Suspicious entries in Hub's event log

I'm suddenly seeing a lot of weird IP addresses establishing connections through my Home Hub's firewall. They originate from various places including UK, China, Mauritania, Ukraine, France and the US. What are they and what should I do? Is this some kind of attack?
Recorded events
Time and date    Message
22:56:20, 01 Jun.    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.69:45490 <-->81.129.77.137:45490 [86.26.183.246:6419] ppp1 NAPT)
22:54:13, 01 Jun.    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.69:45490 <-->81.129.77.137:45490 [86.26.183.246:6419] ppp1 NAPT)
22:52:43, 01 Jun.    IN: BLOCK [9] Packet invalid in connection (TCP 173.194.34.134:443->81.129.77.137:60427 on ppp1)
22:44:42, 01 Jun.    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.69:45490 <-->81.129.77.137:45490 [86.26.183.246:6419] ppp1 NAPT)
22:43:49, 01 Jun.    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.69:45490 <-->81.129.77.137:45490 [50.142.102.35:27416] ppp1 NAPT)
22:33:47, 01 Jun.    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.69:45490 <-->81.129.77.137:45490 [86.26.183.246:6419] ppp1 NAPT)
22:32:57, 01 Jun.    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.69:45490 <-->81.129.77.137:45490 [41.188.105.33:31040] ppp1 NAPT)
22:31:41, 01 Jun.    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.69:45490 <-->81.129.77.137:45490 [86.26.183.246:6419] ppp1 NAPT)
22:30:57, 01 Jun.    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.69:45490 <-->81.129.77.137:45490 [41.188.105.33:31040] ppp1 NAPT)
22:26:20, 01 Jun.    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.69:45490 <-->81.129.77.137:45490 [46.203.97.224:17071] ppp1 NAPT)
01:55:25, 14 Jan.    <<<<<<<<<<<<<<<<<<<< Limit of uservisible log >>>>>>>>>>>>>>>>>>>>

benjp88 wrote:
ill disabling this affect online gaming?
If you are running game which needs incoming ports, then simply use port forwarding, and forward the ports that the game needs.
At a guess, you are running a game or application on a device at IP address, 192.168.1.69 which needs incoming port 45490. You can map this manually
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

Similar Messages

  • Questions about BT Home Hub 4A event log - WIFI c...

    Hope someone can help please ?
    I had BT inifinity installed 2 weeks ago with the HH 4 (type A) and everything has worked - connection found, no problem.
    This week, my ipod touch was unable to join the network but the iphone 5, another ipod and a tablet could connect without a problem. The ipod touch managed to connect to another WIFI used at the property and my work wifi without a problem.
    I thought it maybe the ipod touch as it was quite old but that doesn't make sense since it connects fine to other networks.  I restored network settings and other options suggested by Apple but to no avail.
    I have turned my attention to the Hub. My laptop (older than the ipod touch) gets the connection no problem along with the other devices.  I went into the hub management page but I am not smart enough to decifer the event log so would like some help so I can fix this because I thought BT infinity was the better more reliable option?
    The ipod touch Wifi IP address is 00:25:00:b7:35:f6.
    On the event log, it shows STA before the address - but it shows STA before all the device IP addresses. Should I change this to DCHP ? or is this (Static ? alright)
    The Lease on all the devices on the event log is set to 1440 min. (1 day) is that alright too, what does it mean ?
    Do I have to keep renewing the lease ? How do I do that ? I read it can be set to 21 days ?
    Going back to the IP address on the ipod it shows the Hostname as 00:25:00:B7:35:f6-2 this is different to the IP address with the -2. Could that be a cause of the unable to join network or is it because I attempted to recreate the network on the ipod so its the second version of that host name ?
    Is there any setting I can change to fix this because I am concerned the same this will happen to the other devices and then the laptop....
    What do I need to do to be able to get my ipod touch to connect to the BT network setting ?
    I think its the hub 4A causing the 'block' on the ipod touch not the device and I think its maybe a matter of changing a setting - but then why was it all fine before when Infinity was first installed ?
    Lastly my laptop (7 Years old) seems to be attached to the 5GHZ Wireless channel - is that alright ? The other more recent devices are on the 2.4ghz channel (except the ipod touch which isn't on any !!)
    Is it alright to turn the hub on / off ? -I am resisting that because I don't want to make the situation worse. 
    Sorry but what does client disassociated mean and all the BLOCKS - do they relate to firewall ?
    Please can you review the event log and my questions ?
    Many thanks
    angie 2601 
    The time frame is 3.55am 8/8/2013 - 7.16 am 8/8/2013
    (Latest (7.16am) at the top
    Message
    07:16:39, 08AUG
    (1224785.050000) Admin login successful by 192.168.1.64 on HTTP (1224766.610000) Admin login FAILED by 192.168.1.64 on HTTP (1224648.050000) New GUIsession  from IP 192.168.1.64
    (1224466.770000) Device disconnected: Hostname: Unknown-d8:dl:cb:ec:a6:fe
    IP: 192.168.1.65 MAC: d8:d1:cb:ec:a6:fe
    wlan1: STA d8:d1:cb:ec:a6:fe IEEE 802.11: Client  disassociated
    (1224362.750000) lease for IP 192.168.1.65 renewed by host Unknown­ d8:d1:cb:ec:a6:fe (MAC d8:d1:cb:ec:a6:fe).lease duration:1440 min (1224362.750000) Device connected: Hostname:Unknown-d8:d1:cb:ec:a6:feiP:
    192.168.1.65 MAC:d8:dl:cb:ec:a6:fe lease time: 1440 min. link rate:90.0 Mbps
    (1224362.690000) Lease requested
    wlan1: STA d8:d1:cb:ec:a6:fe IEEE 802.11:Client associated
    (1224241.150000) lease for IP 192.168.1.64 renewed by host FAMILY (MAC
    00:13:02:de:6d:e6). Lease duration:1440 min
    (1224241.150000) Device connected: Hostname: FAMii.Y IP:192.168.1.64 MAC:
    00:13:02:de:6d:e6 Lease time: 1440 min. link rate: 54.0 Mbps
    (1224241.090Cl00) Lease requested
    wlan1TA  00:13:02:de:6d:e6 IEEE 802.11:Client associated
    OUT: BLOCK [9] Packet invalid in connection (TCP
    192.168.1.66:34905->31.13.72.38:443 on ppp1)
    (1223644.770000) Device disconnected: Hostname: Unknown-d8:dl:cb:ec:a6:fe
    IP: 192.168.1.65 MAC: d8:d1:cb:ec:a6:fe
    wlanl: STA d8:d1:cb:ec:a6:-fe IEEE 802.11:CHent diSassociated
    (1223489.390000) Lease for IP 192.168.1.65 renewed by host Unknown­ d8:d1:cb:ec:a6:fe (MAC d8:d1:cb:ec:a6:fe).lease duration:1440 min (1223489.380000) Device connected:Hostname:Unknown-d8:dl:cb:ec:a6:fe IP:
    192.168.1.65 MAC: d kd1:cb ec:-a6-:fe Lease time: 1440 min. Link  rare: 90.0 Mbps
    (1223489.330000) Lease requested
    wlan1: STA d8:d1:cb:ec:a6:fe IEEE 802.11: Client  associated wlan1TA d8:d1:cb:ec:a6:fe IEEE 802.11: Client disasSociated
    wlan1TA d8:d1:cb:ec:a6:fe IEEE 802.11:Client associated
    OUT;BLOCK [9] Packet i valid in connection (TCP
    192.168.1.66:34375->31.13.72.38:443 on pppl)
    l'N':BLOCK [16-} Remote administration {ICMP type 8 code 0
    117.1.42.94->86.182.228.205 on ppp1)
    IN: BLOCK [9] Packet invalid in connection (TCP
    31.13.72.33:443->86.182.228.205:44156 on ppp1) IN: BLOCK [9] Packet invalid in connection (TCP
    31.13.72.33:443->86.182.228.205:36615 on ppp1)
    OUT: BLOCK [9] Packet invalid  in connection (TCP
    192.1-68.1.68:49476->173.252.103.16:443 OR ppp1)
    BLOCKED 5 more  packets (because of Packet invalid in connection) OUT: BLOCK [9] Packet invalid  in connection (TCP
    192.168.1.68:49443->95.100.195.205:443 on ppp1)
    OUT:BLOCK {9] PaCket invalid in connection (TCP
    192.168.1.68:49438->95.100.194.217:443 on ppp1)
    IN:BLOCK [9] Packet invalid in connection (TCP
    95.100.194.217:443->86.182.228.205:49444 on ppp1)
    (1222111.810000) Lease for IP 192.168.1.68 renewed by host Unknown-
    70:56:81:46:bf:d9 (MAC 70:56:81:46:bf:d9).Lease duration:1440 min
    (1222111.810000) Device connected:Hostname:Unknown-70:56:81:46:bf:d9 IP:,
    192.168.1.68 MAC:70:56:8:t:46:bf:d9lease time:1440 min. Link rate:52.0 Mbps
    (1222111.750000) Lease requested  .-
    wlanO: STA 70:56:81:46:bf:d9 IEEE 802.11: Client  associated • (1222093.690000) Device dlsconn: Hostname:Unknown-
    00:25:00:b7:35:f6-2 IP: 192.168. MAC: 00:25:00:b7:35:f6 wlanoTA  00:25:00:b7:35:f6 IEEE 802.11:Client disassociated
    OUT:BLOCK [9] Packet invalid in connection (TCP
    192.168.1.66-:43272->31.13.72.33:443 on ppp1)
    221969.130000) lease for IP 192.168.1.67 renewed  by host Unknown-
    00:25:00:b7:35:f6-2 (MAC 00:25:00:b7:35:f6). lease duration:1440 min
    (1221969.130000} Devicconnected: Hostname·:Unknowwoo·:25:00:b7 35:f6-2
    IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6 Lease time: 1440 min. Unk  rate: 54.0
    Mbps
    (1221969.070000) Lease requested
    wlanO: STA 00:25:00:b7:35:f6 IEEE 802.11:Client associated
    (1220365.290000) Device disconnected: Hostname:Unknown-
    00:25:00:b7:35:f6-2 IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6 wlanOTA 00:25:00:b7:35:f6 IEEE 802.11:Client disassociated
    (1220348.230000) Lease for IP 192.168.1.67 renewed by host Unlmown-
    00:25:00:b7:35:f6-2 (MAC 00:25:00:b7:35:f6).lease duration: 1440 min
    (1220348.230000) Device connected: Hostname:Unknown-00:25:00:b7:35:f6-2
    IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6 Lease time: 1440 min. Unk rate: 54.0
    Mbps
    (1220348.170000) lease requested
    wlanOTA 00:25:00:b7:35:f6 IEEE 802.11:Client associated
    IN: BLOCK f16] Remote administration (TCP
    123.151.42.61:12233->86.182.228.205:8080 on ppp1) OUT: BLOCK [9] Packet invalid  in connection (TCP
    :t92.Hi8.1.66:53813->31.13.72.33:443 on ppp1)
    OUT:BLOCK [9] Packet invalid in connection (TCP
    192.168.1.66:43989->31.13.72.33:443 on ppp1)
    IN: BLOCK [16] Remote administration (ICMP type 8 rode 0
    2.7.251.109.227->86.182.228.205 on pppl)
    (1216770.650000) Device disconnected:Hostname:Unknown-
    00:25:00:b7:35:f6-2 IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6
    OUT:BLOCK [9j Packet invalid in connection (TCF
    192.168.1.67:49180->74.125.136.109:993 on ppp1)
    wlanOTA 00:25:00:b7:35:f6 IEEE 802.11:Client disassociated
    (1216753.280000) Lease for IP 192.168.1.67 renewed  by host Unknown-
    00:25:00:b7:35:f6-2 (MAC 00:25:00:b7:35:f6). lease duration:1440 min
    (1216753.270000) Device connected: Hostname: Unknown-00:25:00:b7:35:f6-2
    IP: 192.168.1.67 MAC: 00:25.:00-:.b7.:35:f6 Lease time: 1440 min. Unk  rate: 54.0
    Mbps
    (1216753.220000) lease requested
    wlanO: STA 00:25:00:b7:35:f6 IEEE 802.11:Client assodat
    OUT: BLOCK [9] Packet invalid in connection (TCP
    192.168.1.66:55944->23.21.78.229:443 on ppp1)
    OUT: BLOCK [9J  Packet invafid in connection (TCP
    192.168.1.66:34794->31.13.72.33:443 on ppp1)
    OUT:BLOCK [9] Packet invalid in connection (TCP
    192.168.1.66:41441->31.13.72.33:443 on ppp1)
    {1213176.020000) Device disconnected:.Hostname:Unknown-
    00:25:00:b7:35:f6-2 IP: 192.168.1.67 MAC:00:25:00:b7:35:f6 wlanO: STA 00:25:00:b7:35:f6 IEEE 802.11: Client disassociated
    (1213158.410000) Lease for IP 192.168.1.67 renewed  by host Unknown-
    00:25:00:b7:35:f6-2 (MAC 00:25:00:b7:35:f6). lease duration:1440 min                           _./:\ (1213158.400000) Device connected:Hostname:Unknown-00:25:00:b7:35:ftt.Y IP: 192.168.1.67 MAC: 00:25:00:b7:35:f6 Lease time: 1440 min.Unk rate: 54.0
    Mbps
    (1213158.340000) Lease requested
    wlanO: STA 00:25:00:b7:35:f6 IEEE 802.11: Client associated
    OUT:BLOCK (9] Packet invalid in connection (TCP
    192.168.1.66:59767->176.34.180.243:443 on ppp1) OUT;BLOCK [9] P.acket invalid in connection {TCP
    192.168.1.66:56075->31.13.72.33:443 on ppp1) OUT: BLOCK [9] Packet invalid  in connection (TCP
    192.168.1.66 581:1:0->31.13.72.33:443 on ppp1)
    BL.OCKED 2 more packets (because of Packet invalid in connection) OUT:BLOCK [9] Packet invalid in connection (TCP
    192.168.1.66:56251->31.13.72.33:443 on ppp1)
    OUT:BLOCK [9] Packet invalid in connection (TCP
    192.168.1.66:36959->31.13.72.33:443 on ppp1)
    BlOCKED 1more packets (because of Packet invalid in connection)

    It could be that the Ipod touch is having problems with both the 2.4GHz and 5GHz frequencies being named the same. If you give them separate SSids it may help. ie add a 5 to the 5GHz SSid.
    If you do this you will need to re-connect all your devices that can see both frequencies to both SSids so that they will swap between the frequencies seamlessly when ever they need to
    See link how to change SSid.
    http://bt.custhelp.com/app/answers/detail/a_id/445​04/related/1/session/L2F2LzEvdGltZS8xMzc1OTY2ODIxL​...
    Once you have changed the SSid I would delete the network connection on the Ipod touch and start again.

  • CAM Event Log: SNMP trap is received from switch [ ip address ] which is NOT in our database.

    We keep getting thousands of entries in the CAM event log like this:
    SNMP trap is received from switch [<ip address>] which is NOT in our database.
    apparently, these aren't NAC'd switches. Why does the CAM see these and how can they be eliminated from the Event Log?
    Thanks,

    Matt,
    Do you switches have the CAM as a host where they are sending traps? Check the running-config of the servers and see if you spot the CAM IP address as one of the snmp-servers.
    HTH,
    Faisal

  • ILOM and ipmitool event log differences

    When I use ipmitool to get entries for the System Event Log, it returns "SEL has no entries".
    If I run 'show /SP/logs/event/list' from the ILOM, it shows thousands of entries.
    What 'System Event Log' is the ipmitool doc talking about?

    My educated guess is that you have a policy setting (GPO) on your production network that is disabling that functionality, and nothing on your dev network that explicitly enables it. As a result, it works (by default), moving it to production turns it off,
    and moving it back to dev does nothing, so it stays off, but I have no idea where such a setting would be.
    I do know for certain, though, that it's not in any WSUS/WUA settings.
    Another approach might be to do a registry dump of the SYSTEM hive before and after moving the machine to the production network, and then do a diff on the before and after dumps.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Hub3 Event Log - erroneous entries need explainati...

    My first post so please be gentle.
    My BB went off today and when it came back it was very slow and I couldn't connect to any web page (which is not like my service which is usually top notch).
    I looked in the Event Log and there were a couple of entries around the time of the disconnection which made me very suspicious.
    19:42:15, 20 Nov. (5875284.760000) Server URL: https://pbthdm.bt.motive.com; Connecting as user: ACS username
    19:42:13, 20 Nov. (5875282.470000) Initializing transaction for event code 2 PERIODIC
    I started a Chat with someone & needless to say (unfortunately) they were about as much use as a chocolate fire guard. Disconnect this, check that - oh no not the 'take the face plate off & use the test socket' lark - can you not explain what's happened? NO
    Ever since then my service is extremely slow and connection is intermittent. Can anyone explain what these message mean? Even if they have nothing to do with my current situation it would still be nice to know what they mean.
    Thanks

    "https://pbthdm.bt.motive.com;" that is the link BT use for provisioning servers incase your Hub is going to be upgraded, the Hub will check sometimes to see if there is a newer version.
    As for your slow speed problems would you mind doing the following?
    Can you please post your ADSL stats by following this direct link; http://192.168.1.254/ and go to A-Z (top right) and then ADSL Settings and post everything including Line Attenuation, Noise Margin, Connection Speed, Errors etc...
    Also we need a speedtest just to have a look and make sure everything's okay? Use this link http://bit.ly/uViAXN and post all the required info Throughput, IP Profile etc..). If that one doesn't work then try this work around link http://bit.ly/uV4DdK .
    Run a line test to determine if or not it is an external problem: http://goo.gl/J25w8
    Can you also confirm if you're connected at the master socket or an extension? And what your type your master socket is according to this picture
    Lastly for now, call 17070 and Press Option 2 for the Quiet Line test and where possible use a corded phone as DECT handsets can pick up electrical interference?
    Regards Edd
    Check your Line
    BT Speedtester

  • Large number of event Log entries: connection open...

    Hi,
    I am seeing a large number of entries in the event log of the type:
    21:49:17, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:51163] CLOSED/TIME_WAIT ppp0 NAPT)
    21:49:15, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:41820] ppp0 NAPT)
    Are these anything I should be concerned about? I have tried a couple of forum and Google searches, but I don't quite know where to start beyond pasting the first bit of the message. I haven't found anything obvious from those searches.
    DHCP table lists 192.168.1.78 as the desktop PC on which I'm writing this.
    Please could you point me in the direction of any resources that will help me to work out if I should be worried about this?
    A slightly longer extract is shown below:
    21:49:17, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:51163] CLOSED/TIME_WAIT ppp0 NAPT)
    21:49:15, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:41820] ppp0 NAPT)
    21:49:15, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [81.154.101.160:51163] CLOSED/SYN_SENT ppp0 NAPT)
    21:49:11, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [213.205.231.156:51027] TIME_WAIT/CLOSED ppp0 NAPT)
    21:49:03, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [178.190.63.75:55535] CLOSED/SYN_SENT ppp0 NAPT)
    21:49:00, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [2.96.4.85:23939] TIME_WAIT/CLOSED ppp0 NAPT)
    21:48:59, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [78.144.143.222:21617] CLOSED/TIME_WAIT ppp0 NAPT)
    21:48:58, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [41.218.222.34:28188] ppp0 NAPT)
    21:48:57, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [41.218.222.34:28288] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:57, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [86.132.123.255:18048] ppp0 NAPT)
    21:48:57, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [86.132.123.255:54199] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:55, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [86.144.91.49:60704] ppp0 NAPT)
    21:48:55, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [80.3.100.12:50875] TIME_WAIT/CLOSED ppp0 NAPT)
    21:48:45, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [78.150.251.216:57656] ppp0 NAPT)
    21:48:39, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [78.150.251.216:56975] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:29, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [79.99.145.46:8368] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:27, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [90.192.249.173:45250] ppp0 NAPT)
    21:48:16, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [212.17.96.246:62447] ppp0 NAPT)
    21:48:10, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [82.16.198.117:49942] TIME_WAIT/CLOSED ppp0 NAPT)
    21:48:08, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [213.205.231.156:51027] CLOSED/SYN_SENT ppp0 NAPT)
    21:48:04, 11 Mar.
    IN: ACCEPT [57] Connection closed (Port Forwarding: TCP 192.168.1.78:14312 <-->86.128.58.172:14312 [89.153.251.9:53729] TIME_WAIT/CLOSED ppp0 NAPT)
    21:47:54, 11 Mar.
    IN: ACCEPT [54] Connection opened (Port Forwarding: UDP 192.168.1.78:14312 <-->86.128.58.172:14312 [80.3.100.12:37150] ppp0 NAPT)

    Hi,
    Thank you for the response. I think, but can't remember for sure, that UPnP was already switched off when I captured that log. Anyway, even if it wasn't, it is now. So I will see what gets captured in my logs.
    I've just had to restart my Home Hub because of other connection issues and I notice that the first few entries are also odd:
    19:35:16, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49250->173.194.78.125:5222 on ppp0)
    19:34:45, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:34:31, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49250->173.194.78.125:5222 on ppp0)
    19:34:31, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:34:04, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49462->199.59.149.232:443 on ppp0)
    19:33:46, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49250->173.194.78.125:5222 on ppp0)
    19:33:46, 12 Mar.
    IN: BLOCK [12] Spoofing protection (IGMP 86.164.178.188->224.0.0.22 on ppp0)
    19:33:45, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:33:39, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49462->199.59.149.232:443 on ppp0)
    19:33:33, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49463->199.59.149.232:443 on ppp0)
    19:33:29, 12 Mar.
    IN: BLOCK [15] Default policy (UDP 111.252.36.217:26328->86.164.178.188:12708 on ppp0)
    19:33:16, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 193.113.4.153:80->86.164.178.188:49572 on ppp0)
    19:33:14, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:33:14, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 66.193.112.93:443->86.164.178.188:44266 on ppp0)
    19:33:14, 12 Mar.
    ( 164.240000) CWMP: session completed successfully
    19:33:13, 12 Mar.
    ( 163.700000) CWMP: HTTP authentication success from https://pbthdm.bt.mo
    19:33:05, 12 Mar.
    BLOCKED 106 more packets (because of Default policy)
    19:33:05, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49462->199.59.149.232:443 on ppp0)
    19:33:05, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 213.1.72.209:80->86.164.178.188:49547 on ppp0)
    19:33:05, 12 Mar.
    BLOCKED 94 more packets (because of Default policy)
    19:33:05, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:33:05, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 199.59.148.87:443->86.164.178.188:49531 on ppp0)
    19:33:05, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49250->173.194.78.125:5222 on ppp0)
    19:33:04, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:33:04, 12 Mar.
    ( 155.110000) CWMP: Server URL: https://pbthdm.bt.mo; Connecting as user: ACS username
    19:33:04, 12 Mar.
    ( 155.090000) CWMP: Session start now. Event code(s): '1 BOOT,4 VALUE CHANGE'
    19:32:59, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:32:54, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49462->199.59.149.232:443 on ppp0)
    19:32:53, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:52, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49463->199.59.149.232:443 on ppp0)
    19:32:51, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:32:48, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:47, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49266->173.194.34.101:443 on ppp0)
    19:32:46, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:46, 12 Mar.
    BLOCKED 4 more packets (because of First packet is Invalid)
    19:32:45, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49461->199.59.149.232:443 on ppp0)
    19:32:44, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:44, 12 Mar.
    BLOCKED 1 more packets (because of First packet is Invalid)
    19:32:43, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49398->193.113.4.153:80 on ppp0)
    19:32:42, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:42, 12 Mar.
    BLOCKED 3 more packets (because of First packet is Invalid)
    19:32:42, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49277->119.254.30.32:443 on ppp0)
    19:32:41, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:41, 12 Mar.
    BLOCKED 1 more packets (because of First packet is Invalid)
    19:32:41, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:38, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49280->119.254.30.32:443 on ppp0)
    19:32:36, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49330->173.194.67.94:443 on ppp0)
    19:32:34, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49463->199.59.149.232:443 on ppp0)
    19:32:30, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 66.193.112.93:443->86.164.178.188:47022 on ppp0)
    19:32:30, 12 Mar.
    ( 120.790000) CWMP: session closed due to error: WGET TLS error
    19:32:30, 12 Mar.
    ( 120.140000) NTP synchronization success!
    19:32:30, 12 Mar.
    BLOCKED 1 more packets (because of Default policy)
    19:32:29, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49458->217.41.223.234:80 on ppp0)
    19:32:28, 12 Mar.
    OUT: BLOCK [65] First packet is Invalid (TCP 192.168.1.78:49280->119.254.30.32:443 on ppp0)
    19:32:26, 12 Mar.
    ( 116.030000) NTP synchronization start
    19:32:25, 12 Mar.
    OUT: BLOCK [15] Default policy (First packet in connection is not a SYN packet: TCP 192.168.1.78:49442->74.125.141.91:443 on ppp0)
    19:32:25, 12 Mar.
    OUT: BLOCK [15] Default policy (TCP 192.168.1.78:49310->204.154.94.81:443 on ppp0)
    19:32:25, 12 Mar.
    IN: BLOCK [15] Default policy (TCP 88.221.94.116:80->86.164.178.188:49863 on ppp0)

  • Home Hub 3 - no event log for a month

    I tried and failed to access the Hub Manager home page yesterday.
    I tried several PCs / operating systems / browsers without success.
    Eventually, I rebooted the router and managed to access the page.
    Having logged in I found that no entries had been added to the event log since the early hours of November 18th (just over a month ago) although the broadband has been working fine.
    Has anybody else had similar experiences? As a generally paranoid individual I am not too happy that there are missing event log items!!
    Thanks
    Brian

    Hi oldbak,
    Is this issue still apparent? Have you tried resetting the hub?
    Chris
    BT Mod team
    If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
    If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

  • HOME HUB - EVENT LOG - Help with translation pleas...

    Have just found the event log on the Home Hub and am trying to uderstand what it is telling me. For today, there are many similar entries such as copied below;
    VOIP: [2.0A] [XXXXXXXX] [FXS DECT1 DECT2 DECT3 DECT4 DECT5] 200 OK - SIP message received
    VOIP: [2.0A] XXXXXXXXX] [] 501 Not Implemented - SIP message sent
    VOIP: [2.0A] [kas] [-] REGISTER - SIP message received
    Could someone please give me some idea what these entries relate to?
    Thanks
    EDIT; On reflection, I think the following are better examples of my concern that someone may be hacking into our hub / broadband or does the ' not implemented ' comment mean that the security has kicked in and rejected the attempt?
    VOIP: [2.0A] [john] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [john] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [daniel] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [daniel] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [Amanda] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [Amanda] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [andrew] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [andrew] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [jennifer] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [jennifer] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [newuser] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [newuser] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [computer] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [computer] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [calvin] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [calvin] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [charles] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [charles] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [paul] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [paul] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [dave] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [dave] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [steve] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [steve] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [tsinternetusers] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [tsinternetusers] [-] REGISTER - SIP message received
    13:31:32  16 Aug
    VOIP: [2.0A] [tsinternetuser] [] 501 Not Implemented - SIP message sent
    13:31:32  16 Aug
    VOIP: [2.0A] [tsinternetuser] [-] REGISTER - SIP message received

    edit the post as you're showing your VOIP number (If your BBT number starts 01).
    AFAIK it's something to do the hub phone set up BUT I'm not too sure.
    DECT 1 to 5 (5 handsets can be registered)
    -+-No longer a forum member-+-

  • HH3A event log entries - firewall

    I have recently received a replacement hub and in the event log am getting loads of the following entries - is this usual (IP address is my laptop)
    23:59:57, 15 May.
    (458348.960000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->49744, internal ports: 49744, internal client: 192.168.1.64
    23:59:16, 15 May.
    (458308.430000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->49744, internal ports: 49744, internal client: 192.168.1.64
    Also when I do a tracert I get the following as the first line
    1     3 ms     2 ms     1 ms  api.home [192.168.1.254]
    I am only confused because on the old hub the firewall entries were
    20:50:11, 30 Apr.
    BLOCKED 1 more packets (because of Spoofing protection)
    20:50:09, 30 Apr.
    IN: BLOCK [12] Spoofing protection (IGMP 86.157.215.96->224.0.0.22 on ppp0)
    and the tracert was
    1     1 ms    <1 ms    <1 ms  BThomehub.home [192.168.1.254]
    I presume that nothing is amiss
    Solved!
    Go to Solution.

    conrad wrote:
    Many thanks DS - have turned UPnP off.  
    Why is this comment displayed   "It is recommended to keep the Extended UPnP security enabled to ensure the security of your home network." Presumably not having it enabled is ok.
    The spoofing stuff was obviously caused by me switching between wired/wireless as part of my line problems but thanks for the info as no doubt it will occur again.
    No problem
    The extended UPnP is a new item that BT have added to the latest firmware on the hub3. TBH I've not looked in to what this actually means as I've always turned UPnP off, even from when I was using the HH2.
    The spoofing events will return if you flick between each method of connecting, unless you delete the method not in use
    -+-No longer a forum member-+-

  • Unknown firewall log entries Home Hub 2

    Hi,
    could anyone explain what the following are on my event log please?.
    FIREWALL icmp check (1 of 3): Protocol: ICMP Src ip: 81.134.23.245 Dst ip: 81.154.36.164 Type: Destination Unreachable Code: Host Unreacheable  - this appears quite a few times over the space of two hours this evening.
    Also, : 
    UPnP action 'DeletePortMapping' from ip=192.16x.xx (No such entry in array)
    19:56:22  26 Apr
    UPnP action 'DeletePortMapping' from ip=192.16x.xx(No such entry in array)
    The IP address in this one corresponds to a known/recognised device. 
    Very garetful if anyone can help explain what these mean. And,if they are anything to worry aboout.
    Thanks.

    camper wrote:
    Hi,
    could anyone explain what the following are on my event log please?.
    The IP address in this one corresponds to a known/recognised device. 
    Very garetful if anyone can help explain what these mean. And,if they are anything to worry aboout.
    Thanks.
    FIREWALL icmp check (1 of 3): Protocol: ICMP Src ip: 81.134.23.245 Dst ip: 81.154.36.164 Type: Destination Unreachable Code: Host Unreacheable  - this appears quite a few times over the space of two hours this evening.
    That is an external "ping" request from the Internet that has been blocked, Probably someone trying to find whether there is anything worth trying to hack into.
    UPnP action 'DeletePortMapping' from ip=192.16x.xx (No such entry in array)
    Thats an application on your device which is trying to open an incoming port, perhaps you have a game or IM program running?
    If not, then disable uPnP on the home hub.
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • Home Hub 3. Constant connectivity loss. Event log ...

    Trying to get any kind of service out of my BT Infinity provision nowadays is like trying to arrange a tsunami in a desert.
    Time after time after time after time, the Internet is working normally but then a page refuses to refresh and attempts to open another website result only in 'page not found' even though the Internet-connection  icon is glowing steadily in the tray, and when I ask Windows to check on things, it reports that no problems have been found and the connection is working normally.
    Except, of course, it isn't.  I am not a technical expert and therefore haven't much of a clue where to start with this. My Vista OS runs with Panda Cloud AV and Malwarebytes PRO and Windows Firewall, all three of which have always played nicely. Prior to switching to BT Infinity, I had 'ordinary' BT broadband via a Netgear wireless router. The service was trouble-free.
    This morning, I decided to delve into BT Home Hub Manager to re-set to factory default. That in itself took some doing because clicking on the  Firefox bookmark got me nowhere at all: I had to sit here and wait for 10 minutes before the Hub page suddenly appeared as if out of nowhere.
    I found in the event logs a seemingly unending chain of firewall related reports. Rather than read 'em all, I just hit re-set and whoa-hey, after a 5 or 6 minute wait, everything was fine and dandy again. . .
    Until, 20 minutes later, it wasn't. Despite the re-set, Internet connectivity was shot to pieces. I'm on Amazon UK and click to open a new page in a new tab: Page Not Found. On the BBC News website, click on a link to open in a new tab: Page Not Found. Reload any of those exisdting, open pages and the reload circle just spins and spins until. . . Page Not Found.
    Unfortunately, I can't make head nor tail of the log reports in the Firewall section, but typically they read:
    IN: BLOCK [16] Remote administration
    BLOCKED  1 more packet [because of Remote Administration]
    IN: BLOCK [9] Packet invalid in connection
    BLOCKED  4 more packets (because of Packet invalid in connection)
    IN: BLOCK [9] Packet invalid in connection
    BLOCKED  20 more packets (because of Packet invalid in connection)
    BLOCKED 40 more packets (becuase of Packet invalid in connection)
    And so it goes on. . . and on. It's not even clear to me if the Home Hub is doing the blocking anyway, but if it is, then I can't begin to figure out why websites like Amazon UK, BBC News, Speedtest and even Google Maps should be BLOCKED.
    Help appreciated. . . always assuming, this post actually gets through -- I've no idea if this page has gone down or not, because though it's on-screen, that no longer means anything at all.

    Thanks, Ray. Just managed to get back on here, there's been virtually no connectivity at all. One odd thing has been that the Home Hub Manager has opened OK. But it is no longer in agreement with the computer about whether or not connectivity exists. For example:
    1) Click on disconnect in HH Manager, and it reports that the task has been achieved and the button changes to 'connect'.
    But no disconnection has occurred. The Internet icon is still in the tray in its 'connected' state. And it's possible to go on the Net and briefly open up a website that isn't in the FF cache.   But then everything fails again. Alternatively:
    2) Click 'disconnect' in the tray control and the icon changes shows a bid red x. But the HH Manager doesn't agree. It continues to report that the computer is connected to the Internet.
    I'm baffled and wearied. I'll have to relocate the Infinity set-up from downstairs to where this computer is; I'm assuming, I leave the modem in place (the new white flat thing the engineer brought when he installed Infinity)and just disconnect the black HH3 and brin g it upstairs and plug it into the PC?
    Thanks for your help, much appreciated.

  • Mysterious repeat log entries in System events log

    I tried unsuccessfully to share internet connection with 2 iMacs without router(That doesn't matter). But after this, my iMac (24" 2.8 GHz) not networked or on internet now shows this repeated log entries every minute:
    com.apple.launchd[1] (com.apple.InternetSharing): Throttling respawn: Will start in 10 seconds
    This message gets repeated every minute on System events log. Daily, Monthly maintenance was not done automatically earlier today on this iMac (usually it did without any problem) which was on all-night.
    I checked with Disk Utility, repaired permissions. Although no problems in working, this continuous log writings disturbs me.
    Thanks for any help & Happy New Year!
    Best.

    Thanks, V.K. Did that (was asked password). System log showed after restart:
    com.apple.launchd[1] (com.apple.InternetSharing[152]): Exited with exit code: 1
    com.apple.launchd[1] (com.apple.InternetSharing): Throttling respawn: Will start in 10 seconds
    com.apple.launchd[1] (com.apple.InternetSharing153): Exited with exit code: 1
    com.apple.launchd[1] (com.apple.InternetSharing): Throttling respawn: Will start in 10 seconds
    Then it started again the same way as above - with each aditional line each time as shown above. Thanks for sticking with me on this. Hope you will offer other suggestions.
    Best.

  • Help Needed-bt home hub 2.0 event log messages

    Hi, Please can someone have a look at the event log messages below. Is someone trying to hack me? there are loads more of these messages i've only copy and pasted a few of them.
    many thanks in advance.
    12:32:02 30 Sep
    VOIP: [2.0A] [guest1] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [guest] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [guest] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [office12345] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [office12345] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [office1234] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [office1234] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [office123] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [office123] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [office12] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [office12] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [office1] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [office1] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [office] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [office] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [admin12345] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [admin12345] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [admin1234] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [admin1234] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [admin123] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [admin123] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [admin12] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [admin12] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [admin1] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [admin1] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [admin] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [admin] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [administrator] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [administrator] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [4260011834] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [4260011834] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [Administrator] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [Administrator] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [3942121793] [] 501 Not Implemented - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [3942121793] [-] REGISTER - SIP message received
    12:32:02 30 Sep
    VOIP: [2.0A] [100] [] 404 Not Found - SIP message sent
    12:32:02 30 Sep
    VOIP: [2.0A] [100] [-] OPTIONS - SIP message received
    12:32:01 30 Sep
    SNTP Synchronised to server: 213.123.26.170
    11:45:07 30 Sep
    VOIP: [2.0A] [100] [] 404 Not Found - SIP message sent
    11:45:07 30 Sep
    VOIP: [2.0A] [100] [-] OPTIONS - SIP message received
    11:32:01 30 Sep
    SNTP Synchronised to server: 213.123.20.170
    11:28:34 30 Sep
    VOIP: [2.0A] [100] [] 404 Not Found - SIP message sent
    11:28:34 30 Sep
    VOIP: [2.0A] [100] [-] OPTIONS - SIP message received
    Solved!
    Go to Solution.

    Hi JM7HUB and welcome,
    No, you're not being hacked. It's to do with BTHub phone (Broadband Talk - BBT) and the hub, in your case the hub 2A.
    It's a test that BT seem to carry out, normally (IIRC) after a reboot of the hub or possibly at random times - it's been a long time since I used BBT. I'll guess there are some random names mentioned on some of the other VOIP events?
    If you don't use a BBT, you can turn this off by entering the hub manager - type bthomehub.home or 192.164.1.254 in to your browser, click settings, advanced settings, continue to adavnced settings, telephony - there should be an option there to turn it off. This should then stop the events.
    edit. The telephone light on the hub will go out, but any registered hub phone should still operate as a 'normal' phone using your landline number.
    -+-No longer a forum member-+-

  • Since applying Feb 2013 Sharepoint 2010 CUs - Critical event log entries for Blob cache and missing images

    Hi,
    Since applying the February 2013 SharePoint 2010 updates, we are getting lots of entries in our event logs along the following:
    Content Management     Publishing Cache         
    5538     Critical 
    An error occurred in the blob cache.  The exception message was 'The system cannot find the file specified. (Exception from HRESULT: 0x80070002)’
    In pretty much all of these cases the image/ file in question that is reported in the ULS logs as missing is not actually in the collaboration site, master page / html etc so the fix needs to go back to the site owner to make the correction to avoid
    the 404 (if they make it!). This has only started happening, I believe since feb 2013 sp2010 cumulative updates updates
    I didn’t see this mentioned as a change / in the Fix list of the February updates. i.e. it flags up a critical error in our event logs. So with a lot of sites and a lot of missing images your event log can quickly fill up.
    Obviously you can suppress them in the monitoring -> web content management ->publishing cache = none & none which is not ideal.
    So my question is... are others seeing this and was a change made by Microsoft to flag a 404 missing image / file up a critical error in event log when blob cache is enabled?
    If i log this with MS they will just say, you need to fix it up the missing files in the site but would be nice to know this had changed prior! I also deleted and recreated the blob cache and this made no diffference
    thanks
    Brad

    I'm facing the same error on our SharePoint 2013 farm. We are on Aug 2013 CU and if the Dec CU (which is supposed to be the latest) doesn't solve it then what else could be done.
    Some users started getting the message "Server is busy now try again later" with a corelation id. I looked up ULS with that corelation id and found these two errors in addition to hundreds of "Micro Trace Tags (none)" and "forced
    due to logging gap":
    "GetFileFromUrl: FileNotFoundException when attempting get file Url /favicon.ico The system cannot find the file specified. (Exception from HRESULT: 0x80070002)"
    "Error in blob cache. System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)"
    "Unable to cache URL /FAVICON.ICO.  File was not found" 
    Looks like this is a bug and MS hasn't fixed it in Dec CU..
    &quot;The opinions expressed here represent my own and not those of anybody else&quot;

  • Help with the event log in the type B hub

    I have  probs with broadband slowing down and also with link going down a number of times again (it recovers quickly)
    I just wanted to confirm that the message in trhe event log in the type B hub:-
    (134558.700000) RTNL: Received ERROR reply 'No such process' for message type 0x19
    was the link dropping.
    Can anybody confirm this and does anyone know if/where the messages are documented?
    Thanks in advance
    Banz

    does nobody have any comments on this
    Mods - please help
    banz
    ps this is my last bump - I will give up after this

Maybe you are looking for

  • Error when scheduling infopackage for PA_PA OEMPLOYEE

    hi all, when iam scheduling info package for OEMPLOYEE it is giving error like "0EMPLOYEE : Overlapping time intervals of data record 298 with 305 : '['20040831'/'20040324'] '[to/from]     RSDMD 190 ". iam unable to solve it.please help me in this is

  • Installin Oracle 10G on Windows XP Professional Virtual running

    I have a Windows 7 Professional installed on my Laptop. I am trying to install Oracle 10 G on Windows XP Professional which comes with windows 7 Professional . Installation works fine but database administration page does not appear on reboot. Please

  • Itunes 10 won't install

    hello everyone! happy holidays!:) i am still havin trouble with the installation of the new itunes ten...the problem below:( ok..during installation. 1) Could not open key: unknown\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\DD7906EE4F50871479913D71B

  • HT1923 I can't get the latest itunes update to work

    I'm trying to copy any remaining files from my iPhone 3gs on to itunes ahead of upgrading to an iphone 4. I also use an ipod classic 120 gb on the same itunes account. Itunes asked me to update to the latest version (10.6.3.25) but the Mobile Device

  • Truncating sub partitions

    I am using oracle11g. I want to truncate subpartition on specific partion. I have partition on statewise. Each state partion has 7 day partition. For intance, Partion TX Sub partition MON, TUE, WED, THU, FRI, SAT, SUN Partion CA Sub partition MON, TU