarely go to websites. The lights i'm not sure about as the router is far away from me but the status of the router states that it has not lost broadband connectivity.
KeithFrench
Community Star

This is probably a wireless channel problem or degradation in the quality of the channel in use.

 

Slow speed, intermittent dropouts, breaks in the signal, or no signal on some or all devices, might be caused by Wi-Fi interference from other local networks, which can also lead to a permanent reduction in speed. No ISP can be responsible for your local environment, this is mainly a by-product of the popularity of Wi-Fi.

The HG633 is a dual-band router & offers both the older 2.4GHz & the newer 5GHz Wi-Fi bands. The problem is these are two different networks (SSIDs), but they share the same name, so you can't tell which one you are connected to. Log into the router (http://192.168.1.1) and enter a username of "admin" and use the unique router password (see the label on the rear of the router at the top).

Go to:-
"Customise my wireless network"

Append "5G" to the end of the network name of the "Wireless 5 GHz SSID" field. Then click "Save".


This will not fix your issues, but it will make it much easier to identify the band you are connected to. This way you will know which band is causing your problems.

Having said that, there is another approach which can be better, which is to use Band Steering. This will automatically move any 5G compatible device connected to the 2.4G band to the 5GHz band. This is available on the HG633 (V2.00), to enable it, first set both SSIDs to the exact same name. Then go to:-

Home Network > Wireless Settings > Enable Wireless Network Frequency Bands

 

Then put a tick against Enable Band steering.


Generally speaking, the 2.4GHz band suffers much more from interference than the 5GHz band, but the 2.4GHz one can sometimes have a better range, but this all depends on your local area.

You may then wonder what was really the point of this if it won't solve the problem? This is because the whole topic is too complex to be dealt with in one post. The next stage involves sending out a guide to you to help you get me some important diagnostic results, so as I can analyse them for you and recommend changes to your router configuration to solve them.

I only send this out to people who request it.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they? 

cyberpunk
Chatterbox

I turned off 5ghz channel a while ago as it seemed to be causing trouble. P.S. I'm a computer engineer and I completed my Cisco CCNA course many years ago.  But thanks for the detail as others may find it useful.

KeithFrench
Community Star

Then your CCNA qualification, like mine, has expired (it only lasts 3 years)! The 5GHz cannot interfere with the 2.4GHz band, that is impossible. Let me know if you want my further help.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they? 

cyberpunk
Chatterbox
Again thanks for the quick response, 5ghz was turned off because chromecast works better on 2ghz, also it prefers channel 1, 6 or 11. Apparently. And none of my devices would get a good signal on 5. So i turned it off. The router was pre configured with the 2&5ghz channel having the same name which I changed and separated. Still no difference. Doesn't matter. But like I mentioned my TP-LINK had zero Issues.
KeithFrench
Community Star

Well, it is probably down to the channel(s) in use on the 2.4GHz band plus a few other things, then there is the chance of interference from other networks, that wasn't there before. I can help with checking this all out.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they? 

Community Team

Hi cyberpunk

 

Apologies for the delay.

 

Are you still experiencing this issue?

 

Thanks

 

Debbie