What you are likely seeing is folks getting direct access to the rig vs. getting to the rig via the.Hiveos.farm account.
They get access to the rig, swap a flight sheet file and point it somewhere.
You can track the.hiveos.farm activity in the activity tab, and as you saw, via the access lists. Hence, not likely the path.
Oky so i logged in the router and noticed some events…
| 1 | 2022 Aug 20 19:53:48 | Sec Account | warn | User admin login from 192.168.1.42 successful |
|---|---|---|---|---|
| 2 | 2022 Aug 20 10:51:54 | Sec Account | warn | User session timeout |
| 3 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | L2TP VPN receives ppp4.1 WAN Connection UP |
| 4 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | ============== |
| 5 | 2022 Aug 20 10:41:20 | Sec L2TP | info | L2TP VPN FSM Result: opt:0,conf:0,start:0,stop:0,purge:0 |
| 6 | 2022 Aug 20 10:41:20 | Sec L2TP | info | L2TP VPN FSM: En:0(chg:0),IpsecChg:1,PoolChg:0(en:0),dnsWa:0,dns1:0,dns2:0,win1:0,win2:0,group:0 |
| 7 | 2022 Aug 20 10:41:20 | Sec L2TP | info | WanUd: UP WAN ETHWAN (ppp4.1) is Multiwan ACTIVE mode (shown in Multiwan GUI) |
| 8 | 2022 Aug 20 10:41:20 | Sec L2TP | info | WanUd: MultiWan Config #3: if=ETHWAN(ppp4.1), grp=Default, IP=, En=1, Passive=0 |
| 9 | 2022 Aug 20 10:41:20 | Sec L2TP | info | WanUd: MultiWan Config #2: if=ADSL(ppp2), grp=Default, IP=, En=1, Passive=0 |
| 10 | 2022 Aug 20 10:41:20 | Sec L2TP | info | WanUd: MultiWan Config #1: if=VDSL(ppp3.1), grp=Default, IP=, En=1, Passive=0 |
| 11 | 2022 Aug 20 10:41:20 | Sec L2TP | info | ppp4.1 WAN Config: applied as default gateway, Dynamic IP Address |
| 12 | 2022 Aug 20 10:41:20 | Sec L2TP | info | ppp4.1 WAN: IP: 197.87.181.219, GW: 197.87.234.1, DNS: 197.80.80.80,197.84.84.84 |
| 13 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | ppp4.1 WAN is up |
| 14 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | L2TP VPN receives ppp4.1 WAN UPDATE (IP=197.87.181.219). |
| 15 | 2022 Aug 20 10:41:20 | Sec L2TP | notice | ============== |
What does this mean?
Good place to start is understanding where L2TP is in use, by whom, and why:
Thanks for the link.
Some routers have issues. Make sure you are running a recent firmware or try one of the open projects.
Are you running something like UPnP? Might be convenient but the source of a thousand headaches. Disable it on all your devices. Also, check you don’t have any exposed ports. There are several scanners around. Hell, there are even sites that will list open ports (https://www.shodan.io/)
This topic was automatically closed 185 days after the last reply. New replies are no longer allowed.
