Is someone trying to break into my home network?

Sybertiger

Sybertiger

Known around here
Jun 30, 2018
7,159
22,843
Orlando
I see my router continually reporting these login attempts all the time. Any idea who it is and what additional precautions should I take? And, anyone recognized those IP addresses?

The IP address 193.46.255.51 belongs to the netblock 193.46.255.0/24, which is managed by Bunea TELECOM SRL (identified by ASN 35478) and located in the United Kingdom. The specific IP address is allocated to clients of Bunea TELECOM SRL, a Romanian company registered as WhoisRequest.com.

The IP address 45.227.253.13 is associated with Global Layer B.V. in Panama, according to a lookup by CloudFilt. This is an Internet Service Provider (ISP) and a host for internet-related services, not a specific individual's IP address.


1759090431395.png
 
Last edited:
P address 80.94.95.226 is registered to the company UNMANAGED LTD, with a location in Timișoara, Romania.

1759090836498.png
 
Last edited:
Yes

Check and make sure UPnP on router is disabled

Maybe strengthen your password

Does it show what port?

You’re not port forwarding are you ?
 
  • Like
Reactions: bp2008 and Sybertiger
You need to disable remote access, better to use VPN instead (then you need to have a static IP or dynamic DNS client, to connect to your VPN):
www.snbforums.com

Remote access to Asus router

I'm trying to connect to my router at my cottage (Asus RT-AX1800S) which was setup to be accessible remotely. However, now that I am back home I cannot seem to access the web GUI. I am however able to connect to it via the asus router app on my phone but the status shows as "Security link". The...
www.snbforums.com www.snbforums.com
 
  • Like
Reactions: Sybertiger, quiet.tea and bigredfish
^^^^
This is what I do.
 
  • Like
Reactions: Sybertiger
Thanks for all the responses!

OpenVPN was setup
Password was changed again
UPnP was disabled
Port Forwarding was disabled
Web Access from WAN is disabled << this was enabled and I think this happened the other day when I was fooling around with the ASUS phone app. It got turned on accidently due to ASUS phone app saying that it would not work if web access is disabled but I have OpenVPN setup therefore it doesn't need Web Access from WAN enabled since all you have to do is flip on OpenVPN if you want to use the ASUS phone app from the WAN. I think the attempted logins from other countries began when I accidently enabled it as I had never seen these warning messages until a few days ago. I had asked the question because I thought it odd that all of a sudden I was getting push notification regarding attempts.
 
  • Like
Reactions: alastairstevenson
I know it is a pain in the ass but you should consider the likely possibility that your router was compromised during the time you had its web access exposed.

See this article for a recent example: Thousands of Asus routers are being hit with stealthy, persistent backdoors They explain how you can check for one particular kind of persistent backdoor that may have been installed. Aside from that, it would be a good idea to factory reset the router, update its firmware to the latest available, and then factory reset again for good measure. This is not a guarantee that that router will be clean afterward, but it should get rid of any particularly unsophisticated malware.
 
  • Like
Reactions: Sybertiger, tigerwillow1 and alastairstevenson
bp2008 said:
I know it is a pain in the ass but you should consider the likely possibility that your router was compromised during the time you had its web access exposed.

See this article for a recent example: Thousands of Asus routers are being hit with stealthy, persistent backdoors They explain how you can check for one particular kind of persistent backdoor that may have been installed. Aside from that, it would be a good idea to factory reset the router, update its firmware to the latest available, and then factory reset again for good measure. This is not a guarantee that that router will be clean afterward, but it should get rid of any particularly unsophisticated malware.
Click to expand...
Thank you! I had the latest firmware already installed but I did do a factory recent after I noticed I accidently had WAN access enabled this weekend. Likely it happened when I upgraded my Android phone to a new model and certain apps had to be set up again. I set up the ASUS phone app again but accidently had WAN access enabled due the the app stating it needed it. I had forgotten that I didn't need that since I already had VPN setup. Whoopsies.
 
Last edited:
You must log in or register to reply here.
Top Bottom