trillion Posted February 3, 2015 Posted February 3, 2015 Jan 1 00:00:14 daemon info kernel: ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver Jan 1 00:00:14 daemon warn kernel: PCI: Enabling device 0000:00:09.0 (0000 -> 0002) Jan 1 00:00:14 daemon info kernel: ohci_hcd 0000:00:09.0: OHCI Host Controller Jan 1 00:00:14 daemon info kernel: ohci_hcd 0000:00:09.0: new USB bus registered, assigned bus number 2 Jan 1 00:00:14 daemon info kernel: ohci_hcd 0000:00:09.0: irq 17, io mem 0x10002600 Jan 1 00:00:14 daemon info kernel: usb usb2: configuration #1 chosen from 1 choice Jan 1 00:00:14 daemon info kernel: hub 2-0:1.0: USB hub found Jan 1 00:00:14 daemon info kernel: hub 2-0:1.0: 2 ports detected Jan 1 00:00:14 daemon warn kernel: Host MIPS Clock divider pwrsaving is enabled Jan 1 00:00:14 daemon warn kernel: DDR Self Refresh pwrsaving is enabled Jan 1 00:00:14 daemon err syslog: dhcpd:udhcp server (v0.9.6) started Jan 1 00:00:14 daemon info kernel: ip_tables: (C) 2000-2006 Netfilter Core Team Jan 1 00:00:15 daemon info kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team Jan 1 00:00:15 daemon warn kernel: Netfilter messages via NETLINK v0.30. Jan 1 00:00:16 daemon info kernel: device eth0 entered promiscuous mode Jan 1 00:00:16 daemon info kernel: ADDRCONF(NETDEV_UP): eth0: link is not ready Jan 1 00:00:17 daemon info kernel: device eth1 entered promiscuous mode Jan 1 00:00:17 daemon info kernel: ADDRCONF(NETDEV_UP): eth1: link is not ready Jan 1 00:00:18 daemon info kernel: device eth2 entered promiscuous mode Jan 1 00:00:18 daemon info kernel: ADDRCONF(NETDEV_UP): eth2: link is not ready Jan 1 00:00:18 daemon info kernel: device eth3 entered promiscuous mode Jan 1 00:00:19 daemon info kernel: ADDRCONF(NETDEV_UP): eth3: link is not ready Jan 1 00:00:19 daemon info kernel: device wl0 entered promiscuous mode Jan 1 00:00:20 daemon info kernel: br0: bridge group port 5(wl0) entering forwarding state Jan 1 00:00:20 daemon warn kernel: *** dslThread dslPid=918 Jan 1 00:00:20 daemon warn kernel: BcmAdsl_Initialize=0xC022AE5C, g_pFnNotifyCallback=0xC026CFC4 Jan 1 00:00:20 daemon warn kernel: lmemhdr[2]=0x100CE000, pAdslLMem[2]=0x100CE000 Jan 1 00:00:20 daemon warn kernel: pSdramPHY=0xA7FFFFF8, 0x1B7743 0xDEADBEEF Jan 1 00:00:20 daemon warn kernel: *** XfaceOffset: 0x5FF90 => 0x5FF90 *** Jan 1 00:00:21 daemon warn kernel: *** PhySdramSize got adjusted: 0xF0B34 => 0x1274F0 *** Jan 1 00:00:21 daemon warn kernel: AdslCoreSharedMemInit: shareMemSize=43757(43760) Jan 1 00:00:21 daemon warn kernel: AdslCoreHwReset: pLocSbSta=85b38000 bkupThreshold=3072 Jan 1 00:00:21 daemon warn kernel: AdslCoreHwReset: AdslOemDataAddr = 0xA7FAF608 Jan 1 00:00:21 daemon warn kernel: ***BcmDiagsMgrRegisterClient: 0 *** Jan 1 00:00:21 daemon warn kernel: dgasp: kerSysRegisterDyingGaspHandler: dsl0 registered Jan 1 00:00:21 daemon warn kernel: fapDrv_psmAlloc: fapIdx=1, size: 1600, offset=b0a22be0 bytes remaining 584 Jan 1 00:00:21 daemon warn kernel: XTM Init: Ch:0 - 200 rx BDs at 0xb0a22be0 Jan 1 00:00:21 daemon warn kernel: fapDrv_psmAlloc: fapIdx=1, size: 128, offset=b0a23220 bytes remaining 456 Jan 1 00:00:21 daemon warn kernel: XTM Init: Ch:1 - 16 rx BDs at 0xb0a23220 Jan 1 00:00:21 daemon warn kernel: bcmxtmrt: PTM/ATM Non-Bonding Mode configured in system Jan 1 00:00:21 daemon warn kernel: nf_conntrack version 0.5.0 (2028 buckets, 16224 max) Jan 1 00:00:21 daemon info FDNSLOGIN: EZSO init Jan 1 00:00:22 daemon info kernel: xt_time: kernel timezone is -0000 Jan 1 00:00:23 daemon info kernel: monitor task is initialized pid= 337 Jan 1 00:00:24 daemon crit kernel: eth3 (switch port: 1) Link UP 1000 mbps full duplex Jan 1 00:00:24 daemon info kernel: ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready Jan 1 00:00:24 daemon info kernel: br0: bridge group port 4(eth3) entering forwarding state Jan 1 00:00:25 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state Jan 1 00:00:25 daemon info kernel: device wl0 left promiscuous mode Jan 1 00:00:25 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state Jan 1 00:00:25 daemon info kernel: device wl0 entered promiscuous mode Jan 1 00:00:25 daemon info kernel: br0: bridge group port 5(wl0) entering forwarding state Jan 1 00:00:26 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state Jan 1 00:00:26 daemon info kernel: device wl0 left promiscuous mode Jan 1 00:00:26 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state Jan 1 00:00:26 daemon info kernel: device wl0 entered promiscuous mode Jan 1 00:00:26 daemon info kernel: br0: bridge group port 5(wl0) entering forwarding state Jan 1 00:00:30 daemon info WLAN Schedule: WLAN Schedule Control on wl0 start Jan 1 00:00:47 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state Jan 1 00:00:47 daemon info kernel: device wl0 left promiscuous mode Jan 1 00:00:47 daemon info kernel: br0: bridge group port 5(wl0) entering disabled state Jan 1 00:00:50 daemon info WLAN Schedule: WLAN Schedule Control on wl0 exit Jan 1 00:01:24 user info syslog: shutdown Jan 1 00:01:25 daemon err FDNSLOGIN: Faked DNS shall BYE BYTE:signal=15 Jan 1 00:01:25 daemon err FDNSLOGIN: FakedDnsProxy is closed Jan 1 00:01:25 daemon info FDNSLOGIN: shutdown Jan 1 00:10:36 daemon crit kernel: eth3 (switch port: 1) Link DOWN. Jan 1 00:10:36 daemon info kernel: br0: bridge group port 4(eth3) entering disabled state Jan 1 00:10:38 daemon crit kernel: eth3 (switch port: 1) Link UP 10 mbps half duplex Jan 1 00:10:38 daemon info kernel: br0: bridge group port 4(eth3) entering forwarding state Jan 1 00:11:22 daemon crit kernel: eth3 (switch port: 1) Link DOWN. Jan 1 00:11:22 daemon info kernel: br0: bridge group port 4(eth3) entering disabled state Jan 1 00:11:25 daemon crit kernel: eth3 (switch port: 1) Link UP 1000 mbps full duplex Jan 1 00:11:25 daemon info kernel: br0: bridge group port 4(eth3) entering forwarding state Jan 1 00:15:05 daemon crit kernel: Line 0: VDSL G.993 started Jan 1 00:15:16 daemon crit kernel: Line 0: VDSL2 link up, Bearer 0, us=8493, ds=39997 Jan 1 00:15:16 daemon warn kernel: bcmxtmcfg: XTM Link Information, port = 0, State = UP, Service Support = PTM Jan 1 00:15:16 daemon warn kernel: bcmxtmcfg: ReconfigureSAR port 0 traffictype 2 Jan 1 00:15:16 daemon warn kernel: bcmxtmcfg: Normal(XTM/PTM) Mode enabled Jan 1 00:15:16 daemon warn kernel: TxLineRateTimer=3768 Jan 1 00:15:16 daemon warn kernel: bcmxtmrt: MAC address: Jan 1 00:15:16 daemon warn kernel: [DoCreateDeviceReq.3087]: register_netdev Jan 1 00:15:16 daemon warn kernel: [DoCreateDeviceReq.3089]: register_netdev done Jan 1 00:15:17 daemon warn kernel: [FAP1] xtmCreateDevice : devId 0, encapType 0, headerLen 0 Jan 1 00:15:17 daemon warn kernel: bcmxtmcfg: Reserve PTM vcid=0 ptmPri=1 port=0 bondingPort=4 Jan 1 00:15:17 daemon warn kernel: bcmxtmcfg: Reserve PTM vcid=1 ptmPri=2 port=0 bondingPort=4 Jan 1 00:15:17 daemon warn kernel: bcmxtmcfg: Reserve TxQueueIdx=0 for vcid 0 Jan 1 00:15:17 daemon warn kernel: bcmxtmcfg: Reserve MP group=0 priority=0 weight=1 Jan 1 00:15:17 daemon warn kernel: XTM Init: Ch:0 - 400 tx BDs at 0xa4890000 Jan 1 00:15:17 daemon warn kernel: bcmxtmcfg: Connection UP, LinkActiveStatus=0x1, US=8493000, DS=39997000 Jan 1 00:15:17 daemon warn kernel: [FAP0] xtmCreateDevice : devId 0, encapType 0, headerLen 0 Jan 1 00:15:17 daemon warn kernel: [FAP1] xtmLinkUp : devId 0, matchId 0 Jan 1 00:15:17 daemon warn kernel: [FAP0] xtmLinkUp : devId 0, matchId 0 Jan 1 00:15:17 daemon warn kernel: [FAP1] xtmLinkUp : devId 0, matchId 1 Jan 1 00:15:17 daemon warn kernel: [FAP0] xtmLinkUp : devId 0, matchId 1 Jan 1 00:15:17 daemon warn kernel: netdev path : ptm0.1 Jan 1 00:15:17 daemon info kernel: -> ptm0 Jan 1 00:15:17 daemon warn kernel: BCMVLAN : ptm0 mode was set to RG Jan 1 00:15:17 daemon info kernel: device ptm0.1 entered promiscuous mode Jan 1 00:15:17 daemon info kernel: device ptm0 entered promiscuous mode Jan 1 00:15:17 daemon info kernel: br0: bridge group port 5(ptm0.1) entering forwarding state Jan 1 00:15:18 daemon err syslog: dhcpd:udhcp server (v0.9.6) started here is the log file, look suspicious? faked DNS!? Quote
cooper Posted February 3, 2015 Posted February 3, 2015 I'd be more surprised by the fact that all your network interfaces entered promiscuous mode... Quote
trillion Posted February 3, 2015 Author Posted February 3, 2015 Jan 1 00:00:14 daemon warn kernel: Allocated FAP0 GSO Buffers (0xA5D2EC58) : 1048576 bytes @ 0xA5E00000 Jan 1 00:00:14 daemon warn kernel: Allocated FAP1 GSO Buffers (0xA5DAEC58) : 1048576 bytes @ 0xA5F00000 Jan 1 00:00:14 daemon warn kernel: Allocated FAP0 TM SDRAM Queue Storage (a5d2ec5c) : 341376 bytes @ a5800000 Jan 1 00:00:14 daemon warn kernel: Allocated FAP1 TM SDRAM Queue Storage (a5daec5c) : 341376 bytes @ a5880000 Jan 1 00:00:14 daemon warn kernel: ^[[0;34m[NTC fapProto] fapReset : Reset FAP Protocol layer^[[0m Jan 1 00:00:14 daemon warn kernel: [FAP0] DSPRAM : stack <0x80000000><1536>, global <0x80000600><3960>, free <2696>, total<8192> Jan 1 00:00:14 daemon warn kernel: [FAP1] DSPRAM : stack <0x80000000><1536>, global <0x80000600><3960>, free <2696>, total<8192> Jan 1 00:00:14 daemon warn kernel: [FAP0] PSM : addr<0x80002000>, used <23452>, free <1124>, total <24576> Jan 1 00:00:14 daemon warn kernel: [FAP1] PSM : addr<0x80002000>, used <23452>, free <1124>, total <24576> Jan 1 00:00:14 daemon warn kernel: [FAP0] DQM : availableMemory 14652 bytes, nextByteAddress 0xE0004948 Jan 1 00:00:14 daemon warn kernel: [FAP1] DQM : availableMemory 14652 bytes, nextByteAddress 0xE0004948 Jan 1 00:00:14 daemon warn kernel: [FAP0] GSO Buffer set to 0xA5E00000 Jan 1 00:00:14 daemon warn kernel: [FAP1] GSO Buffer set to 0xA5F00000 Jan 1 00:00:14 daemon warn kernel: [FAP0] FAP BPM Initialized. Jan 1 00:00:14 daemon warn kernel: [FAP1] FAP BPM Initialized. Jan 1 00:00:14 daemon warn kernel: fapDrv_construct: FAP0: pManagedMemory=b0820650. wastage 8 bytes Jan 1 00:00:14 daemon warn kernel: fapDrv_construct: FAP1: pManagedMemory=b0a20650. wastage 8 bytes Jan 1 00:00:14 daemon warn kernel: bcmPktDma_bind: FAP Driver binding successfull Jan 1 00:00:14 daemon warn kernel: [FAP0] FAP TM: ON Jan 1 00:00:14 daemon warn kernel: [FAP1] FAP TM: ON Jan 1 00:00:14 daemon warn kernel: bcmxtmcfg: bcmxtmcfg_init entry Jan 1 00:00:14 daemon warn kernel: adsl: adsl_init entry Jan 1 00:00:14 daemon warn kernel: Broadcom BCM63168D0 Ethernet Network Device v0.1 Aug 7 2014 18:23:46 Jan 1 00:00:14 daemon warn kernel: Broadcom GMAC Char Driver v0.1 Aug 7 2014 18:23:52 Registered<249>^[[0m Jan 1 00:00:14 daemon warn kernel: Broadcom GMAC Driver v0.1 Aug 7 2014 18:23:52 Initialized Jan 1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: fapIdx=1, size: 4800, offset=b0a20650 bytes remaining 7000 Jan 1 00:00:14 daemon warn kernel: ETH Init: Ch:0 - 200 tx BDs at 0xb0a20650 Jan 1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: fapIdx=0, size: 4800, offset=b0820650 bytes remaining 7000 Jan 1 00:00:14 daemon warn kernel: ETH Init: Ch:1 - 200 tx BDs at 0xb0820650 Jan 1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: wastage 8 bytes Jan 1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: fapIdx=0, size: 4808, offset=b0821910 bytes remaining 2184 Jan 1 00:00:14 daemon warn kernel: ETH Init: Ch:0 - 600 rx BDs at 0xb0821910 Jan 1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: wastage 8 bytes Jan 1 00:00:14 daemon warn kernel: fapDrv_psmAlloc: fapIdx=1, size: 4808, offset=b0a21910 bytes remaining 2184 Jan 1 00:00:14 daemon warn kernel: ETH Init: Ch:1 - 600 rx BDs at 0xb0a21910 Jan 1 00:00:14 daemon warn kernel: dgasp: kerSysRegisterDyingGaspHandler: bcmsw registered Jan 1 00:00:14 daemon warn kernel: eth0: MAC Address: Jan 1 00:00:14 daemon warn kernel: eth1: MAC Address: Jan 1 00:00:14 daemon warn kernel: eth2: MAC Address: Jan 1 00:00:14 daemon warn kernel: eth3: MAC Address: Jan 1 00:00:14 daemon info kernel: NComm TMS V6.80 Kernel Module loaded. Jan 1 00:00:14 daemon warn kernel: ^[[0;34m[NTC arl] arlEnable : Enabled ARL binding to FAP^[[0m Jan 1 00:00:14 daemon warn kernel: Broadcom Address Resolution Logic Processor (ARL) Char Driver v0.1 Aug 7 2014 18:23:20 Registered <245> Jan 1 00:00:14 daemon warn kernel: --SMP support Jan 1 00:00:14 daemon warn kernel: wl: dsl_tx_pkt_flush_len=338 Jan 1 00:00:14 daemon warn kernel: wl: high_wmark_tot=6149 Jan 1 00:00:14 daemon warn kernel: wl: passivemode=1 Jan 1 00:00:14 daemon warn kernel: wl: napimode=0 Jan 1 00:00:14 daemon warn kernel: wl0: allocskbmode=1 currallocskbsz=512 Jan 1 00:00:14 daemon warn kernel: Neither SPROM nor OTP has valid image Jan 1 00:00:14 daemon warn kernel: wl:srom/otp not programmed, using main memory mapped srom info(wombo board) Jan 1 00:00:14 daemon warn kernel: wl:loading /etc/wlan/bcm6362_map.bin Jan 1 00:00:14 daemon warn kernel: srom rev:8 Jan 1 00:00:14 daemon warn kernel: wl: reading /etc/wlan/bcmcmn_nvramvars.bin, file size=32 Jan 1 00:00:14 daemon warn kernel: wl0: Broadcom BCM435f 802.11 Wireless Controller 6.30.102.7.cpe4.12L08.4 Jan 1 00:00:14 daemon warn kernel: dgasp: kerSysRegisterDyingGaspHandler: wl0 registered Jan 1 00:00:14 daemon warn kernel: Loading DECT Shim driver Jan 1 00:00:14 daemon warn kernel: Initialize DECT Shim layer.... Jan 1 00:00:14 daemon warn kernel: p8021ag: p8021ag_init entry Jan 1 00:00:14 daemon info kernel: Broadcom 802.1Q VLAN Interface, v0.1 Jan 1 00:00:14 daemon warn kernel: usb r:0 Jan 1 00:00:14 daemon info kernel: ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver Jan 1 00:00:14 daemon warn kernel: PCI: Enabling device 0000:00:0a.0 (0000 -> 0002) Jan 1 00:00:14 daemon info kernel: ehci_hcd 0000:00:0a.0: EHCI Host Controller Jan 1 00:00:14 daemon info kernel: ehci_hcd 0000:00:0a.0: new USB bus registered, assigned bus number 1 Jan 1 00:00:14 daemon warn kernel: ehci_hcd 0000:00:0a.0: Enabling legacy PCI PM Jan 1 00:00:14 daemon info kernel: ehci_hcd 0000:00:0a.0: irq 18, io mem 0x10002500 Jan 1 00:00:14 daemon info kernel: ehci_hcd 0000:00:0a.0: USB f.f started, EHCI 1.00 Jan 1 00:00:14 daemon info kernel: usb usb1: configuration #1 chosen from 1 choice Jan 1 00:00:14 daemon info kernel: hub 1-0:1.0: USB hub found Jan 1 00:00:14 daemon info kernel: hub 1-0:1.0: 2 ports detected here is first part of log, got cut off yes I thought that looked suspicious I assume I would have to open it up physically and JTAG or something to actually stop the hack? Quote
cooper Posted February 3, 2015 Posted February 3, 2015 (edited) Include a factory reset with the firmware upgrade. Looking through the manual it might simply be this product's regular state. What, specifically says to you "it's hacked"? Is it acting up or do you simply not understand what's shown in the logs, which troubles you? Edited February 3, 2015 by Cooper Quote
digip Posted February 3, 2015 Posted February 3, 2015 Is the device actively bridged to another gateway/router? Quote
trillion Posted February 3, 2015 Author Posted February 3, 2015 I did include a factory reset I set it to bridge mode yeah It's definitely hacked, I just wondered if it was possible to tell from the system log alone - it was not showing this amount of warning messages before it's running port scans, mitm attacks, looks like traffic is being routed elsewhere Quote
digip Posted February 4, 2015 Posted February 4, 2015 I'm not sure its hacked, but if you are having issues with DNS rebinding, almost all devices when in bridged mode, disable their security and use the default gateways settings as a rule set usually. Not all devices, but many wireless routers will do this when bridged to another as its gateway, it drops its firewall to some extent, removes control panel options and uses enforcement from the default gateway, which is another reason I hard code OpenDNS in my NIC settings vs relying on default gateways for DNS settings, at home, or on other networks I use. Not saying this is what is happening, since we don't know what your "hack" concern is though. http://www.billion.com/product/wireless/Demo-3G-Router/syslog.html This seems like its part of what the device does though, but I could be wrong. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.