|This is the last time your account was accessed.|
10-16-2012 01:37 PM
Initially I found sometimes my connection is slow / no-response.
When I check the security log from router, I found this:
Oct 15 21:31:35 2012
WBM user Unknown (0.0.0.0) has changed security settings[repeated 19 times, last time on Oct 15 21:34:11 2012]
Oct 15 21:30:48 2012
WBM user admin (192.168.1.8) has changed security settings
192.168.1.8 is me, however who is 0,0,0,0?
Actually I found many ports forwarding to my roommate's computer by 'pplive' (online streaming software?)
My roommate said he didn't change anything at router. And he likes watching video with 'pplive'.
So my question is: how can I remove that unknown user and get control of the router?
btw, is here the right sub-forum to looking for answers like my question? thanks~
11-24-2012 11:06 AM
From what I can gather, it looks like a backdoor for verizon. I recently reset my FIOS router and updated my security
settings. Even with remote admin disabled, the security logs shows.
Inbound Traffic: Accepted Traffic - Remote administration: TCP 184.108.40.206:53691->d.d.d.d:4567 on clink1
Inbound Traffic: Accepted Traffic - Remote administration: TCP 220.127.116.11:53693->d.d.d.d:4567 on clink1
Firewall Setup: Configuration change: WBM user Unknown (0.0.0.0) has changed security settings
According to whois, the contact email for the addr is email@example.com. I have since block port 4567. Does anyone know why verizon needs to sneak into the router? Thanks in advance, Mike
11-24-2012 11:21 AM
Yes, 18.104.22.168 is a Verizon network.
TCP port 4567 is Vz's backdoor to their Router.
I setup a Firewall rule a while ago that drops all inbound TCP 4567 requests. I got in the rule early enough. Later versions of ActionTech Router firmware have been found toi deny the ability to create a Firewall rule that drops all inbound TCP 4567 requests.