Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Router dying pt 2
8 views
Skip to first unread message
Chris
Mar 15, 2021, 12:23:50 PM3/15/21
to
So, the intermittent speed on my b/band reared it's head again just now.
Going into my Plusnet One administrator interface I see this in the
event log:
16:04:10, 15 Mar. IN: BLOCK [16] Remote administration (TCP
[222.187.239.51]:9090->[<my IP>]:22 on ppp3)
16:03:21, 15 Mar. IN: BLOCK [16] Remote administration (TCP
[45.79.206.91]:36340->[<my IP>]:80 on ppp3)
16:02:05, 15 Mar. OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3
192.168.1.150->216.58.198.176 on ppp3)
16:02:05, 15 Mar. BLOCKED 36 more packets (because of ICMP replay)
16:02:04, 15 Mar. OUT: BLOCK [7] ICMP replay (ICMP type 3 code 3
192.168.1.150->216.58.198.176 on ppp3)
What does the "BLOCKED 36 more packets" mean? And is the "Remote
administration" anything to worry about? Are they attempted hacks? I can
see quite a few of these over the afternoon.
These are the connection stats that the router provides:
5. DSL uptime: 4 days, 07:39:58
6. Data rate: 9999 / 38171
7. Maximum data rate: 11965 / 53024
8. Noise margin: 7.7 / 8.4
9. Line attenuation: 19.9 / 15.2
10. Signal attenuation: 20.0 / 15.4
11. Data sent/received: 6.9 GB / 53.4 GB
Graham J
Mar 15, 2021, 5:13:37 PM3/15/21
to
successfully blocked. But I expect these are tried at random by
potential hackers.
I suspect ICMP replay means IMCP reply, so a reply to Ping.
Type 3 means Destination Unreachable; Code 3 means Port Unreachable.
Something external tried to ping your 192.168.1.150 from 216.58.198.176
(registered to Google) and the outgoing response was blocked
Alternatively replay implies a messages captured and re-sent (i.e.
replayed) by a hacker. In the context of ping this is unlikely and
would achieve nothing useful for the hacker. See:
<https://www.kaspersky.com/resource-center/definitions/replay-attack>
Remote admin attempts would be small packets. Similarly, ping packets
are small.
This trafic is trivial and would not cause any reduction in speed.
Further the ping enquiry and attempts to log in are separated by about a
minute so there's no attempt at denial of service.
How do you know your speed varies?
Can you monitor the sync speed with RouterStats or similar? Having said
that the sync speed is unlikely to change without the router losing sync
and re-negotiating. If there is intermittent noise this could cause
packet retries - which would show as a reduction in speed if you were
downloading a large file.
A router such as a Draytek will show you a traffic graph and if you were
to download or upload a large file (taking many minutes or even hours)
you might then see variations in speed.
However, if you have a smartphone or similar which is set to upload its
photos to cloud storage this traffic might saturate the upstream
channel, which would delay replies to downstream traffic and would look
like reduced download speed. A good router (again Draytek) would allow
you to identify that device and limit its upstream usage.
--
Graham J
Chris
Mar 15, 2021, 6:12:21 PM3/15/21
to
The way I notice is via a sudden reduction in online responsiveness or my
radio stream cutting out.
The upload speed saturation could be an issue. I'll be alone at home
tomorrow and will keep an eye on it.
Brian Gregory
Mar 15, 2021, 9:25:03 PM3/15/21
to
On 15/03/2021 22:12, Chris wrote:
> The upload speed saturation could be an issue. I'll be alone at home
> tomorrow and will keep an eye on it.
Yes, lots of low to middle end routers are bad at this, not implementing
> The upload speed saturation could be an issue. I'll be alone at home
> tomorrow and will keep an eye on it.
any effective QoS.
--
Brian Gregory (in England).
Graham J
Mar 16, 2021, 4:48:16 AM3/16/21
to
Chris wrote:
[snip]
> Many thanks for the detailed response.
>
> The way I notice is via a sudden reduction in online responsiveness or my
> radio stream cutting out.
>
> The upload speed saturation could be an issue. I'll be alone at home
> tomorrow and will keep an eye on it.
Does this resolve by itself, or do you have to reboot?
What is the make and model of your router, please?
Can you set up F8Lure to monitor it?, See:
<http://fruk.net/index.php?fruk=f8lure>
You will need to configure your router to allow pings from the internet,
and you will need a static IP address, or to use Dynamic DNS , see for
example:
<https://www.noip.com/>
The graph produced by F8Lure will give an indication of ping delays
which in turn might indicate bandwidth saturation.
Who is your ISP? I've known congestion at the ISP give the symptoms you
see, but they generally resolve by themselves.
--
Graham J
[snip]
> Many thanks for the detailed response.
>
> The way I notice is via a sudden reduction in online responsiveness or my
> radio stream cutting out.
>
> The upload speed saturation could be an issue. I'll be alone at home
> tomorrow and will keep an eye on it.
What is the make and model of your router, please?
Can you set up F8Lure to monitor it?, See:
<http://fruk.net/index.php?fruk=f8lure>
You will need to configure your router to allow pings from the internet,
and you will need a static IP address, or to use Dynamic DNS , see for
example:
<https://www.noip.com/>
The graph produced by F8Lure will give an indication of ping delays
which in turn might indicate bandwidth saturation.
Who is your ISP? I've known congestion at the ISP give the symptoms you
see, but they generally resolve by themselves.
--
Graham J
Andy Burns
Mar 16, 2021, 6:00:59 AM3/16/21
to
Chris wrote:
> anything to worry about? Are they attempted hacks?
They are, but as they're being blocked, not much to worry about
> anything to worry about? Are they attempted hacks?
you can still enable the plusnet firewall at "their end" to stop them
reaching your router, using
<https://www.plus.net/member-centre/broadband/firewall>
but 1) it will barely affect the speed with just a few packets per minute
and 2) don't block inbound traffic you might want
Chris
Mar 16, 2021, 7:40:21 AM3/16/21
to
On 16/03/2021 08:48, Graham J wrote:
> Chris wrote:
>
> [snip]
>
>> Many thanks for the detailed response.
>>
>> The way I notice is via a sudden reduction in online responsiveness or my
>> radio stream cutting out.
>>
>> The upload speed saturation could be an issue. I'll be alone at home
>> tomorrow and will keep an eye on it.
>
> Does this resolve by itself, or do you have to reboot?
A bit of both. It seems to resolve itself, but is still "fragile" until
> Chris wrote:
>
> [snip]
>
>> Many thanks for the detailed response.
>>
>> The way I notice is via a sudden reduction in online responsiveness or my
>> radio stream cutting out.
>>
>> The upload speed saturation could be an issue. I'll be alone at home
>> tomorrow and will keep an eye on it.
>
> Does this resolve by itself, or do you have to reboot?
a reboot. I'm leaving it up for now to see how it progresses.
>
> What is the make and model of your router, please?
> Can you set up F8Lure to monitor it?, See:
>
> <http://fruk.net/index.php?fruk=f8lure>
>
> You will need to configure your router to allow pings from the internet,
> and you will need a static IP address, or to use Dynamic DNS , see for
> example:
>
> <https://www.noip.com/>
>
> The graph produced by F8Lure will give an indication of ping delays
> which in turn might indicate bandwidth saturation.
quickly do the graphs update?
> Who is your ISP? I've known congestion at the ISP give the symptoms you
> see, but they generally resolve by themselves.
BT status is also fine.
The thing is I've been WFH for the past year and it's been rock solid
with up to four us at home working online. It's just in the last couple
of weeks that it's been dodgy.
Graham J
Mar 16, 2021, 7:55:27 AM3/16/21
to
Chris wrote:
[snip]
>> What is the make and model of your router, please?
>
> It's in the OP: Plusnet Hub One
Sorry - didn't look back that far ...
[snip]
>> The graph produced by F8Lure will give an indication of ping delays
>> which in turn might indicate bandwidth saturation.
>
> Done! That was surprisingly easy. Let's see what info that gives... How
> quickly do the graphs update?
Every time you refresh the browser screen - allow a few seconds ...
>> Who is your ISP? I've known congestion at the ISP give the symptoms
>> you see, but they generally resolve by themselves.
Can you borrow another router to test?
--
Graham J
[snip]
>> What is the make and model of your router, please?
>
> It's in the OP: Plusnet Hub One
[snip]
>> The graph produced by F8Lure will give an indication of ping delays
>> which in turn might indicate bandwidth saturation.
>
> Done! That was surprisingly easy. Let's see what info that gives... How
> quickly do the graphs update?
>> Who is your ISP? I've known congestion at the ISP give the symptoms
>> you see, but they generally resolve by themselves.
--
Graham J
PeeGee
Mar 16, 2021, 7:58:41 AM3/16/21
to
setup their supplied routers at the first connection.
--
PeeGee
Chris
Mar 16, 2021, 8:20:01 AM3/16/21
to
On 16/03/2021 11:55, Graham J wrote:
> Chris wrote:
>
> [snip]
>
>>> What is the make and model of your router, please?
>>
>> It's in the OP: Plusnet Hub One
>
> Sorry - didn't look back that far ...
>
> [snip]
>
>>> The graph produced by F8Lure will give an indication of ping delays
>>> which in turn might indicate bandwidth saturation.
>>
>> Done! That was surprisingly easy. Let's see what info that gives...
>> How quickly do the graphs update?
>
> Every time you refresh the browser screen - allow a few seconds ...
I must have misconfigured something, as it's saying "Down for 1 hours"
> Chris wrote:
>
> [snip]
>
>>> What is the make and model of your router, please?
>>
>> It's in the OP: Plusnet Hub One
>
> Sorry - didn't look back that far ...
>
> [snip]
>
>>> The graph produced by F8Lure will give an indication of ping delays
>>> which in turn might indicate bandwidth saturation.
>>
>> Done! That was surprisingly easy. Let's see what info that gives...
>> How quickly do the graphs update?
>
> Every time you refresh the browser screen - allow a few seconds ...
in red.
I set up an account on noip and configured a hostname on xxxx.hopto.org.
Then I configured my router with the noip account details and it's
saying it's correctly configured. On noip it sees the right IP.
On f8lure I added my hostname on xxxx.hopto.org.
Have I missed something?
>
>>> Who is your ISP? I've known congestion at the ISP give the symptoms
>>> you see, but they generally resolve by themselves.
>
> Can you borrow another router to test?
Graham J
Mar 16, 2021, 9:06:53 AM3/16/21
to
Chris wrote:
[snip]
>>>
>>> Done! That was surprisingly easy. Let's see what info that gives...
>>> How quickly do the graphs update?
>>
>> Every time you refresh the browser screen - allow a few seconds ...
>
> I must have misconfigured something, as it's saying "Down for 1 hours"
> in red.
>
> I set up an account on noip and configured a hostname on xxxx.hopto.org.
> Then I configured my router with the noip account details and it's
> saying it's correctly configured. On noip it sees the right IP.
>
> On f8lure I added my hostname on xxxx.hopto.org.
>
> Have I missed something?
Yes. You have failed to configure the router to allow pings from the
internet.
Others here will tell you whether or not this is possible with the Hub One.
Try setting up another F8Lure window pointing to bbc.co.uk - that will
give you an idea of what to expect.
Plusnet will sell you a static IP for £5 one-off payment - well worthwhile.
--
Graham J
[snip]
>>>
>>> Done! That was surprisingly easy. Let's see what info that gives...
>>> How quickly do the graphs update?
>>
>> Every time you refresh the browser screen - allow a few seconds ...
>
> I must have misconfigured something, as it's saying "Down for 1 hours"
> in red.
>
> I set up an account on noip and configured a hostname on xxxx.hopto.org.
> Then I configured my router with the noip account details and it's
> saying it's correctly configured. On noip it sees the right IP.
>
> On f8lure I added my hostname on xxxx.hopto.org.
>
> Have I missed something?
internet.
Others here will tell you whether or not this is possible with the Hub One.
Try setting up another F8Lure window pointing to bbc.co.uk - that will
give you an idea of what to expect.
Plusnet will sell you a static IP for £5 one-off payment - well worthwhile.
--
Graham J
Chris
Mar 16, 2021, 9:19:01 AM3/16/21
to
Graham J <nob...@nowhere.co.uk> wrote:
> Chris wrote:
>
> [snip]
>
>>>>
>>>> Done! That was surprisingly easy. Let's see what info that gives...
>>>> How quickly do the graphs update?
>>>
>>> Every time you refresh the browser screen - allow a few seconds ...
>>
>> I must have misconfigured something, as it's saying "Down for 1 hours"
>> in red.
>>
>> I set up an account on noip and configured a hostname on xxxx.hopto.org.
>> Then I configured my router with the noip account details and it's
>> saying it's correctly configured. On noip it sees the right IP.
>>
>> On f8lure I added my hostname on xxxx.hopto.org.
>>
>> Have I missed something?
>
> Yes. You have failed to configure the router to allow pings from the
> internet.
>
> Others here will tell you whether or not this is possible with the Hub One.
Crap. No.
> Chris wrote:
>
> [snip]
>
>>>>
>>>> Done! That was surprisingly easy. Let's see what info that gives...
>>>> How quickly do the graphs update?
>>>
>>> Every time you refresh the browser screen - allow a few seconds ...
>>
>> I must have misconfigured something, as it's saying "Down for 1 hours"
>> in red.
>>
>> I set up an account on noip and configured a hostname on xxxx.hopto.org.
>> Then I configured my router with the noip account details and it's
>> saying it's correctly configured. On noip it sees the right IP.
>>
>> On f8lure I added my hostname on xxxx.hopto.org.
>>
>> Have I missed something?
>
> Yes. You have failed to configure the router to allow pings from the
> internet.
>
> Others here will tell you whether or not this is possible with the Hub One.
https://community.plus.net/t5/Tech-Help-Software-Hardware-etc/Hub-One-WAN-Ping-ICMP/td-p/1304450
> Try setting up another F8Lure window pointing to bbc.co.uk - that will
> give you an idea of what to expect.
>
> Plusnet will sell you a static IP for £5 one-off payment - well worthwhile.
Chris
Mar 16, 2021, 9:19:01 AM3/16/21
to
years old.
Andy Burns
Mar 16, 2021, 10:14:20 AM3/16/21
to
PeeGee wrote:
> Not sure about the Plusnet One, but IIRC Plusnet did use remote admin to
> setup their supplied routers at the first connection.
They do, but they use TR-069, not ssh(ssh) or http(80)
> Not sure about the Plusnet One, but IIRC Plusnet did use remote admin to
> setup their supplied routers at the first connection.
Graham J
Mar 16, 2021, 10:59:32 AM3/16/21
to
Chris wrote:
[snip]
>
> Crap. No.
> https://community.plus.net/t5/Tech-Help-Software-Hardware-etc/Hub-One-WAN-Ping-ICMP/td-p/1304450
That link shows you how to set up a DMZ so pings are forwarded to
something on your LAN.
The key here is that the thing on your LAN must be always present,
always respond to ping, and have a reliable connection (so via Ethernet
cable rather than WiFi).
Worth getting a better router. eBay has Drayteks starting at about £10.
Is your connection ADSL or VDSL?
--
Graham J
[snip]
>
> Crap. No.
> https://community.plus.net/t5/Tech-Help-Software-Hardware-etc/Hub-One-WAN-Ping-ICMP/td-p/1304450
That link shows you how to set up a DMZ so pings are forwarded to
something on your LAN.
The key here is that the thing on your LAN must be always present,
always respond to ping, and have a reliable connection (so via Ethernet
cable rather than WiFi).
Worth getting a better router. eBay has Drayteks starting at about £10.
Is your connection ADSL or VDSL?
--
Graham J
0 new messages