main_icn_My_Vodafone main_icn_Search main_icn_Chevron_right main_icn_Chevron_down main_icn_Close main_icn_Menu social-facebook social-google-plus social-linkedin social-twitter social-youtube main_icn_Community_or_Foundation main_icn_Location main_icn_Network_signal
Menu Toggle
Announcements
Keeping the UK connected is our main priority. Find out how we're doing thishere.
Close announcement

Broadband connection

weird log and random connections on my server

SOLVED
View solved solution
Highlighted
2: Seeker

Hello!

I have a static IP and forwarded my port 443/80 (that direct to nginx) and 25565 for Minecraft.

 

Yesterday a bunch of strangers started to connect to the Minecraft server so I had to shut down everything, and I started to look at how/why my IP leaked, and how to block those IP to pass through the router.

 

I checked the event log from the Vodaphone hub and saw a lot of errors & warning (almost every 20 seconds):
firewall warnings:

DROP wan in: IN=pppoe-wan OUT= MAC= src=random-ip DST=my-ip LEN=40 TOS=0x00 PREC=0x00 TTL=70 ID=8848 DF PROTO=TCP SPT=21115 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x8000000

where the random-ip changes over time (but I can have 4 or more messages with the same source ip)
all of those warnings are followed by  system errors like this one:

[lua] sessionmgr.lua:250: redirectIfNotAuthorized(): Unauthorized request

and sometimes but less often (every two minutes) this system error:

Failed to send DHCPV6 message to ff02::1:2 (Permission denied)


can someone help me understand those logs? (and optionally if there is a way to filter IPs that can connect to my network from the outside)

View more options
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
16: Advanced member

Hi Mael, one of the problems with using a static IP is that once it's discovered the kind of people who share and try to hack these things will pass that info around.  It's one of the reasons that having a dynamic IP can actually be useful!

The best way to protect your server is not to allow anonymous logins, and make sure that those who you want to connect have strong passwords!  I'd also suggest that you perform at least some external tests on your network's defences - be cautious, many anon sites offering these servers are the hackers who want to gain access!  So - on to a few specifics!

Your router is dropping connections that are not directed at a server, and are not connected to any outgoing activity on your part - it's doing exactly what it's supposed to do!

View solution in original position

View more options
2 REPLIES 2
Highlighted
Moderator

Hey @mael, thanks for reaching out. We want to check that the Static IP is active on your account. 

Please contact us via Facebook at Vodafone UK, or get in touch on Twitter using the handle @VodafoneUK. Make sure to pop your username and link to this thread in your message too, this will save you having to explain again and we can help you quicker. 

View more options
Highlighted
16: Advanced member

Hi Mael, one of the problems with using a static IP is that once it's discovered the kind of people who share and try to hack these things will pass that info around.  It's one of the reasons that having a dynamic IP can actually be useful!

The best way to protect your server is not to allow anonymous logins, and make sure that those who you want to connect have strong passwords!  I'd also suggest that you perform at least some external tests on your network's defences - be cautious, many anon sites offering these servers are the hackers who want to gain access!  So - on to a few specifics!

Your router is dropping connections that are not directed at a server, and are not connected to any outgoing activity on your part - it's doing exactly what it's supposed to do!

View solution in original position

View more options