Possible Attack

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

Post Reply
yousaf465
Posts: 49
Joined: Mon Nov 26, 2012 5:19 am

Possible Attack

Post by yousaf465 »

is this some kind of attack ? :?

Code: Select all

root@Gargoyle:~# logread
Feb 22 12:28:22 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPACK(br-lan) 192.168.12.140 a4:17:31:5c:58:50 hira-HP
Feb 22 12:28:36 Gargoyle user.notice ifup: Enabling Router Solicitations on loopback (lo)
Feb 22 12:29:18 Gargoyle daemon.err miniupnpd[1781]: upnp_event_recv: recv(): Connection reset by peer
Feb 22 12:29:20 Gargoyle kern.info kernel: [  124.830000] br-wan: port 1(wlan0-1) entered disabled state
Feb 22 12:29:20 Gargoyle kern.info kernel: [  125.600000] wlan0-1: authenticate with d8:6c:e9:33:88:5c
Feb 22 12:29:20 Gargoyle kern.info kernel: [  125.620000] wlan0-1: send auth to d8:6c:e9:33:88:5c (try 1/3)
Feb 22 12:29:21 Gargoyle kern.info kernel: [  125.830000] wlan0-1: send auth to d8:6c:e9:33:88:5c (try 2/3)
Feb 22 12:29:21 Gargoyle kern.info kernel: [  125.830000] br-lan: port 3(wlan0) entered disabled state
Feb 22 12:29:21 Gargoyle kern.info kernel: [  126.040000] wlan0-1: send auth to d8:6c:e9:33:88:5c (try 3/3)
Feb 22 12:29:21 Gargoyle kern.info kernel: [  126.250000] wlan0-1: authentication with d8:6c:e9:33:88:5c timed out
Feb 22 12:29:45 Gargoyle kern.info kernel: [  150.390000] wlan0-1: authenticate with d8:6c:e9:33:88:5c
Feb 22 12:29:45 Gargoyle kern.info kernel: [  150.410000] wlan0-1: send auth to d8:6c:e9:33:88:5c (try 1/3)
Feb 22 12:29:45 Gargoyle kern.info kernel: [  150.410000] wlan0-1: authenticated
Feb 22 12:29:45 Gargoyle kern.info kernel: [  150.430000] wlan0-1: associate with d8:6c:e9:33:88:5c (try 1/3)
Feb 22 12:29:45 Gargoyle kern.info kernel: [  150.430000] wlan0-1: RX AssocResp from d8:6c:e9:33:88:5c (capab=0x411 status=0 aid=1)
Feb 22 12:29:45 Gargoyle kern.info kernel: [  150.440000] wlan0-1: associated
Feb 22 12:29:45 Gargoyle kern.info kernel: [  150.450000] br-wan: port 1(wlan0-1) entered forwarding state
Feb 22 12:29:45 Gargoyle kern.info kernel: [  150.450000] br-wan: port 1(wlan0-1) entered forwarding state
Feb 22 12:29:47 Gargoyle kern.info kernel: [  151.910000] br-lan: port 3(wlan0) entered forwarding state
Feb 22 12:29:47 Gargoyle kern.info kernel: [  151.910000] br-lan: port 3(wlan0) entered forwarding state
Feb 22 12:29:47 Gargoyle kern.info kernel: [  152.450000] br-wan: port 1(wlan0-1) entered forwarding state
Feb 22 12:29:49 Gargoyle kern.info kernel: [  153.910000] br-lan: port 3(wlan0) entered forwarding state
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: dns.msftncsi.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:52 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:53 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
Feb 22 12:30:01 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 IEEE 802.11: authenticated
Feb 22 12:30:01 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 IEEE 802.11: associated (aid 1)
Feb 22 12:30:01 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 WPA: pairwise key handshake completed (RSN)
Feb 22 12:30:05 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: www.google.com
Feb 22 12:30:06 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: dns.msftncsi.com
Feb 22 12:30:07 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: dns.msftncsi.com
Feb 22 12:30:14 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: monitor.networkmagic.com
Feb 22 12:30:14 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: downloads.networkmagic.com
Feb 22 12:30:15 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: whois.arin.net
Feb 22 12:30:18 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: d.dropbox.com
Feb 22 12:30:19 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: d.dropbox.com
Feb 22 12:30:19 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: monitor.networkmagic.com
Feb 22 12:30:19 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: downloads.networkmagic.com
Feb 22 12:30:46 Gargoyle daemon.info hostapd: wlan0: STA a4:17:31:5c:58:50 IEEE 802.11: authenticated
Feb 22 12:30:46 Gargoyle daemon.info hostapd: wlan0: STA a4:17:31:5c:58:50 IEEE 802.11: associated (aid 2)
Feb 22 12:30:46 Gargoyle daemon.info hostapd: wlan0: STA a4:17:31:5c:58:50 WPA: pairwise key handshake completed (RSN)
Feb 22 12:30:46 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPREQUEST(br-lan) 192.168.12.140 a4:17:31:5c:58:50
Feb 22 12:30:46 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPACK(br-lan) 192.168.12.140 a4:17:31:5c:58:50 hira-HP
Feb 22 12:30:52 Gargoyle daemon.info hostapd: wlan0: STA a4:17:31:5c:58:50 IEEE 802.11: authenticated
Feb 22 12:30:52 Gargoyle daemon.info hostapd: wlan0: STA a4:17:31:5c:58:50 IEEE 802.11: associated (aid 2)
Feb 22 12:30:52 Gargoyle daemon.info hostapd: wlan0: STA a4:17:31:5c:58:50 WPA: pairwise key handshake completed (RSN)
Feb 22 12:30:52 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPREQUEST(br-lan) 192.168.12.140 a4:17:31:5c:58:50
Feb 22 12:30:52 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPACK(br-lan) 192.168.12.140 a4:17:31:5c:58:50 hira-HP
Feb 22 12:31:02 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPINFORM(br-lan) 192.168.12.140 a4:17:31:5c:58:50
Feb 22 12:31:02 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPACK(br-lan) 192.168.12.140 a4:17:31:5c:58:50 hira-HP
Feb 22 12:31:24 Gargoyle daemon.info hostapd: wlan0: STA 3c:8b:fe:b7:10:23 IEEE 802.11: authenticated
Feb 22 12:31:24 Gargoyle daemon.info hostapd: wlan0: STA 3c:8b:fe:b7:10:23 IEEE 802.11: associated (aid 3)
Feb 22 12:31:24 Gargoyle daemon.info hostapd: wlan0: STA 3c:8b:fe:b7:10:23 WPA: pairwise key handshake completed (RSN)
Feb 22 12:31:24 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPREQUEST(br-lan) 192.168.12.132 3c:8b:fe:b7:10:23
Feb 22 12:31:24 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPACK(br-lan) 192.168.12.132 3c:8b:fe:b7:10:23
Feb 22 12:32:45 Gargoyle daemon.info hostapd: wlan0: STA a4:17:31:5c:58:50 IEEE 802.11: disassociated
Feb 22 12:37:07 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 WPA: group key handshake completed (RSN)
Feb 22 12:37:07 Gargoyle daemon.info hostapd: wlan0: STA 3c:8b:fe:b7:10:23 WPA: group key handshake completed (RSN)
Feb 22 12:39:21 Gargoyle daemon.info hostapd: wlan0: STA 6c:83:36:ca:cf:ae IEEE 802.11: authenticated
Feb 22 12:39:21 Gargoyle daemon.info hostapd: wlan0: STA 6c:83:36:ca:cf:ae IEEE 802.11: associated (aid 2)
Feb 22 12:39:21 Gargoyle daemon.info hostapd: wlan0: STA 6c:83:36:ca:cf:ae WPA: pairwise key handshake completed (RSN)
Feb 22 12:39:22 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPREQUEST(br-lan) 192.168.12.220 6c:83:36:ca:cf:ae
Feb 22 12:39:22 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPACK(br-lan) 192.168.12.220 6c:83:36:ca:cf:ae
Feb 22 12:42:58 Gargoyle daemon.info hostapd: wlan0: STA 3c:8b:fe:b7:10:23 IEEE 802.11: authenticated
Feb 22 12:42:58 Gargoyle daemon.info hostapd: wlan0: STA 3c:8b:fe:b7:10:23 IEEE 802.11: associated (aid 3)
Feb 22 12:42:58 Gargoyle daemon.info hostapd: wlan0: STA 3c:8b:fe:b7:10:23 WPA: pairwise key handshake completed (RSN)
Feb 22 12:42:58 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPREQUEST(br-lan) 192.168.12.132 3c:8b:fe:b7:10:23
Feb 22 12:42:58 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPACK(br-lan) 192.168.12.132 3c:8b:fe:b7:10:23
Feb 22 12:45:48 Gargoyle daemon.info hostapd: wlan0: STA 3c:8b:fe:b7:10:23 IEEE 802.11: disassociated
Feb 22 12:46:00 Gargoyle authpriv.info dropbear[8224]: Child connection from 192.168.12.209:4337
Feb 22 12:46:17 Gargoyle authpriv.warn dropbear[8224]: Bad password attempt for 'root' from 192.168.12.209:4337
Feb 22 12:46:22 Gargoyle authpriv.warn dropbear[8224]: Bad password attempt for 'root' from 192.168.12.209:4337
Feb 22 12:46:41 Gargoyle authpriv.warn dropbear[8224]: Bad password attempt for 'root' from 192.168.12.209:4337
Feb 22 12:46:46 Gargoyle authpriv.warn dropbear[8224]: Bad password attempt for 'root' from 192.168.12.209:4337
Feb 22 12:46:50 Gargoyle authpriv.info dropbear[8224]: Exit before auth (user 'root', 4 fails): Exited normally
Feb 22 12:47:07 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 WPA: group key handshake completed (RSN)
Feb 22 12:47:07 Gargoyle daemon.info hostapd: wlan0: STA 6c:83:36:ca:cf:ae WPA: group key handshake completed (RSN)
Feb 22 12:47:13 Gargoyle authpriv.info dropbear[8634]: Child connection from 192.168.12.209:4543
Feb 22 12:47:29 Gargoyle authpriv.warn dropbear[8634]: Bad password attempt for 'root' from 192.168.12.209:4543
Feb 22 12:47:33 Gargoyle authpriv.warn dropbear[8634]: Bad password attempt for 'root' from 192.168.12.209:4543
Feb 22 12:47:35 Gargoyle authpriv.warn dropbear[8634]: Bad password attempt for 'root' from 192.168.12.209:4543
Feb 22 12:47:37 Gargoyle authpriv.info dropbear[8634]: Exit before auth (user 'root', 3 fails): Exited normally
Feb 22 12:48:30 Gargoyle daemon.err miniupnpd[1781]: upnp_event_recv: recv(): Connection reset by peer
Feb 22 12:48:42 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPREQUEST(br-lan) 192.168.1.2 00:11:43:72:ac:3a
Feb 22 12:48:42 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPNAK(br-lan) 192.168.1.2 00:11:43:72:ac:3a wrong network
Feb 22 12:48:45 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPDISCOVER(br-lan) 00:11:43:72:ac:3a
Feb 22 12:48:45 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPOFFER(br-lan) 192.168.12.238 00:11:43:72:ac:3a
Feb 22 12:48:45 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPREQUEST(br-lan) 192.168.12.238 00:11:43:72:ac:3a
Feb 22 12:48:45 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPACK(br-lan) 192.168.12.238 00:11:43:72:ac:3a DrSaleem-PC
Feb 22 12:48:50 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPINFORM(br-lan) 192.168.12.238 00:11:43:72:ac:3a
Feb 22 12:48:50 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPACK(br-lan) 192.168.12.238 00:11:43:72:ac:3a DrSaleem-PC
Feb 22 12:49:01 Gargoyle authpriv.info dropbear[9368]: Child connection from 192.168.12.238:4918
Feb 22 12:49:13 Gargoyle authpriv.warn dropbear[9368]: Bad password attempt for 'root' from 192.168.12.238:4918
Feb 22 12:49:17 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 IEEE 802.11: disassociated
Feb 22 12:49:18 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Feb 22 12:49:23 Gargoyle authpriv.warn dropbear[9368]: Bad password attempt for 'root' from 192.168.12.238:4918
Feb 22 12:49:26 Gargoyle authpriv.warn dropbear[9368]: Bad password attempt for 'root' from 192.168.12.238:4918
Feb 22 12:50:52 Gargoyle daemon.info dnsmasq-dhcp[1668]: DHCPRELEASE(br-lan) 192.168.12.238 00:11:43:72:ac:3a
Feb 22 12:51:06 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 IEEE 802.11: authenticated
Feb 22 12:51:06 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 IEEE 802.11: associated (aid 1)
Feb 22 12:51:06 Gargoyle daemon.info hostapd: wlan0: STA 00:12:f0:27:5a:37 WPA: pairwise key handshake completed (RSN)
Feb 22 12:52:21 Gargoyle daemon.notice miniupnpd[1781]: upnp_event_send: send(): Connection timed out
Feb 22 12:52:21 Gargoyle daemon.notice miniupnpd[1781]: upnp_event_send: send(): Connection timed out
Feb 22 12:52:22 Gargoyle daemon.notice miniupnpd[1781]: upnp_event_send: send(): Connection timed out
Feb 22 12:52:22 Gargoyle daemon.notice miniupnpd[1781]: upnp_event_send: send(): Connection timed out
Feb 22 12:52:22 Gargoyle daemon.notice miniupnpd[1781]: upnp_event_send: send(): Connection timed out
Feb 22 12:52:22 Gargoyle daemon.notice miniupnpd[1781]: upnp_event_send: send(): Connection timed out
Feb 22 12:52:52 Gargoyle authpriv.info dropbear[12750]: Child connection from 192.168.12.240:5651
Feb 22 12:53:01 Gargoyle authpriv.warn dropbear[12750]: Bad password attempt for 'root' from 192.168.12.240:5651
Feb 22 12:53:06 Gargoyle authpriv.warn dropbear[12750]: Bad password attempt for 'root' from 192.168.12.240:5651
Feb 22 12:53:10 Gargoyle authpriv.notice dropbear[12750]: Password auth succeeded for 'root' from 192.168.12.240:5651
Feb 22 12:54:26 Gargoyle authpriv.info dropbear[9368]: Exit before auth (user 'root', 3 fails): Timeout before auth
Feb 22 12:55:26 Gargoyle daemon.info hostapd: wlan0: STA 6c:83:36:ca:cf:ae IEEE 802.11: disassociated
Feb 22 12:55:27 Gargoyle daemon.info hostapd: wlan0: STA 6c:83:36:ca:cf:ae IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
root@Gargoyle:~# hm5.os.eidos.com
-ash: hm5.os.eidos.com: not found
root@Gargoyle:~# Feb 22 12:29:54 Gargoyle daemon.warn dnsmasq[1668]: possible DNS-rebind attack detected: hm5.os.eidos.com
-ash: Feb: not found
root@Gargoyle:~#
Top
User avatar
DoesItMatter
Moderator
Posts: 1373
Joined: Thu May 21, 2009 3:56 pm

Re: Possible Attack

Post by DoesItMatter »

Is someone gaming at that time?

Eidos.com is a gaming website and they have some online games.

Might be some weird packets they are sending and
OpenWRT is interpreting them wrongly
:twisted: Soylent Green Is People! :twisted:
2x Asus RT-N16 = Asus 3.0.0.4.374.43 Merlin
2x Buffalo WZR-HP-G300NH V1 A0D0 = Gargoyle 1.9.x / LEDE 17.01.x
2x Engenius - ESR900 Stock 1.4.0 / OpenWRT Trunk 49400
Top
yousaf465
Posts: 49
Joined: Mon Nov 26, 2012 5:19 am

Re: Possible Attack

Post by yousaf465 »

might be.
Top
Post Reply

Return to “Network / Wireless Issues”