Community discussions

 
User avatar
Nollitik
Member Candidate
Member Candidate
Topic Author
Posts: 211
Joined: Tue Dec 07, 2010 8:16 am

Router's default Address after Custom Configured

Sun Oct 06, 2019 9:59 pm

So, the other day my Internet was down and a public IP address was not available from my ISP. The next day the Internet was still down; however, I noticed that I received a private IP address from my ISP that raised a red flag. My configured router's address is 10.0.8.1, yet my ISP was attempting to connecting to 192.168.88.1 the router's default IP address. So is this default address available even when the router has a custom configuration? Below is what my IDS/IPS showed and I wondered whether my ISP was on a phishing expedition with a 10.8.8.1 address as well as whether my router gave out its name Mikrotik why they tried the default address:
Screen Shot 2019-10-03 at 12.27.36 PM.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1051
Joined: Fri Jul 28, 2017 2:53 pm

Re: Router's default Address after Custom Configured  [SOLVED]

Tue Oct 08, 2019 2:57 pm

Hey. It's DNS flood from outside, perhaps from your ISP. So just disable your DNS "allow-remote-requests" option. If it's already disabled, then relax. Every router in the world drops so many trash you can't imagine.
 
User avatar
Nollitik
Member Candidate
Member Candidate
Topic Author
Posts: 211
Joined: Tue Dec 07, 2010 8:16 am

Re: Router's default Address after Custom Configured

Wed Oct 09, 2019 6:46 am

Hey. It's DNS flood from outside, perhaps from your ISP. So just disable your DNS "allow-remote-requests" option. If it's already disabled, then relax. Every router in the world drops so many trash you can't imagine.
Yes, I know it's harmless traffic; however, I have an edge pfSense box that strictly forbid external request. I did notice that "allow-remote-requests" was enabled, and I disabled it.

What I am pissed about is it appears my ISP wanted to hit me up with service charge. I paid for a public IP address, yet the Internet was down then, came back with a private IP address to make the router appear to be working with link light blinking. After the intrusion that disguised as a DNS request flood event, I received a call/voice message from the ISP saying staffs were coming out to check for trouble.

Who is online

Users browsing this forum: MSN [Bot] and 137 guests