Weird syslog entries-Did I get hacked?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Weird syslog entries-Did I get hacked?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Weird syslog entries-Did I get hacked?
Weird syslog entries-Did I get hacked?
2020-06-19 19:41:23 - last edited 2020-06-22 21:28:12
Model: Archer AX3000  
Hardware Version: V1
Firmware Version: S-Ver = 1.0.1 Build 20200109 rel.37084

I reboot the router automaically every Friday morning. Just before the reboot the router sends an System Log with all the entries since the last reboot. Prior to today, the only entires in the log after the reboot entries were the following for each day:

2020-06-11 21:00:01 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-11 08:00:00 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-10 21:00:01 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-10 08:00:00 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-09 21:00:00 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-09 08:00:01 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-08 21:00:00 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-08 08:00:01 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-07 21:00:01 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-07 08:00:00 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-06 21:00:00 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-06 08:00:00 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-05 21:00:01 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-05 08:00:00 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-05 04:00:52 led-controller[1411]: <6> 288051 Start to run NIGHT
2020-06-05 04:00:51 traffic-stats[6865]: <6> 269001 Clear all stats because time changed

 

Today it the log reported the following:

2020-06-18 21:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-18 08:00:01 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-17 21:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-17 08:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-16 21:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-16 08:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-15 21:00:01 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-15 08:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-15 00:41:51 upnp[9459]: <6> 217504 Service start
2020-06-15 00:41:51 upnp[9459]: <6> 217505 Service stop
2020-06-15 00:41:48 remote-management[8949]: <6> 282505 Service stop
2020-06-15 00:41:36 nat[6741]: <6> 211501 Initialization succeeded
2020-06-15 00:41:35 nat[6741]: <6> 211501 Initialization succeeded
2020-06-15 00:41:32 led-controller[1413]: <6> 288051 Start to run WAN1_ON
2020-06-15 00:41:32 led-controller[1413]: <6> 288051 Start to run WAN0_OFF
2020-06-15 00:41:32 led-controller[1413]: <6> 288051 Start to run LAN_ON
2020-06-15 00:41:27 nat[4972]: <6> 211501 Initialization succeeded
2020-06-15 00:41:26 nat[4972]: <6> 211501 Initialization succeeded
2020-06-15 00:34:34 upnp[16105]: <6> 217504 Service start
2020-06-15 00:34:33 upnp[16105]: <6> 217505 Service stop
2020-06-15 00:34:31 remote-management[15727]: <6> 282505 Service stop
2020-06-15 00:34:13 nat[12779]: <6> 211501 Initialization succeeded
2020-06-15 00:34:12 nat[12779]: <6> 211501 Initialization succeeded
2020-06-15 00:34:07 led-controller[1413]: <6> 288051 Start to run WAN1_OFF
2020-06-15 00:34:07 led-controller[1413]: <6> 288051 Start to run WAN0_ON
2020-06-15 00:34:07 led-controller[1413]: <6> 288051 Start to run LAN_ON
2020-06-15 00:33:46 nat[8838]: <6> 211501 Initialization succeeded
2020-06-15 00:33:46 nat[8838]: <6> 211501 Initialization succeeded
2020-06-15 00:33:42 led-controller[1413]: <6> 288051 Start to run WAN1_OFF
2020-06-15 00:33:42 led-controller[1413]: <6> 288051 Start to run WAN0_OFF
2020-06-15 00:33:42 led-controller[1413]: <6> 288051 Start to run LAN_ON
2020-06-15 00:33:41 led-controller[1413]: <6> 288051 Start to run WAN1_OFF
2020-06-15 00:33:41 led-controller[1413]: <6> 288051 Start to run WAN0_ON
2020-06-15 00:33:41 led-controller[1413]: <6> 288051 Start to run LAN_ON
2020-06-14 21:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-14 08:00:01 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-13 21:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-13 08:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-12 21:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-12 08:00:00 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-12 04:00:51 led-controller[1413]: <6> 288051 Start to run NIGHT
2020-06-12 04:00:50 traffic-stats[6946]: <6> 269001 Clear all stats because time changed
 

Did someone get into my router on 2020-06-15 00:33:41? 

Remote Management is off

Local Managment is on for all devices

  0      
  0      
#1
Options
1 Accepted Solution
Re:Weird syslog entries-Did I get hacked?-Solution
2020-06-22 21:00:04 - last edited 2020-06-22 21:28:12

@tomscot2 

 

No, definitely no remote access was done.

 

Other users reported similar logs but associated with network disconnects. If you happen to be experiencing that I would follow up with support.

 

Like you mentioned, as long as remote access is disabled then the router will not accept outside connections from the WAN.

Recommended Solution
  1  
  1  
#2
Options
2 Reply
Re:Weird syslog entries-Did I get hacked?-Solution
2020-06-22 21:00:04 - last edited 2020-06-22 21:28:12

@tomscot2 

 

No, definitely no remote access was done.

 

Other users reported similar logs but associated with network disconnects. If you happen to be experiencing that I would follow up with support.

 

Like you mentioned, as long as remote access is disabled then the router will not accept outside connections from the WAN.

Recommended Solution
  1  
  1  
#2
Options
Re:Weird syslog entries-Did I get hacked?
2020-06-22 21:41:36

@Tony That takes a load off. I did spend a bunch of time over the weekend working on the router. I identified the 25+ devices, named them in the  and created a spreadsheeet wiht their MAC addreses. so if see something that I'm ont familiar with I can follow it up. I also restricted internal management to my primary pc, my phone and my tablet just someone is coming in through a backdoor on one of the lan devices. 

 

If it happens again, I bring it up with support.

 

Thanks for the reply

Tom

  0  
  0  
#3
Options