cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

weird log and random connections on my server

mael
2: Seeker
2: Seeker

Hello!

I have a static IP and forwarded my port 443/80 (that direct to nginx) and 25565 for Minecraft.

 

Yesterday a bunch of strangers started to connect to the Minecraft server so I had to shut down everything, and I started to look at how/why my IP leaked, and how to block those IP to pass through the router.

 

I checked the event log from the Vodaphone hub and saw a lot of errors & warning (almost every 20 seconds):
firewall warnings:

DROP wan in: IN=pppoe-wan OUT= MAC= src=random-ip DST=my-ip LEN=40 TOS=0x00 PREC=0x00 TTL=70 ID=8848 DF PROTO=TCP SPT=21115 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x8000000

where the random-ip changes over time (but I can have 4 or more messages with the same source ip)
all of those warnings are followed by  system errors like this one:

[lua] sessionmgr.lua:250: redirectIfNotAuthorized(): Unauthorized request

and sometimes but less often (every two minutes) this system error:

Failed to send DHCPV6 message to ff02::1:2 (Permission denied)


can someone help me understand those logs? (and optionally if there is a way to filter IPs that can connect to my network from the outside)

1 ACCEPTED SOLUTION

Anonymous
Not applicable

Hi Mael, one of the problems with using a static IP is that once it's discovered the kind of people who share and try to hack these things will pass that info around.  It's one of the reasons that having a dynamic IP can actually be useful!

The best way to protect your server is not to allow anonymous logins, and make sure that those who you want to connect have strong passwords!  I'd also suggest that you perform at least some external tests on your network's defences - be cautious, many anon sites offering these servers are the hackers who want to gain access!  So - on to a few specifics!

Your router is dropping connections that are not directed at a server, and are not connected to any outgoing activity on your part - it's doing exactly what it's supposed to do!

View solution in original position

2 REPLIES 2

Dabbs
Moderator (Retired)
Moderator (Retired)

Hey @mael, thanks for reaching out. We want to check that the Static IP is active on your account. 

Please contact us via Facebook at Vodafone UK, or get in touch on Twitter using the handle @VodafoneUK. Make sure to pop your username and link to this thread in your message too, this will save you having to explain again and we can help you quicker. 

Anonymous
Not applicable

Hi Mael, one of the problems with using a static IP is that once it's discovered the kind of people who share and try to hack these things will pass that info around.  It's one of the reasons that having a dynamic IP can actually be useful!

The best way to protect your server is not to allow anonymous logins, and make sure that those who you want to connect have strong passwords!  I'd also suggest that you perform at least some external tests on your network's defences - be cautious, many anon sites offering these servers are the hackers who want to gain access!  So - on to a few specifics!

Your router is dropping connections that are not directed at a server, and are not connected to any outgoing activity on your part - it's doing exactly what it's supposed to do!