Highlighted
Level 2: Rookie

Modem log- hacked? Comprimised?

Answered

Hi all.

 

Im in need of an expert to briefly look over my gen 2 max modems log file, im worried its been hacked.

Ive had multiple security intrusions on different devices all attached to this wifi network. Google accounts have been accessed, passwords changed. It could just be malware on one of the devices, but i checked the logs out of curiousity, and saw some things that are concerning. Not that im experienced enough in IT to know much of what im looking at.

 

An example of the code- USER root pid 20691 cmd /usr/bin/thermalProtection /sys/devices/i2c-0/0-0048/hwmon/hwmon0/temp1_input /sys/devices/i2c-0/0-004f/hwmon/hwmon1/temp1_input
Mon Jul 27 00:30:00 2020 cron.info crond[2404]: USER root pid 20692 cmd /sbin/trafficmon.lua.

 

Im sure that snippet is fine, but pls take a look at the rest of it for me. Ive been the target of a sustained hacking campaign from one particular individual, who works in IT. It started over jealousy, he wanted to read my messages. 

 

The whole reason i have a gen 2 modem is because he hacked my old technicolour modem (i believe). I did a simple reset via the button on the back, as id done countless times, and the modem bricked. I had no net for 3 days!

 

and this?

 

 

user.info wifi-doctor-agent[15254]: [cloud] sending stream of 31350 bytes to CS (https://coll-telstraprod.telstra.wifi-doctor.org/) (CP2001RA0QH||Technicolor DJA0231||D4351D) (868)
Mon Jul 27 14:55:59 2020 daemon.info odhcpd[3569]: Using a RA lifetime of 1800 seconds on br-lan

why is the modem sending data to some server called wifi doctor?

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Level 20: Director
Level 20: Director
Accepted Solution

Re: Modem log- hacked? Comprimised?

Hi - if your modem updated recently it may be at current firmware level 18.1.c 514-950 RB.

 

This software level expanded the use of the inherent encryption method used by devices for their data transmission to now also use it for the signaling between the wireless device and the modem to further prevent unauthorised eavesdropping - its called Protected Management Frames (Advanced/Wi-Fi) and is Enabled by Default on this modem.

 

Modern 5Ghz 802.11ac devices are designed to accommodate this and in general , 2.4Ghz 802.11 b/g/n devices as well, but some 2.4Ghz devices have had issues due to their processors not being able to handle the extended task resulting in failure to connect. There were indications in the Log file that a device is trying to connect by being rejected , not unusual for older Chromecast units, and the same appeared to occur with an Access Point. 

 

Sometimes the no connection can be fixed in the DJA0231 by - if your modem is at a previous firmware version, PMF is not applicable to it.

 

1. 'Disable' Band Steering on 2.4 Ghz and SAVE - separate SSIDs will be broadcast for the 2.4 Ghz and 5 Ghz bands. This should also also allow the 2.4 Ghz band to be more present. The DJA0231 Gen 2 has a very good 2.4 Ghz coverage area. Restart Chromecast and try fresh re-linking to modem. If no improvement - 

2. Disable PMF and SAVE to see if connection works. 

3. If that doesn't improve matters, change Encryption from WPA2 only to WPA/WPA2-PSK to cover both encryption methods. 

 

It's a good idea to re-use your surplus TP-Link as an Access Point if it supports both Wi-Fi bands and it should work OK. Your wireless device should undertake the changeover from one coverage area to the other as it will seek the strongest signal available on offer. Once it has been programmed for both networks it should auto swap when required.

 

Brief minimum checklist with some personal preferences - 

 

1. Optional - making your SSIDs and passwords for both bands on both modems the same. You can have different SSIDs - my devices will also swap out to different SSIDs when roaming in home. 

2. Ensuring there is no IP Address conflict between the modems.

(a) Technicolor - 192.168.0.1, change IP Range to Start 192.168.0.10 to 192.168.254, SAVE and Restart modem

(b) TP Link - you turned OFF DHCP, changed its IP Address to e.g 192.168.0.2 and altered its IP range to the same as the new Technicolor range.  This allows you to allocate up to another 7 additional future devices that won't be used by other auto DHCP assigned addressing. Restart TP Link.

(c) Connect TP Link LAN to Technicolor LAN.  

 

The best reference manuals on the Telstra Gen 2 modems are written by @cf4 - additional configuration suggestions are included if other connection issues arise. Section 34 - Access Point

Document Ver 1.6 dated 06/08/2020  - DJA0231 - https://drive.google.com/file/d/1lDGZ83oZ19Y98rHINe2I7QFqWyaQO9WL/view

 

The Telstra Wi-Fi Boosters are also very good, but if you have something that is capable of working well, suggest you try tweaking it first. Hope this helps. 

 

View solution in original post

Was this helpful?

  • Yes it was, thank you
  • No, I still need help
9 REPLIES 9
Highlighted
Level 2: Rookie

Re: Modem log- hacked? Comprimised?

https://www.4shared.com/folder/6OQehYCY/_online.html

 

The link to the text file. I had to host it because the log is so large, the web forum couldnt handle it.

 

Its only 2 days of logs too!

Highlighted
Level 20: Director
Level 20: Director

Re: Modem log- hacked? Comprimised?

Hi - The Wi-Fi Doctor is safe - it is a Telstra Software Agent that monitoring your Wi-Fi network integrity from a Telstra Server. The modem will report to the Telstra server which is hosted by Amazon and if there are any potential Wi-Fi health issues, the Artificial Intelligence Program will adjust parameters in the modem. Other associated entries will show connection to a Thor address. The modem will also initiate 'call home' to the Telstra Controller Server to ask if there is an firmware update available and if so, Telstra will automatically download it to the modem via lines that show TR069 entries. The modem continuously communicates with the Telstra Network controller e.g. every 10 minutes it does a VoIP registration check and refresh and these type of checks add to the many other checks it does which explains why there are so many entries in the log file. 

 

I am no security expert but will have a look at your file later on. Have you changed the Default Log-In User and Password from admin/Telstra to a new personalised ones and also changed the Wi-Fi SSID Broadcast Name/s and Password to a customised entries so that no one other than you is aware of them. You will need to alter the Wi-Fi new registration details in all your mobile devices. 

Highlighted
Level 20: Director
Level 20: Director

Re: Modem log- hacked? Comprimised?

Your link connects to a page which features inappropriate adult images and - when I selected your file for download, pop up advertisements of scantily dressed women who wish to communicate  with interested parties came up on the screen, raising a question as to why you have used this site for hosting your modem log text file. I terminated the connection and hope that my PC has not been compromised.   

Highlighted
Level 2: Rookie

Re: Modem log- hacked? Comprimised?


@Mkrtich wrote:

Your link connects to a page which features inappropriate adult images and - when I selected your file for download, pop up advertisements of scantily dressed women who wish to communicate  with interested parties came up on the screen, raising a question as to why you have used this site for hosting your modem log text file. I terminated the connection and hope that my PC has not been compromised.   


No it doesnt. I just checked it.

 

I had to host the file as the 2 days of logs would not post into the box in this forum. The website/browser kept freezing.

Highlighted
Level 2: Rookie

Re: Modem log- hacked? Comprimised?

notice the first two lines. Bulk data transfer? Whats that? And user root , does that meam someone is logged onto the router?

 

 

Mon Jul 27 20:54:00 2020 cron.info crond[2404]: USER root pid 7283 cmd /sbin/trafficmon.lua
Mon Jul 27 20:54:00 2020 cron.info crond[2404]: USER root pid 7284 cmd /usr/bin/bulkdata transfer profile_1
Mon Jul 27 20:54:02 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:54:03 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan_ok)
Mon Jul 27 20:54:03 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan6_ok)
Mon Jul 27 20:54:12 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:54:17 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:54:18 2020 daemon.info dnsmasq-dhcp[9662]: DHCPREQUEST(br-lan) 192.168.0.238 3c:8d:20:27:70:0d
Mon Jul 27 20:54:18 2020 daemon.info dnsmasq-dhcp[9662]: DHCPACK(br-lan) 192.168.0.238 3c:8d:20:27:70:0d Chromecast
Mon Jul 27 20:54:27 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:54:32 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:54:33 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan_ok)
Mon Jul 27 20:54:33 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan6_ok)
Mon Jul 27 20:54:42 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:54:52 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:54:57 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:54:58 2020 daemon.info odhcpd[3569]: Using a RA lifetime of 1800 seconds on wl1_1
Mon Jul 27 20:55:00 2020 cron.info crond[2404]: USER root pid 7322 cmd /usr/bin/thermalProtection /sys/devices/i2c-0/0-0048/hwmon/hwmon0/temp1_input /sys/devices/i2c-0/0-004f/hwmon/hwmon1/temp1_input
Mon Jul 27 20:55:02 2020 daemon.err tls-thor-Core[14130]: TID[0xb5c7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:03 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan_ok)
Mon Jul 27 20:55:03 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan6_ok)
Mon Jul 27 20:55:07 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:08 2020 daemon.info odhcpd[3569]: Using a RA lifetime of 1800 seconds on br-lan
Mon Jul 27 20:55:09 2020 daemon.notice odhcpd[3569]: Got DHCPv6 request
Mon Jul 27 20:55:12 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:17 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:22 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:27 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:32 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:33 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan_ok)
Mon Jul 27 20:55:33 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan6_ok)
Mon Jul 27 20:55:37 2020 daemon.err tls-thor-Core[14130]: TID[0xb5c7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:38 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:38 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:38 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:38 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:38 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:38 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:38 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:39 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:40 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:40 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:40 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:40 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:40 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:40 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:40 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:40 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:40 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:41 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:41 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring
Mon Jul 27 20:55:42 2020 daemon.err tls-thor-Core[14130]: TID[0xb5c7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:43 2020 kern.warn kernel: [1152781.779000] [MMCONN] :E: mmConnDspControl:844 - Connection c1ae6000 not cross-connected
Mon Jul 27 20:55:43 2020 kern.warn kernel: [1152781.779000] [MMCONN] :E: mmConnDspControl:844 - Connection c1ae6000 not cross-connected
Mon Jul 27 20:55:43 2020 kern.warn kernel: [1152781.779000] [MMCONN] :E: mmConnDspControl:844 - Connection c1ae6000 not cross-connected
Mon Jul 27 20:55:43 2020 kern.warn kernel: [1152781.779000] 
Mon Jul 27 20:55:43 2020 kern.crit kernel: [1152839.374000] protocol 86dd is buggy, dev br-lan
Mon Jul 27 20:55:47 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:52 2020 daemon.err tls-thor-Core[14130]: TID[0xb5c7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:57 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:55:58 2020 user.info wifi-doctor-agent[15254]: [cloud] sending stream of 28755 bytes to CS (https://coll-telstraprod.telstra.wifi-doctor.org/) (CP2001RA0QH||Technicolor DJA0231||D4351D) (891)
Mon Jul 27 20:56:00 2020 cron.info crond[2404]: USER root pid 7368 cmd /sbin/trafficmon.lua
Mon Jul 27 20:56:02 2020 daemon.err tls-thor-Core[14130]: TID[0xb5c7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:56:03 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan_ok)
Mon Jul 27 20:56:03 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan6_ok)
Mon Jul 27 20:56:12 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:56:18 2020 kern.crit kernel: [1152873.892000] protocol 86dd is buggy, dev br-lan
Mon Jul 27 20:56:20 2020 kern.crit kernel: [1152875.903000] protocol 86dd is buggy, dev br-lan
Mon Jul 27 20:56:22 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:56:32 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:56:33 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan_ok)
Mon Jul 27 20:56:33 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan6_ok)
Mon Jul 27 20:56:47 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:56:52 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:56:57 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:56:57 2020 daemon.info odhcpd[3569]: Using a RA lifetime of 1800 seconds on wl0_1
Mon Jul 27 20:57:00 2020 kern.crit kernel: [1152916.682000] protocol 86dd is buggy, dev br-lan
Mon Jul 27 20:57:00 2020 kern.crit kernel: [1152916.682000] protocol 86dd is buggy, dev br-lan
Mon Jul 27 20:57:00 2020 kern.crit kernel: [1152916.687000] protocol 86dd is buggy, dev br-lan
Mon Jul 27 20:57:00 2020 kern.crit kernel: [1152916.687000] protocol 86dd is buggy, dev br-lan
Mon Jul 27 20:57:01 2020 daemon.notice hostapd: Added new STA to monitor [fe:27:88:49:ca:37]
Mon Jul 27 20:57:01 2020 user.info wifi-doctor-agent[15254]: [main] station update (radio_id=3843198077,iface_id=1676310024,mac=fe:27:88:49:ca:37)
Mon Jul 27 20:57:02 2020 daemon.info dnsmasq-dhcp[9662]: DHCPDISCOVER(br-lan) fe:27:88:49:ca:37
Mon Jul 27 20:57:02 2020 daemon.info dnsmasq-dhcp[9662]: DHCPOFFER(br-lan) 192.168.0.143 fe:27:88:49:ca:37
Mon Jul 27 20:57:02 2020 daemon.info dnsmasq-dhcp[9662]: DHCPREQUEST(br-lan) 192.168.0.143 fe:27:88:49:ca:37
Mon Jul 27 20:57:02 2020 daemon.info dnsmasq-dhcp[9662]: DHCPACK(br-lan) 192.168.0.143 fe:27:88:49:ca:37 Galaxy-S9
Mon Jul 27 20:57:03 2020 daemon.info odhcpd[3569]: Using a RA lifetime of 1800 seconds on br-lan
Mon Jul 27 20:57:03 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan_ok)
Mon Jul 27 20:57:04 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan6_ok)
Mon Jul 27 20:57:07 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:57:12 2020 kern.warn kernel: [1152928.443000] br-lan: received packet on wl0 with own address as source address
Mon Jul 27 20:57:12 2020 daemon.notice hostapd: Added new STA to monitor [fe:27:88:49:ca:37]
Mon Jul 27 20:57:12 2020 daemon.notice hostapd: Deleting STA from monitor [fe:27:88:49:ca:37]
Mon Jul 27 20:57:12 2020 user.info wifi-doctor-agent[15254]: [main] station update (radio_id=1562448606,iface_id=401380710,mac=fe:27:88:49:ca:37)
Mon Jul 27 20:57:12 2020 daemon.info hostmanager: Ignoring wireless station disconnected event received from different access point
Mon Jul 27 20:57:12 2020 user.info wifi-doctor-agent[15254]: [main] station remove (radio_id=3843198077,iface_id=1676310024,mac=fe:27:88:49:ca:37)
Mon Jul 27 20:57:17 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:57:22 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:57:27 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:57:32 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:57:34 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan_ok)
Mon Jul 27 20:57:34 2020 daemon.notice wansensing: (L3DHCP) runs L3DHCPMain.check(VDSL,supervision_wan6_ok)
Mon Jul 27 20:57:36 2020 user.debug mmpbxd[8118]: [MMRVSIPIMPL::NETWORKOBJ]:C: onStackLogEvent:2051 - TRANSACTION - RvSipTransactionSetLocalAddress - Transaction 0x0xb414bf88, Failed to sel local address to transmitter 0x0xb412efa8 (rv=-3)
Mon Jul 27 20:57:36 2020 user.info mmpbxd[8118]: SIP Registration: SIP: +61243826623 : Register Success
Mon Jul 27 20:57:37 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:57:42 2020 daemon.err tls-thor-Core[14130]: TID[0xb5c7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:57:52 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:57:54 2020 daemon.err tls-thor-UdpSender[14074]: TID[0xb5eff450] Udp_RpcService.cpp (112): Unable to send DTLS message due to: error:00000000:lib(0):func(0):reason(0)
Mon Jul 27 20:57:57 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794
Mon Jul 27 20:58:00 2020 cron.info crond[2404]: USER root pid 7468 cmd /sbin/trafficmon.lua
Mon Jul 27 20:58:02 2020 daemon.err tls-thor-Core[14130]: TID[0xb5cff450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not 

Highlighted
Level 25: The Singularity
Level 25: The Singularity

Re: Modem log- hacked? Comprimised?

Your 4shared link does come up with lots of links to porn/dating sites, and the file won't download.

Never be afraid to back yourself when trying new things, just always make sure you have 3 escape routes if things go wrong.
Highlighted
Level 20: Director
Level 20: Director

Re: Modem log- hacked? Comprimised?

Jason132 - you have a Technicolor DJA0231 then. I have not seen some of the entries your modem displays, but that does not mean much as there are thousands of entries in logs. You may get meaningful clarification from Telstra Platinum support on the points I have listed for you. 

 

Firstly, so that you are aware, looking at my Browser History records after the event, when I selected your link, I had two Redirect Entries that connected my PC in background to  'rotumal.com' which according to Malwarebytes is a Trojan Dropper - it adds Adware entries without permission and the other two entries were to 'lpsearchmulty.com' which is a false search engine downloadable on invitation as an extension to your browser. I was presented with an invitation to download the extension after I selected your .txt file icon within the 4shared.com desktop. I did not take up the invite but then, annoyingly, two pop up pictures of women undressed came up on my screen inviting me to select their picture. Both these sites and the browser extension are classified by as Malware by Malwarebytes and they have the ability to remove them. Perhaps they may have caused issues with your PC in the past.    

 

In regards to you log file entries - once again I have no formal background in reading them and why I suggest you contact Platinum support for clarity. 

 

1. Mon Jul 27 20:54:00 2020 cron.info crond[2404]: USER root pid 7283 cmd /sbin/trafficmon.lua
Mon Jul 27 20:54:00 2020 cron.info crond[2404]: USER root pid 7284 cmd /usr/bin/bulkdata transfer profile_1

 

Don't know - I think these are scripts that are designed to run tasks - bulk data may refer to a network USB, DLNA Server or NAS storage device  - do you have these connected to the modem?

 

2. Frequent line entries showing  - Mon Jul 27 20:54:02 2020 daemon.err tls-thor-Core[14130]: TID[0xb5e7f450] Device_DeviceController.cpp (802): ConnectionWifi event received for base object that is not a WiFiConnection. platformConnectionId: -359347794

 

Looks like an Error - Do you have a USB Storage Device connected to the modem which is having trouble connecting LAN devices or Wi-Fi devices or a Chromecast device that is having trouble connecting to the modem's LAN or Wi-Fi? 

 

3. Mon Jul 27 20:55:38 2020 daemon.warn miniupnpd[14211]: SSDP packet sender 192.168.1.1:1900 not from a LAN, ignoring

 

If you look up 'miniupnpd' on the web it may give you a hint in case you use the services that operate with it - looks like it didn't activate which may be related to 2 above?  

 

4.  A few entries - Mon Jul 27 20:56:18 2020 kern.crit kernel: [1152873.892000] protocol 86dd is buggy, dev br-lan

 

Suggest you Factory Reset the modem from within the Modem Tile will clean out your settings and, if applicable, it may upgrade the modem to the current level - 18.1.c 514-950 RB. 

 

5. Mon Jul 27 20:57:12 2020 kern.warn kernel: [1152928.443000] br-lan: received packet on wl0 with own address as source address
Mon Jul 27 20:57:12 2020 daemon.notice hostapd: Added new STA to monitor [fe:27:88:49:ca:37]
Mon Jul 27 20:57:12 2020 daemon.notice hostapd: Deleting STA from monitor [fe:27:88:49:ca:37]
Mon Jul 27 20:57:12 2020 user.info wifi-doctor-agent[15254]: [main] station update (radio_id=1562448606,iface_id=401380710,mac=fe:27:88:49:ca:37)
Mon Jul 27 20:57:12 2020 daemon.info hostmanager: Ignoring wireless station disconnected event received from different access point

 

Do you have two modems in your home network - a Gen 1.1 or another Gen 2 or a Wi-Fi Booster?

 

 

Highlighted
Level 2: Rookie

Re: Modem log- hacked? Comprimised?

Hi Mate, i appreciate you taking time to have a quick look at those logs for me.

 

answers to your questions:

1- No there's none of those devices but the services are probably all enabled in the modem.

2-Funny you mention it, i've got a chromecast device that's just stopped working, i can't even get it to display anything on the tv. It powers on, then freezes and seems to shutdown/reset and repeat. 

What tipped you off about the chromecast ?

3.Resetted the modem two days prior to the start of the logs. 

4. Yes, ive got a two story house with the Technicolour upstairs in a small study. To provide adequate signal to the entire house I've employed an old TP-LINK adsl wireless router, connected them via ethernet and simply disabled DHCP server in the tp-link settings. So theres essentially a wifi access point i join for downstairs and another 2 (2.4/5ghz without band steering) upstairs. I know there's probably better ways to do it, so that the devices seamlessly switch between access points when they move throughout the house. 

 

It doesnt bother me too much but currently i find that i mostly need the downstairs network as thats where my bedroom is, however the front entry into the house is on the upstairs level, so when arriving home the first signal picked up is the upstairs technicolour, and the device joins. The signal then weakens to one bar in my room, and doesnt automatically switch. I have to cycle my phones wifi on/off after which it joins the much stronger downstairs access point. The upstairs gen 2 technicolour controls the devices in terms of issuing ip.addresses etc. 

 

Maybe it'b be worth investing in one of those telstra "wifi boosters?"

Highlighted
Level 20: Director
Level 20: Director
Accepted Solution

Re: Modem log- hacked? Comprimised?

Hi - if your modem updated recently it may be at current firmware level 18.1.c 514-950 RB.

 

This software level expanded the use of the inherent encryption method used by devices for their data transmission to now also use it for the signaling between the wireless device and the modem to further prevent unauthorised eavesdropping - its called Protected Management Frames (Advanced/Wi-Fi) and is Enabled by Default on this modem.

 

Modern 5Ghz 802.11ac devices are designed to accommodate this and in general , 2.4Ghz 802.11 b/g/n devices as well, but some 2.4Ghz devices have had issues due to their processors not being able to handle the extended task resulting in failure to connect. There were indications in the Log file that a device is trying to connect by being rejected , not unusual for older Chromecast units, and the same appeared to occur with an Access Point. 

 

Sometimes the no connection can be fixed in the DJA0231 by - if your modem is at a previous firmware version, PMF is not applicable to it.

 

1. 'Disable' Band Steering on 2.4 Ghz and SAVE - separate SSIDs will be broadcast for the 2.4 Ghz and 5 Ghz bands. This should also also allow the 2.4 Ghz band to be more present. The DJA0231 Gen 2 has a very good 2.4 Ghz coverage area. Restart Chromecast and try fresh re-linking to modem. If no improvement - 

2. Disable PMF and SAVE to see if connection works. 

3. If that doesn't improve matters, change Encryption from WPA2 only to WPA/WPA2-PSK to cover both encryption methods. 

 

It's a good idea to re-use your surplus TP-Link as an Access Point if it supports both Wi-Fi bands and it should work OK. Your wireless device should undertake the changeover from one coverage area to the other as it will seek the strongest signal available on offer. Once it has been programmed for both networks it should auto swap when required.

 

Brief minimum checklist with some personal preferences - 

 

1. Optional - making your SSIDs and passwords for both bands on both modems the same. You can have different SSIDs - my devices will also swap out to different SSIDs when roaming in home. 

2. Ensuring there is no IP Address conflict between the modems.

(a) Technicolor - 192.168.0.1, change IP Range to Start 192.168.0.10 to 192.168.254, SAVE and Restart modem

(b) TP Link - you turned OFF DHCP, changed its IP Address to e.g 192.168.0.2 and altered its IP range to the same as the new Technicolor range.  This allows you to allocate up to another 7 additional future devices that won't be used by other auto DHCP assigned addressing. Restart TP Link.

(c) Connect TP Link LAN to Technicolor LAN.  

 

The best reference manuals on the Telstra Gen 2 modems are written by @cf4 - additional configuration suggestions are included if other connection issues arise. Section 34 - Access Point

Document Ver 1.6 dated 06/08/2020  - DJA0231 - https://drive.google.com/file/d/1lDGZ83oZ19Y98rHINe2I7QFqWyaQO9WL/view

 

The Telstra Wi-Fi Boosters are also very good, but if you have something that is capable of working well, suggest you try tweaking it first. Hope this helps. 

 

View solution in original post

Telstra Smart Modem

Plug in and connect in minutes. Smart.

Find out more