Reply
jimbadder
Follower

Why do I get lots of [admin login failure] entries in log file?

I am getting lots of these, and it appears to slow down my connection. Both IP addresses are local, reserved addresses. I have a CGD24N-2BPAUS as a gateway, with the wireless switched off and a WNDR3700 with the wireless on. THIS is 192.168.1.10 a Win 7 PC , 192.168.1.12 is a Win XP, I have other PCs and an iPad connected but they don't show up. Do I have some 'orrible trojan/virus?
What is going on? :eek:


[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 02:25:40
[admin login failure] from source 192.168.1.12, Wednesday, November 23,2011 02:25:24
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 02:25:05
[admin login failure] from source 192.168.1.12, Wednesday, November 23,2011 02:24:49
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 02:24:29
[admin login failure] from source 192.168.1.12, Wednesday, November 23,2011 02:24:14
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 02:23:54
[admin login failure] from source 192.168.1.12, Wednesday, November 23,2011 02:23:39
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 02:23:18
[admin login failure] from source 192.168.1.12, Wednesday, November 23,2011 02:23:04
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 02:22:43
[admin login failure] from source 192.168.1.12, Wednesday, November 23,2011 02:22:26
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 02:22:07
[admin login failure] from source 192.168.1.12, Wednesday, November 23,2011 02:21:51
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 02:21:32
[DHCP IP: 192.168.1.12] to MAC address 1c:6f:65:75:b4:0f, Wednesday, November 23,2011 02:21:17
[admin login failure] from source 192.168.1.12, Wednesday, November 23,2011 02:21:13
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 02:16:12
[Internet connected] IP address: 192.168.0.2, Wednesday, November 23,2011 02:16:11
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 01:46:38
[Internet connected] IP address: 192.168.0.2, Wednesday, November 23,2011 01:46:10
[admin login failure] from source 192.168.1.10, Wednesday, November 23,2011 01:45:27
Message 1 of 5
RoderickGI
Aspirant

Re: Why do I get lots of [admin login failure] entries in log file?

jimbadder wrote:
Do I have some 'orrible trojan/virus?
Either that, or someone who uses those two PCs is trying to log into the router. Given the times of the incidents, and the speed of repeat attempts, I'd go with a trojan.

BTW, have you turned of NAT in your CGD24N-2BPAUS as well? You should, in order to get the CGD24N-2BPAUS to act as just a modem and nothing else. Have a search around here: http://www.extreame.net.au/ to confirm how to put the CGD24N-2BPAUS into bridged mode, which is what you want.

It may even help with the errors you are seeing, if they are caused by some side effect of Double NAT in your LAN.
Message 2 of 5
Joe_
Apprentice

Re: Why do I get lots of [admin login failure] entries in log file?

I concur with RoderickGI.
Message 3 of 5
Mars Mug
Virtuoso

Re: Why do I get lots of [admin login failure] entries in log file?

Maybe it’s UPnP related?

Both PCs seem to attempt to connect at 35 second intervals.

You could install Microsoft Network Monitor (free) on one or both PCs and capture say 60 seconds worth of data, you should be able to identify the login attempt which may help to track down the culprit.

You could also check Windows startup programs and disable anything not needed, there are online lists of startup processes that you can use to help with this. Disabled processes can easily be re-enabled if you find the specific cause.
Message 4 of 5
jlewter
Guide

Re: Why do I get lots of [admin login failure] entries in log file?

Just to add something to this mix, dont do any online banking until you figgure this out ;P.....

It does look like you have some sort of virus/malware.
Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 7605 views
  • 0 kudos
  • 5 in conversation
Announcements