Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Page 1 of 2 12 LastLast
    Results 1 to 10 of 14

    User.alert Kernel intrusion??

    This is a discussion on User.alert Kernel intrusion?? within the Sky Broadband help forums, part of the Sky Broadband help and support category; I usually check the routers log out of habbit. I have all 3 tick boxes ticked Attempted access to blocked ...

    1. #1
      BruceT5's Avatar
      BruceT5 is offline Sky User Member
      Exchange: SSFLT Filton
      Broadband ISP: Sky Mid
      Router: Sagem F@ST 2504
      Sky TV: Sky+
      Join Date
      Dec 2008
      Posts
      32
      Thanks
      2
      Thanked 0 Times in 0 Posts

      Question User.alert Kernel intrusion??

      I usually check the routers log out of habbit. I have all 3 tick boxes ticked

      Attempted access to blocked sites
      Connections to the Web-based interface of this Router
      Router operation (start up, link up etc)

      But, I keep getting these weird alerts in the log.

      I contacted sky about slow speeds and they confirmed im on DLM or "Active Line Managment"

      Is this DLM changing line stats or attempted hacking?

      Feb 11 17:40:09 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=78.83.87.155 DST=90.219.84.83 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=22832 DF PROTO=TCP SPT=49506 DPT=16392 WINDOW=5808 RES=0x00 SYN URGP=0

      Feb 11 17:40:12 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=78.83.87.155 DST=90.219.84.83 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=22833 DF PROTO=TCP SPT=49506 DPT=16392 WINDOW=5808 RES=0x00 SYN URGP=0

      Feb 11 17:40:18 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=78.83.87.155 DST=90.219.84.83 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=22834 DF PROTO=TCP SPT=49506 DPT=16392 WINDOW=5808 RES=0x00 SYN URGP=0

      Feb 11 17:42:19 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=83.251.111.203 DST=90.219.84.83 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=60572 DF PROTO=TCP SPT=51587 DPT=16392 WINDOW=65535 RES=0x00 SYN URGP=0

      Feb 11 17:42:20 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=83.251.111.203 DST=90.219.84.83 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=16892 DF PROTO=TCP SPT=51587 DPT=16392 WINDOW=65535 RES=0x00 SYN URGP=0

      Feb 11 17:42:21 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=83.251.111.203 DST=90.219.84.83 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=42652 DF PROTO=TCP SPT=51587 DPT=16392 WINDOW=65535 RES=0x00 SYN URGP=0

      Feb 11 17:42:22 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=83.251.111.203 DST=90.219.84.83 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=15069 DF PROTO=TCP SPT=51587 DPT=16392 WINDOW=65535 RES=0x00 SYN URGP=0

      Feb 11 17:42:23 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=83.251.111.203 DST=90.219.84.83 LEN=48 TOS=0x00 PREC=0x00 TTL=52 ID=9696 DF PROTO=TCP SPT=51587 DPT=16392 WINDOW=65535 RES=0x00 SYN URGP=0


    2. Advertisement
    3. #2
      Saturday's Avatar
      Saturday is offline Sky User Super Mod
      Exchange:
      Broadband ISP: Sky Broadband Unlimited Pro
      Router: Sky Hub SR102
      Sky TV: Sky+HD box
      Join Date
      Sep 2006
      Posts
      6,086
      Thanks
      20
      Thanked 52 Times in 47 Posts

      re: User.alert Kernel intrusion??

      Nothing to do with DLM and no you're not being hacked.

      Each probe was to port 16392. Were you using P2P earlier and this is the port number you set up in your client? If not, did you reboot prior to this i.e. you may have picked up the IP of someone who was using P2P?

      In any event, your router firewall is doing what it is supposed to so nothing to worry about.

    4. #3
      BruceT5's Avatar
      BruceT5 is offline Sky User Member
      Exchange: SSFLT Filton
      Broadband ISP: Sky Mid
      Router: Sagem F@ST 2504
      Sky TV: Sky+
      Join Date
      Dec 2008
      Posts
      32
      Thanks
      2
      Thanked 0 Times in 0 Posts

      Re: User.alert Kernel intrusion??

      Ah, my "client" was using 16392, ive changed it now.

      Although, its not open and ive not downloaded anything via it for a good week or two now...

      Thanks, maybe ive attracted some kind of "bad" attention?

    5. #4
      Saturday's Avatar
      Saturday is offline Sky User Super Mod
      Exchange:
      Broadband ISP: Sky Broadband Unlimited Pro
      Router: Sky Hub SR102
      Sky TV: Sky+HD box
      Join Date
      Sep 2006
      Posts
      6,086
      Thanks
      20
      Thanked 52 Times in 47 Posts

      Re: User.alert Kernel intrusion??

      There you go

      Usually, if the client hasn't been in use recently then the attempts to connect that you're seeing in your logs will disappear. However, if someone was downloading from you then closed their client, when they open it again, maybe days or weeks later, it will remember the IPs it was downloading from and try and connect again.

    6. #5
      BruceT5's Avatar
      BruceT5 is offline Sky User Member
      Exchange: SSFLT Filton
      Broadband ISP: Sky Mid
      Router: Sagem F@ST 2504
      Sky TV: Sky+
      Join Date
      Dec 2008
      Posts
      32
      Thanks
      2
      Thanked 0 Times in 0 Posts

      Re: User.alert Kernel intrusion??

      I see. Its still happening now. Nearly every 15 mins and about 4-5 attempts. So does sound like a torrent client rather than malicious attacks.

      Is there anyway to stop it?

    7. #6
      NewsreadeR's Avatar
      NewsreadeR is offline Site Founder
      Exchange: Marshalls Cross
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      St Helens
      Posts
      22,211
      Thanks
      108
      Thanked 373 Times in 304 Posts
      Blog Entries
      48

      Re: User.alert Kernel intrusion??

      You could try rebooting your router, so as to get a different IP address.




      ~ Never, ever, argue with an idiot. They'll drag you down to their level and beat you with experience ~

      Follow us on Twitter @skyuser

    8. #7
      Saturday's Avatar
      Saturday is offline Sky User Super Mod
      Exchange:
      Broadband ISP: Sky Broadband Unlimited Pro
      Router: Sky Hub SR102
      Sky TV: Sky+HD box
      Join Date
      Sep 2006
      Posts
      6,086
      Thanks
      20
      Thanked 52 Times in 47 Posts

      Re: User.alert Kernel intrusion??

      Quote Originally Posted by BruceT5 View Post
      Is there anyway to stop it?
      As Ged says, get a new IP - though Sky IPs can be quite sticky so if you don't get a new one straight away, leave your router off overnight and you should get one then.

      But those attempts to connect are completely harmless and won't be affecting your connection in any way.

    9. #8
      BruceT5's Avatar
      BruceT5 is offline Sky User Member
      Exchange: SSFLT Filton
      Broadband ISP: Sky Mid
      Router: Sagem F@ST 2504
      Sky TV: Sky+
      Join Date
      Dec 2008
      Posts
      32
      Thanks
      2
      Thanked 0 Times in 0 Posts

      Re: User.alert Kernel intrusion??

      Cheers, Thanks guys.

    10. #9
      BruceT5's Avatar
      BruceT5 is offline Sky User Member
      Exchange: SSFLT Filton
      Broadband ISP: Sky Mid
      Router: Sagem F@ST 2504
      Sky TV: Sky+
      Join Date
      Dec 2008
      Posts
      32
      Thanks
      2
      Thanked 0 Times in 0 Posts

      Re: User.alert Kernel intrusion??

      Relunctantly turned the router off (Due to been on DLM)

      Got a different IP address, yet still getting kernal intrusions!

      Feb 12 21:30:07 (none) user.alert kernel: Intrusion -> IN=ppp_0_38_1 OUT= MAC= SRC=61.164.112.202 DST=90.220.138.232 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0

    11. #10
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,132
      Thanks
      64
      Thanked 1,641 Times in 1,602 Posts

      Re: User.alert Kernel intrusion??

      The addresses shown trace back to China, Bulgaria and Sweden. They are being stopped, so there is not much to worry about. The router is doing it's job.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      http://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





     

     
    Page 1 of 2 12 LastLast

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION