Internet drops.When I check the log file on the router I get this:

JabbaTheHut

This is a sample of the logfile from the modem.

Oct 29 19:56:22 daemon alert kernel: Intrusion -> IN=ppp0.2 OUT= MAC= SRC=212.225.151.96 DST=109.79.159.89 LEN=48 TOS=0x02 PREC=0x00 TTL=116 ID=52769 DF PROTO=TCP SPT=2726 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
Oct 29 20:03:16 daemon alert kernel: Intrusion -> IN=ppp0.2 OUT= MAC= SRC=213.98.4.160 DST=109.79.159.89 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=60495 DF PROTO=TCP SPT=22359 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
Oct 29 20:12:41 daemon alert kernel: Intrusion -> IN=ppp0.2 OUT= MAC= SRC=112.16.75.68 DST=109.79.159.89 LEN=52 TOS=0x00 PREC=0xE0 TTL=47 ID=52425 DF PROTO=TCP SPT=55736 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x8000000
Oct 29 20:14:25 daemon alert kernel: INFO02D0: use dev Name br0
Oct 29 20:17:34 daemon alert kernel: INFO175E: connect server failed
Oct 29 20:23:19 daemon alert kernel: Intrusion -> IN=ppp0.2 OUT= MAC= SRC=201.157.35.229 DST=109.79.159.89 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=29847 DF PROTO=TCP SPT=56547 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000
Oct 29 20:34:02 daemon alert kernel: Intrusion -> IN=ppp0.2 OUT= MAC= SRC=123.151.42.61 DST=109.79.159.89 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=TCP SPT=12206 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000
Oct 29 20:44:12 daemon alert kernel: Intrusion -> IN=ppp0.2 OUT= MAC= SRC=60.210.216.34 DST=109.79.159.89 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=13014 DF PROTO=TCP SPT=51538 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x8000000
Oct 29 20:48:32 daemon alert kernel: INFO02D0: use dev Name br0
Oct 29 20:51:41 daemon alert kernel: INFO175E: connect server failed
Oct 29 20:52:59 daemon alert kernel: Intrusion -> IN=ppp0.2 OUT= MAC= SRC=64.125.239.86 DST=109.79.159.89 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50994 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000

The router is a TPlink TD-W8968 V3. A cheap and cheerful job that does what I want. But recently I've been having some connectivity issues, and I think it may be down to my router.
I have a wireless network over a couple of miles, and use Ubiquiti for that, but I don't have a problem connecting to the TPlink. My problem seems to be between that and the net.

Can anyone shed some light on wtf the log file means?

Thanks

ZENER

Someone is trying to access your routers I.P. from the outside. Not uncommon and usually your router can deal with it but if it's a sustained attempt it could cause issues. Most routers would include the word "attempted" meaning the router stopped the intrusion attempt, your doesn't show that.

I've no knowledge of your router so can't say for sure. I did read somewhere of some malware that can attack certain router brands making them susceptible to being DNS hi-jacked, not sure if yours is on that list though.

Was the router supplied by your ISP - Vodafone ?

Ken

JabbaTheHut

No. I bought it to change the router I had for years which was a Netgear.

Does it look like, in your opinion, that from the logs, that is the reason why I am experiencing disconnects. It seems to happen only at night.

ZENER

There's always that possibility but the regularity doesn't look bad enough to swamp the router, it should deal with that many attempts fairly easily.

I take it you have it in Bridge mode ? (br0). To me it looks like it's losing the link to the other side but I'm not an expert. Hopefully someone else will happen by with a better answer.

Ken

Cuddlesworth

ZENER wrote: »

There's always that possibility but the regularity doesn't look bad enough to swamp the router, it should deal with that many attempts fairly easily.

I take it you have it in Bridge mode ? (br0). To me it looks like it's losing the link to the other side but I'm not an expert. Hopefully someone else will happen by with a better answer.

Ken

Oct 29 20:51:41 daemon alert kernel: INFO175E: connect server failed

That looks like a PPPOE fail, you would need more then alert level logs to diagnose it though. It could easily just be a PPPOE auth attempt on the external.

The rest are bots, par for the course on any external facing port.

JabbaTheHut

Cuddlesworth wrote: »

Oct 29 20:51:41 daemon alert kernel: INFO175E: connect server failed

That looks like a PPPOE fail, you would need more then alert level logs to diagnose it though. It could easily just be a PPPOE auth attempt on the external.

The rest are bots, par for the course on any external facing port.

The PPPOE fail or attempt. Would that mean there could be a problem at the exchange, as in kinda outside my own control?

Cuddlesworth

JabbaTheHut wrote: »

The PPPOE fail or attempt. Would that mean there could be a problem at the exchange, as in kinda outside my own control?

It could be the exchange going down. Seems unlikely though.

JabbaTheHut

Cuddlesworth wrote: »

It could be the exchange going down. Seems unlikely though.

Thought that myself. Would I get errors like that if it was a wiring problem in the house? I reckon not myself, but could get different errors.

ED E

What exchange is it?

On exchanges with limited links back to the RAS you'll see regular PPPoE resets if the connection starts degrading/congesting.

JabbaTheHut

Cahir exchange. It's fiber enabled, and although it's available to me, I'm told that my speed will go down from about 8 megs to 6. So I'm assuming it has pretty good backhaul

ishotjr2

The 201.157.35.229 is just doing port scanning.

Server Details
IP address:
201.157.35.229
Server Location:
Mexico, Distrito Federal in Mexico
ISP:
Maxcom Telecomunicaciones, S.A.B. de C.V.

But it is probably from some kind of onion network so unless your mother in-law lives in Mexico the info is not very useful.