- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Initially I found sometimes my connection is slow / no-response.
When I check the security log from router, I found this:
Time | Event | Event-Type | Details |
Oct 15 21:31:35 2012 | Firewall Setup | Configuration change | WBM user Unknown (0.0.0.0) has changed security settings[repeated 19 times, last time on Oct 15 21:34:11 2012] |
Oct 15 21:30:48 2012 | Firewall Setup | Configuration change | WBM user admin (192.168.1.8) has changed security settings |
192.168.1.8 is me, however who is 0,0,0,0?
Actually I found many ports forwarding to my roommate's computer by 'pplive' (online streaming software?)
My roommate said he didn't change anything at router. And he likes watching video with 'pplive'.
So my question is: how can I remove that unknown user and get control of the router?
btw, is here the right sub-forum to looking for answers like my question? thanks~
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When a host requests an IP address it does so via 0.0.0.0 and thus this is related to obtaining an address via DHCP
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try disabling UPnP on the router to see if that helps reduce those messages, and if it also helps with performance.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From what I can gather, it looks like a backdoor for verizon. I recently reset my FIOS router and updated my security
settings. Even with remote admin disabled, the security logs shows.
Inbound Traffic: Accepted Traffic - Remote administration: TCP 206.46.209.250:53691->d.d.d.d:4567 on clink1
Inbound Traffic: Accepted Traffic - Remote administration: TCP 206.46.209.250:53693->d.d.d.d:4567 on clink1
Firewall Setup: Configuration change: WBM user Unknown (0.0.0.0) has changed security settings
According to whois, the contact email for the addr is inengineering@core.verizon.com. I have since block port 4567. Does anyone know why verizon needs to sneak into the router? Thanks in advance, Mike
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, 206.46.209.250 is a Verizon network.
TCP port 4567 is Vz's backdoor to their Router.
I setup a Firewall rule a while ago that drops all inbound TCP 4567 requests. I got in the rule early enough. Later versions of ActionTech Router firmware have been found toi deny the ability to create a Firewall rule that drops all inbound TCP 4567 requests.