Jump to content

Recommended Posts

Posted
Jan  1 00:00:14 daemon info kernel: ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
Jan  1 00:00:14 daemon warn kernel: PCI: Enabling device 0000:00:09.0 (0000 -> 0002)
Jan  1 00:00:14 daemon info kernel: ohci_hcd 0000:00:09.0: OHCI Host Controller
Jan  1 00:00:14 daemon info kernel: ohci_hcd 0000:00:09.0: new USB bus registered, assigned bus number 2
Jan  1 00:00:14 daemon info kernel: ohci_hcd 0000:00:09.0: irq 17, io mem 0x10002600
Jan  1 00:00:14 daemon info kernel: usb usb2: configuration #1 chosen from 1 choice
Jan  1 00:00:14 daemon info kernel: hub 2-0:1.0: USB hub found
Jan  1 00:00:14 daemon info kernel: hub 2-0:1.0: 2 ports detected
Jan  1 00:00:14 daemon warn kernel: Host MIPS Clock divider pwrsaving is enabled
Jan  1 00:00:14 daemon warn kernel: DDR Self Refresh pwrsaving is enabled
Jan  1 00:00:14 daemon err syslog: dhcpd:udhcp server (v0.9.6) started
Jan  1 00:00:14 daemon info kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Jan  1 00:00:15 daemon info kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Jan  1 00:00:15 daemon warn kernel: Netfilter messages via NETLINK v0.30.
Jan  1 00:00:16 daemon info kernel: device eth0 entered promiscuous mode
Jan  1 00:00:16 daemon info kernel: ADDRCONF(NETDEV_UP): eth0: link is not ready
Jan  1 00:00:17 daemon info kernel: device eth1 entered promiscuous mode
Jan  1 00:00:17 daemon info kernel: ADDRCONF(NETDEV_UP): eth1: link is not ready
Jan  1 00:00:18 daemon info kernel: device eth2 entered promiscuous mode
Jan  1 00:00:18 daemon info kernel: ADDRCONF(NETDEV_UP): eth2: link is not ready
Jan  1 00:00:18 daemon info kernel: device eth3 entered promiscuous mode
Jan  1 00:00:19 daemon info kernel: ADDRCONF(NETDEV_UP): eth3: link is not ready
Jan  1 00:00:19 daemon info kernel: device wl0 entered promiscuous mode
Jan  1 00:00:20 daemon info kernel: br0: bridge group port 5(wl0) entering forwarding state
Jan  1 00:00:20 daemon warn kernel: *** dslThread dslPid=918
Jan  1 00:00:20 daemon warn kernel: BcmAdsl_Initialize=0xC022AE5C, g_pFnNotifyCallback=0xC026CFC4
Jan  1 00:00:20 daemon warn kernel: lmemhdr[2]=0x100CE000, pAdslLMem[2]=0x100CE000
Jan  1 00:00:20 daemon warn kernel: pSdramPHY=0xA7FFFFF8, 0x1B7743 0xDEADBEEF
Jan  1 00:00:20 daemon warn kernel: *** XfaceOffset: 0x5FF90 => 0x5FF90 ***
Jan  1 00:00:21 daemon warn kernel: *** PhySdramSize got adjusted: 0xF0B34 => 0x1274F0 ***
Jan  1 00:00:21 daemon warn kernel: AdslCoreSharedMemInit: shareMemSize=43757(43760)
Jan  1 00:00:21 daemon warn kernel: AdslCoreHwReset:  pLocSbSta=85b38000 bkupThreshold=3072
Jan  1 00:00:21 daemon warn kernel: AdslCoreHwReset:  AdslOemDataAddr = 0xA7FAF608
Jan  1 00:00:21 daemon warn kernel: ***BcmDiagsMgrRegisterClient: 0 ***
Jan  1 00:00:21 daemon warn kernel: dgasp: kerSysRegisterDyingGaspHandler: dsl0 registered 
Jan  1 00:00:21 daemon warn kernel: fapDrv_psmAlloc: fapIdx=1, size: 1600, offset=b0a22be0 bytes remaining 584
Jan  1 00:00:21 daemon warn kernel: XTM Init: Ch:0 - 200 rx BDs at 0xb0a22be0
Jan  1 00:00:21 daemon warn kernel: fapDrv_psmAlloc: fapIdx=1, size: 128, offset=b0a23220 bytes remaining 456
Jan  1 00:00:21 daemon warn kernel: XTM Init: Ch:1 - 16 rx BDs at 0xb0a23220
Jan  1 00:00:21 daemon warn kernel: bcmxtmrt: PTM/ATM Non-Bonding Mode configured in system 
Jan  1 00:00:21 daemon warn kernel: nf_conntrack version 0.5.0 (2028 buckets, 16224 max)
Jan  1 00:00:21 daemon info FDNSLOGIN: EZSO init
Jan  1 00:00:22 daemon info kernel: xt_time: kernel timezone is -0000
Jan  1 00:00:23 daemon info kernel: monitor task is initialized pid= 337 
Jan  1 00:00:24 daemon crit kernel: eth3 (switch port: 1) Link UP 1000 mbps full duplex
Jan  1 00:00:24 daemon info kernel: ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready
Jan  1 00:00:24 daemon info kernel: br0: bridge group port 4(eth3) entering forwarding state
Jan  1 00:00:25 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state
Jan  1 00:00:25 daemon info kernel: device wl0 left promiscuous mode
Jan  1 00:00:25 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state
Jan  1 00:00:25 daemon info kernel: device wl0 entered promiscuous mode
Jan  1 00:00:25 daemon info kernel: br0: bridge group port 5(wl0) entering forwarding state
Jan  1 00:00:26 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state
Jan  1 00:00:26 daemon info kernel: device wl0 left promiscuous mode
Jan  1 00:00:26 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state
Jan  1 00:00:26 daemon info kernel: device wl0 entered promiscuous mode
Jan  1 00:00:26 daemon info kernel: br0: bridge group port 5(wl0) entering forwarding state
Jan  1 00:00:30 daemon info WLAN Schedule: WLAN Schedule Control on wl0 start
Jan  1 00:00:47 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state
Jan  1 00:00:47 daemon info kernel: device wl0 left promiscuous mode
Jan  1 00:00:47 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state
Jan  1 00:00:50 daemon info WLAN Schedule: WLAN Schedule Control on wl0 exit
Jan  1 00:01:24 user info syslog: shutdown
Jan  1 00:01:25 daemon err FDNSLOGIN: Faked DNS shall BYE BYTE:signal=15
Jan  1 00:01:25 daemon err FDNSLOGIN: FakedDnsProxy is closed
Jan  1 00:01:25 daemon info FDNSLOGIN: shutdown
Jan  1 00:10:36 daemon crit kernel: eth3 (switch port: 1)  Link DOWN.
Jan  1 00:10:36 daemon info kernel: br0: bridge group port 4(eth3) entering disabled state
Jan  1 00:10:38 daemon crit kernel: eth3 (switch port: 1) Link UP 10 mbps half duplex
Jan  1 00:10:38 daemon info kernel: br0: bridge group port 4(eth3) entering forwarding state
Jan  1 00:11:22 daemon crit kernel: eth3 (switch port: 1)  Link DOWN.
Jan  1 00:11:22 daemon info kernel: br0: bridge group port 4(eth3) entering disabled state
Jan  1 00:11:25 daemon crit kernel: eth3 (switch port: 1) Link UP 1000 mbps full duplex
Jan  1 00:11:25 daemon info kernel: br0: bridge group port 4(eth3) entering forwarding state
Jan  1 00:15:05 daemon crit kernel: Line 0: VDSL G.993 started
Jan  1 00:15:16 daemon crit kernel: Line 0: VDSL2 link up, Bearer 0, us=8493, ds=39997
Jan  1 00:15:16 daemon warn kernel: bcmxtmcfg: XTM Link Information, port = 0, State = UP, Service Support = PTM 
Jan  1 00:15:16 daemon warn kernel: bcmxtmcfg: ReconfigureSAR port 0 traffictype 2 
Jan  1 00:15:16 daemon warn kernel: bcmxtmcfg: Normal(XTM/PTM) Mode enabled 
Jan  1 00:15:16 daemon warn kernel: TxLineRateTimer=3768 
Jan  1 00:15:16 daemon warn kernel: bcmxtmrt: MAC address: 
Jan  1 00:15:16 daemon warn kernel: [DoCreateDeviceReq.3087]: register_netdev
Jan  1 00:15:16 daemon warn kernel: [DoCreateDeviceReq.3089]: register_netdev done
Jan  1 00:15:17 daemon warn kernel: [FAP1] xtmCreateDevice : devId 0, encapType 0, headerLen 0
Jan  1 00:15:17 daemon warn kernel: bcmxtmcfg: Reserve PTM vcid=0 ptmPri=1 port=0 bondingPort=4
Jan  1 00:15:17 daemon warn kernel: bcmxtmcfg: Reserve PTM vcid=1 ptmPri=2 port=0 bondingPort=4
Jan  1 00:15:17 daemon warn kernel: bcmxtmcfg: Reserve TxQueueIdx=0 for vcid 0
Jan  1 00:15:17 daemon warn kernel: bcmxtmcfg: Reserve MP group=0 priority=0 weight=1
Jan  1 00:15:17 daemon warn kernel: XTM Init: Ch:0 - 400 tx BDs at 0xa4890000
Jan  1 00:15:17 daemon warn kernel: bcmxtmcfg: Connection UP, LinkActiveStatus=0x1, US=8493000, DS=39997000 
Jan  1 00:15:17 daemon warn kernel: [FAP0] xtmCreateDevice : devId 0, encapType 0, headerLen 0
Jan  1 00:15:17 daemon warn kernel: [FAP1] xtmLinkUp : devId 0, matchId 0
Jan  1 00:15:17 daemon warn kernel: [FAP0] xtmLinkUp : devId 0, matchId 0
Jan  1 00:15:17 daemon warn kernel: [FAP1] xtmLinkUp : devId 0, matchId 1
Jan  1 00:15:17 daemon warn kernel: [FAP0] xtmLinkUp : devId 0, matchId 1
Jan  1 00:15:17 daemon warn kernel: netdev path : ptm0.1
Jan  1 00:15:17 daemon info kernel:  -> ptm0
Jan  1 00:15:17 daemon warn kernel: BCMVLAN : ptm0 mode was set to RG
Jan  1 00:15:17 daemon info kernel: device ptm0.1 entered promiscuous mode
Jan  1 00:15:17 daemon info kernel: device ptm0 entered promiscuous mode
Jan  1 00:15:17 daemon info kernel: br0: bridge group port 5(ptm0.1) entering forwarding state
Jan  1 00:15:18 daemon err syslog: dhcpd:udhcp server (v0.9.6) started

here is the log file, look suspicious? faked DNS!?

Posted

I'd be more surprised by the fact that all your network interfaces entered promiscuous mode...

Posted
Jan  1 00:00:14 daemon warn kernel: Allocated FAP0 GSO Buffers (0xA5D2EC58) : 1048576 bytes @ 0xA5E00000
Jan  1 00:00:14 daemon warn kernel: Allocated FAP1 GSO Buffers (0xA5DAEC58) : 1048576 bytes @ 0xA5F00000
Jan  1 00:00:14 daemon warn kernel: Allocated FAP0 TM SDRAM Queue Storage (a5d2ec5c) : 341376 bytes @ a5800000
Jan  1 00:00:14 daemon warn kernel: Allocated FAP1 TM SDRAM Queue Storage (a5daec5c) : 341376 bytes @ a5880000
Jan  1 00:00:14 daemon warn kernel: ^[[0;34m[NTC fapProto] fapReset  : Reset FAP Protocol layer^[[0m
Jan  1 00:00:14 daemon warn kernel: [FAP0] DSPRAM : stack <0x80000000><1536>, global <0x80000600><3960>, free <2696>, total<8192>
Jan  1 00:00:14 daemon warn kernel: [FAP1] DSPRAM : stack <0x80000000><1536>, global <0x80000600><3960>, free <2696>, total<8192>
Jan  1 00:00:14 daemon warn kernel: [FAP0] PSM : addr<0x80002000>, used <23452>, free <1124>, total <24576>
Jan  1 00:00:14 daemon warn kernel: [FAP1] PSM : addr<0x80002000>, used <23452>, free <1124>, total <24576>
Jan  1 00:00:14 daemon warn kernel: [FAP0] DQM : availableMemory 14652 bytes, nextByteAddress 0xE0004948
Jan  1 00:00:14 daemon warn kernel: [FAP1] DQM : availableMemory 14652 bytes, nextByteAddress 0xE0004948
Jan  1 00:00:14 daemon warn kernel: [FAP0] GSO Buffer set to 0xA5E00000
Jan  1 00:00:14 daemon warn kernel: [FAP1] GSO Buffer set to 0xA5F00000
Jan  1 00:00:14 daemon warn kernel: [FAP0] FAP BPM Initialized.
Jan  1 00:00:14 daemon warn kernel: [FAP1] FAP BPM Initialized.
Jan  1 00:00:14 daemon warn kernel: fapDrv_construct: FAP0: pManagedMemory=b0820650. wastage 8 bytes
Jan  1 00:00:14 daemon warn kernel: fapDrv_construct: FAP1: pManagedMemory=b0a20650. wastage 8 bytes
Jan  1 00:00:14 daemon warn kernel: bcmPktDma_bind: FAP Driver binding successfull
Jan  1 00:00:14 daemon warn kernel: [FAP0] FAP TM: ON
Jan  1 00:00:14 daemon warn kernel: [FAP1] FAP TM: ON
Jan  1 00:00:14 daemon warn kernel: bcmxtmcfg: bcmxtmcfg_init entry
Jan  1 00:00:14 daemon warn kernel: adsl: adsl_init entry
Jan  1 00:00:14 daemon warn kernel: Broadcom BCM63168D0 Ethernet Network Device v0.1 Aug  7 2014 18:23:46
Jan  1 00:00:14 daemon warn kernel: Broadcom GMAC Char Driver v0.1 Aug  7 2014 18:23:52 Registered<249>^[[0m
Jan  1 00:00:14 daemon warn kernel: Broadcom GMAC Driver v0.1 Aug  7 2014 18:23:52 Initialized
Jan  1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: fapIdx=1, size: 4800, offset=b0a20650 bytes remaining 7000
Jan  1 00:00:14 daemon warn kernel: ETH Init: Ch:0 - 200 tx BDs at 0xb0a20650
Jan  1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: fapIdx=0, size: 4800, offset=b0820650 bytes remaining 7000
Jan  1 00:00:14 daemon warn kernel: ETH Init: Ch:1 - 200 tx BDs at 0xb0820650
Jan  1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: wastage 8 bytes
Jan  1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: fapIdx=0, size: 4808, offset=b0821910 bytes remaining 2184
Jan  1 00:00:14 daemon warn kernel: ETH Init: Ch:0 - 600 rx BDs at 0xb0821910
Jan  1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: wastage 8 bytes
Jan  1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: fapIdx=1, size: 4808, offset=b0a21910 bytes remaining 2184
Jan  1 00:00:14 daemon warn kernel: ETH Init: Ch:1 - 600 rx BDs at 0xb0a21910
Jan  1 00:00:14 daemon warn kernel: dgasp: kerSysRegisterDyingGaspHandler: bcmsw registered 
Jan  1 00:00:14 daemon warn kernel: eth0: MAC Address: 
Jan  1 00:00:14 daemon warn kernel: eth1: MAC Address: 
Jan  1 00:00:14 daemon warn kernel: eth2: MAC Address: 
Jan  1 00:00:14 daemon warn kernel: eth3: MAC Address: 
Jan  1 00:00:14 daemon info kernel: NComm TMS V6.80 Kernel Module loaded.
Jan  1 00:00:14 daemon warn kernel: ^[[0;34m[NTC arl] arlEnable : Enabled ARL binding to FAP^[[0m
Jan  1 00:00:14 daemon warn kernel: Broadcom Address Resolution Logic Processor (ARL) Char Driver v0.1 Aug  7 2014 18:23:20 Registered <245>
Jan  1 00:00:14 daemon warn kernel: --SMP support
Jan  1 00:00:14 daemon warn kernel: wl: dsl_tx_pkt_flush_len=338
Jan  1 00:00:14 daemon warn kernel: wl: high_wmark_tot=6149
Jan  1 00:00:14 daemon warn kernel: wl: passivemode=1
Jan  1 00:00:14 daemon warn kernel: wl: napimode=0
Jan  1 00:00:14 daemon warn kernel: wl0: allocskbmode=1 currallocskbsz=512
Jan  1 00:00:14 daemon warn kernel: Neither SPROM nor OTP has valid image
Jan  1 00:00:14 daemon warn kernel: wl:srom/otp not programmed, using main memory mapped srom info(wombo board)
Jan  1 00:00:14 daemon warn kernel: wl:loading /etc/wlan/bcm6362_map.bin
Jan  1 00:00:14 daemon warn kernel: srom rev:8
Jan  1 00:00:14 daemon warn kernel: wl: reading /etc/wlan/bcmcmn_nvramvars.bin, file size=32
Jan  1 00:00:14 daemon warn kernel: wl0: Broadcom BCM435f 802.11 Wireless Controller 6.30.102.7.cpe4.12L08.4
Jan  1 00:00:14 daemon warn kernel: dgasp: kerSysRegisterDyingGaspHandler: wl0 registered 
Jan  1 00:00:14 daemon warn kernel: Loading DECT Shim driver 
Jan  1 00:00:14 daemon warn kernel: Initialize DECT Shim layer....
Jan  1 00:00:14 daemon warn kernel: p8021ag: p8021ag_init entry
Jan  1 00:00:14 daemon info kernel: Broadcom 802.1Q VLAN Interface, v0.1
Jan  1 00:00:14 daemon warn kernel: usb r:0
Jan  1 00:00:14 daemon info kernel: ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
Jan  1 00:00:14 daemon warn kernel: PCI: Enabling device 0000:00:0a.0 (0000 -> 0002)
Jan  1 00:00:14 daemon info kernel: ehci_hcd 0000:00:0a.0: EHCI Host Controller
Jan  1 00:00:14 daemon info kernel: ehci_hcd 0000:00:0a.0: new USB bus registered, assigned bus number 1
Jan  1 00:00:14 daemon warn kernel: ehci_hcd 0000:00:0a.0: Enabling legacy PCI PM
Jan  1 00:00:14 daemon info kernel: ehci_hcd 0000:00:0a.0: irq 18, io mem 0x10002500
Jan  1 00:00:14 daemon info kernel: ehci_hcd 0000:00:0a.0: USB f.f started, EHCI 1.00
Jan  1 00:00:14 daemon info kernel: usb usb1: configuration #1 chosen from 1 choice
Jan  1 00:00:14 daemon info kernel: hub 1-0:1.0: USB hub found
Jan  1 00:00:14 daemon info kernel: hub 1-0:1.0: 2 ports detected

here is first part of log, got cut off

yes I thought that looked suspicious

I assume I would have to open it up physically and JTAG or something to actually stop the hack?

Posted (edited)

Include a factory reset with the firmware upgrade.

Looking through the manual it might simply be this product's regular state. What, specifically says to you "it's hacked"? Is it acting up or do you simply not understand what's shown in the logs, which troubles you?

Edited by Cooper
Posted

Is the device actively bridged to another gateway/router?

Posted

I did include a factory reset

I set it to bridge mode yeah

It's definitely hacked, I just wondered if it was possible to tell from the system log alone - it was not showing this amount of warning messages before

it's running port scans, mitm attacks, looks like traffic is being routed elsewhere

Posted

I'm not sure its hacked, but if you are having issues with DNS rebinding, almost all devices when in bridged mode, disable their security and use the default gateways settings as a rule set usually. Not all devices, but many wireless routers will do this when bridged to another as its gateway, it drops its firewall to some extent, removes control panel options and uses enforcement from the default gateway, which is another reason I hard code OpenDNS in my NIC settings vs relying on default gateways for DNS settings, at home, or on other networks I use. Not saying this is what is happening, since we don't know what your "hack" concern is though.

http://www.billion.com/product/wireless/Demo-3G-Router/syslog.html

This seems like its part of what the device does though, but I could be wrong.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...