Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Page 1 of 3 123 LastLast
    Results 1 to 10 of 22
    Like Tree3Likes

    Kernel Intrusions?

    This is a discussion on Kernel Intrusions? within the Sky Broadband help forums, part of the Sky Broadband help and support category; Hi guys, First of all im not sure if this is an issue with my router, sky or my network ...

    1. #1
      CazuaLL's Avatar
      CazuaLL is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504
      Sky TV: Sky Basic
      Join Date
      Dec 2011
      Posts
      15
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Kernel Intrusions?

      Hi guys,

      First of all im not sure if this is an issue with my router, sky or my network but I am getting Kernel intrusions showing up on my router report.

      I would like someone to clarify what a Kernel intrusion is and if this has potential to knock my WiFi offline to my devices or knock my whole router offline from connecting to the internet. I am getting a Kernel intrusion every 15-20 minutes and my WiFi of my router goes down. I need to also test with an Ethernet cable to test whether this is just a wireless problem or a general problem with my internet connection. Below is a screenshot of just some of the Kernel intrusion logs on my router report. I have read on the internet some people are getting kicked offline and some aren't.

      Ignore the time and dates shown, as im been resetting and rebooting my router it resets the time and date. This is a major issue for me as I work from home as a youtuber and uploading videos is a real pain!

      Many thanks in advance for any help.
      Liam Biggs



    2. Advertisement
    3. #2
      itype's Avatar
      itype is offline Sky User Member
      Exchange: Basingstoke, THBZ
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Oct 2007
      Location
      Hampshire
      Posts
      315
      Thanks
      12
      Thanked 3 Times in 2 Posts

      Re: Kernel Intrusions?

      Found an old thread about the same situation over: Intrusion ?.

      Basically, someone is portscanning your router to find a way to try and hack you. Your router is doing its job however. If you can log into your router and turn the "Respond to PING on internet WAN port" off under the "Advanced" tab then this should stop the messages. The user pinging your address will get a timeout error.

      Let us know how it goes, also, for me to see more clearly could you copy and paste a portion of the list into [quote] brackets for me please.

    4. #3
      CazuaLL's Avatar
      CazuaLL is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504
      Sky TV: Sky Basic
      Join Date
      Dec 2011
      Posts
      15
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Kernel Intrusions?

      Hi,

      Thanks for your reply its good to talk to someone who knows what they are talking about!

      I am using a TP-Link TD-W8960N Router. The Sagem router sky issued was terrible, gave me half speeds than im getting now and has poor security so I think this router which is miles better has been protecting me alot better. I have told sky in person I refuse to put their router back in until they can improve security and match the speeds I get with this router. Do you know in the settings of this router I could find 'Respond to PING on internet WAN port'?

      Many thanks,
      Liam Biggs

    5. #4
      itype's Avatar
      itype is offline Sky User Member
      Exchange: Basingstoke, THBZ
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Oct 2007
      Location
      Hampshire
      Posts
      315
      Thanks
      12
      Thanked 3 Times in 2 Posts

      Re: Kernel Intrusions?

      I don't think I'm going to be of much help at this point I'm afraid. I've looked through a user manual and can't find anything that ressembles the "Respond to PING on internet WAN port" on the Sky routers.

      However, I found this as well: User.alert Kernel intrusion??.

      I took a read and will say at this point to not worry about. It could be port scans, which happens to everybody unfortunately, or you have an IP that was used by somebody using utorrent or the like. I wouldn't worry about it as your router is doing its job and blocking the probes. You are not being attacked and your line will be fine. If you start seeing drop outs then report back, but I'd doubt it.

      If it concerns you then try switching the router on and off to change the IP addresses, if it doesn't reset straight away then leave it for a while as Sky's IP addresses like to stick.

      Hope this helps .

      Could you also please copy and paste the intrusions into a post so as we can see where they are coming from and the ports that are being probed as this can provide a better insight into what's happening. Thanks.

      Check your WAN uptime over the next day or so and see if that gets reset to see if it's your internet or just your wireless that is loosing connection.
      Last edited by itype; 18-11-12 at 03:08 AM. Reason: Added info

    6. #5
      CazuaLL's Avatar
      CazuaLL is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504
      Sky TV: Sky Basic
      Join Date
      Dec 2011
      Posts
      15
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Kernel Intrusions?

      Hey,

      I have rebooted the router by taking out the power for 30 seconds or more and done a full reset where I had to enter in full settings all over again at the same time sky has given me a new IP address every time. The internet still drops around every 15 to 20 minutes so resetting or rebooting hasn't helped at all.

      It possibly could be a problem like you said that the IP's sky are giving me aren't the best. Also below I will paste some of the intrusions info from the hour. I have had 5 already in the last 45 minutes.

      Jan 2 14:39:31 user alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=119.246.236.126 DST=94.1.14.98 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=30261 DF PROTO=TCP SPT=64398 DPT=45453 WINDOW=8192 RES=0x00 SYN URGP=0
      Jan 2 14:42:39 user notice igmp[12818]: setsockopt- MRT_DEL_MFC
      Jan 2 14:49:30 user alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=119.246.236.126 DST=94.1.14.98 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=25088 DF PROTO=TCP SPT=53013 DPT=45453 WINDOW=8192 RES=0x00 SYN URGP=0
      Jan 2 14:59:39 user alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=112.198.78.224 DST=94.1.14.98 LEN=48 TOS=0x00 PREC=0x00 TTL=187 ID=26432 PROTO=TCP SPT=52738 DPT=45453 WINDOW=57344 RES=0x00 SYN URGP=0
      Jan 2 15:09:33 user alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=112.198.78.224 DST=94.1.14.98 LEN=48 TOS=0x00 PREC=0x00 TTL=187 ID=53536 PROTO=TCP SPT=21351 DPT=45453 WINDOW=57344 RES=0x00 SYN URGP=0
      Jan 2 15:16:11 user notice igmp[12818]: setsockopt- MRT_DEL_MFC
      Jan 2 15:19:30 user alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=112.198.78.224 DST=94.1.14.98 LEN=52 TOS=0x00 PREC=0x00 TTL=187 ID=38016 PROTO=TCP SPT=43770 DPT=45453 WINDOW=57344 RES=0x00 SYN URGP=0

    7. #6
      itype's Avatar
      itype is offline Sky User Member
      Exchange: Basingstoke, THBZ
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Oct 2007
      Location
      Hampshire
      Posts
      315
      Thanks
      12
      Thanked 3 Times in 2 Posts

      Re: Kernel Intrusions?

      I'm unsure of where to take this next. I have PM'd a few members to see if they can add input tomorrow. They posted in the topics I suggested. Sorry =(. For your information though, the port scans are coming from Hong Kong. Do you use utorrent at all or any other P2P sharing?

      Whilst you wait, check this and post back. Don't reset your router whilst you do this. Check your WAN uptime over the 24 hours or so and see if that gets reset, this will tell me and the others whether it is your internet connection getting dropped or just your wireless connection.

      What I would also suggest, to eliminate either possibility, could you download and install inSSider and check to see what wireless channels are used the least and then change the wireless channel accordingly in the router. This could be the issue to your wireless if your WAN doesn't drop.

    8. #7
      CazuaLL's Avatar
      CazuaLL is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504
      Sky TV: Sky Basic
      Join Date
      Dec 2011
      Posts
      15
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Kernel Intrusions?

      Hi

      I have selected myself to go on a channel which no one else is on via using that program you suggested. I do have uTorrent installed but I very very rarely use it. It is worth uninstalling this program?

      Im not sure on my router admin where I would check my WAN uptime but I think it may be this?

      Statistics -- LAN
      Interface Received Transmitted
      Bytes Pkts Errs Drops Bytes Pkts Errs Drops
      Ethernet0 0 0 0 0 38845226 153576 0 0
      WirelessLAN0 1674200629 5668716 20 0 2147483647 7976120 2535 0

      Statistics -- WAN
      Interface Description Received Transmitted
      Bytes Pkts Errs Drops Bytes Pkts Errs Drops
      pppoa0 pppoa_0_0_38 709819678 671287 0 0 54563890 497597 0 0

      Statistics -- xDSL
      Mode: ADSL_2plus
      Traffic Type: ATM
      Status: Up
      Link Power State: L0
      Downstream Upstream
      Line Coding(Trellis): On On
      SNR Margin (0.1 dB): 53 78
      Attenuation (0.1 dB): 425 206
      Output Power (0.1 dBm): 190 123
      Attainable Rate (Kbps): 9804 1175
      Path 0 Path 1
      Downstream Upstream Downstream Upstream
      Rate (Kbps): 8453 1110 0 0
      MSGc (# of bytes in overhead channel message): 59 15 0 0
      B (# of bytes in Mux Data Frame): 131 15 0 0
      M (# of Mux Data Frames in FEC Data Frame): 1 8 0 0
      T (Mux Data Frames over sync bytes): 2 7 0 0
      R (# of check bytes in FEC Data Frame): 10 16 0 0
      S (ratio of FEC over PMD Data Frame length): 0.4978 3.6571 0.0 0.0
      L (# of bits in PMD Data Frame): 2282 315 0 0
      D (interleaver depth): 64 8 0 0
      Delay (msec): 7.96 7.31 0.0 0.0
      INP (DMT symbol): 1.12 1.62 0.0 0.0
      Super Frames: 9749851 401279 0 0
      Super Frame Errors: 0 0 0 0
      RS Words: 1267480644 605864 0 0
      RS Correctable Errors: 310620 222 0 0
      RS Uncorrectable Errors: 7722 0 0 0
      HEC Errors: 0 358 0 0
      OCD Errors: 0 0 0 0
      LCD Errors: 0 0 0 0
      Total Cells: 3144789352 4104905519 0 0
      Data Cells: 152759529 2257593707 0 0
      Bit Errors: 0 29707 0 0
      Total ES: 275 0
      Total SES: 9 0
      Total UAS: 114 114

    9. #8
      itype's Avatar
      itype is offline Sky User Member
      Exchange: Basingstoke, THBZ
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Oct 2007
      Location
      Hampshire
      Posts
      315
      Thanks
      12
      Thanked 3 Times in 2 Posts

      Re: Kernel Intrusions?

      It is none of the above I'm afraid. I hope somebody else chimes in at this stage as I'm unfamiliar with your router. Just keep an eye on your wireless and see if that drops for the time being.

    10. #9
      NewsreadeR's Avatar
      NewsreadeR is offline Site Founder
      Exchange: Marshalls Cross
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      St Helens
      Posts
      22,211
      Thanks
      108
      Thanked 373 Times in 304 Posts
      Blog Entries
      48

      Re: Kernel Intrusions?

      The intrusions are normal. The router is blocking them as intended.

      If you are using torrents etc then that could be the reason why. People are trying to connect to your PC to download / upload them.
      itype likes this.




      ~ Never, ever, argue with an idiot. They'll drag you down to their level and beat you with experience ~

      Follow us on Twitter @skyuser

    11. #10
      WheelNutWalter's Avatar
      WheelNutWalter is offline Sky User Member
      Exchange: LCHEY
      Broadband ISP: Sky Max/Unlimited
      Router: Sagemcom 2504N
      Sky TV: Sky+HD box
      Join Date
      Aug 2011
      Posts
      94
      Thanks
      10
      Thanked 11 Times in 10 Posts

      Re: Kernel Intrusions?

      Turning off ICMP reply won't make any difference here I'm afraid, and whilst many people still believe the myth that it improves your security, it doesn't help in the slightest. There was a day when many ICMP echo implementations were vulnerable to Denial of Service attacks, but it isn't an issue these days. ICMP echo might be an easy way of identifying that a host is alive, but malicious people (or code) looking to exploit services will attack a specific service directly, rather than finding alive hosts with ICMP and then trying to exploit the service. If you want to keep your systems secure, uninstall software you don't use, and ensure you have up-to-date antivirus definitions and keep your operating system and other software updated. For the record, blocking ICMP in its entirety is a very bad thing to do, as ICMP is used to do many things, including negotiate IP packet sizes (you may well have heard of the term MTU?). You can safely block ICMP echo and ICMP reply (not that it will help you), but please don't block ICMP entirely, as this will cause you all sorts of strange problems that can be difficult to identify.

      All the messages you are seeing are from the iptables modules within in the router's kernel. They are quite normal and nothing to worry about. As NewsreadeR has already pointed out, it's likely from people running torrent clients. It could be that you (or someone else recently using your dynamic IP) have been using torrents. It won't cause you any problems, simply ignore and carry on as you were before.

      More on the iptables logs you are seeing
      itype likes this.

     

     
    Page 1 of 3 123 LastLast

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION