NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Strange IP address and DynDNS entries (though not installed) found in log
Hi there.
Recently I was looking closely at the logs because of a problem which has been solved for now. To my surprise, I found this:
In system.log were many recent (always the same) Warning and Failed messages by "ddclient" with a DynDNS address that we had been using many years ago on this device, then deactivated and (supposedly) uninstalled DynDNS.
But it was still active and trying to do something.
Now I also uninstalled ddclient on the root shell, and those messages do not repeat.
In nmbd.log I found this:
***** Samba name server OURNAS is now a local master browser for workgroup WORKGROUP on subnet 5.192.66.21 *****
That IP address is located in the Arab Emirates, far away from our local network or our network provider (located in Germany). We most certainly never have entered that specific IP address anywhere and I was just guessing it has something to do with IPv6 name resolution. Now I have switched IPv6 off at the ReadyNAS network interface (it was DHCP before while IPv4 is static) and I am not seeing that messages anymore. (Our network service provider still does not support IPv6 anyway).
What can you make of this?
AGSowjet wrote:
***** Samba name server OURNAS is now a local master browser for workgroup WORKGROUP on subnet 5.192.66.21 *****
That IP address is located in the Arab Emirates,Well, it's an IPv4 address, so it has nothing to do with IPv6.
These addresses are hijacked by the ReadyCloud VPN, so they are actually being assigned to the NAS ReadyCloud connection (and your ReadyCloud users).
The backstory here: Originally these addresses were reserved for experimental purposes. Leaf used them in their VPN, and Netgear has never gotten around to changing the address range (after they aquired Leaf). Several years ago, the addresses were reclaimed for general use, as part of the response to IPv4 address depletion, and they are now administered by RIPE
I've complained about the continued hijacking for several years to no avail. It's not a big deal to you (now that you know what they are), but there some folks who are assigned addresses in this range by their ISPs, and they simply can't use ReadyCloud.
1 Reply
Replies have been turned off for this discussion
AGSowjet wrote:
***** Samba name server OURNAS is now a local master browser for workgroup WORKGROUP on subnet 5.192.66.21 *****
That IP address is located in the Arab Emirates,Well, it's an IPv4 address, so it has nothing to do with IPv6.
These addresses are hijacked by the ReadyCloud VPN, so they are actually being assigned to the NAS ReadyCloud connection (and your ReadyCloud users).
The backstory here: Originally these addresses were reserved for experimental purposes. Leaf used them in their VPN, and Netgear has never gotten around to changing the address range (after they aquired Leaf). Several years ago, the addresses were reclaimed for general use, as part of the response to IPv4 address depletion, and they are now administered by RIPE
I've complained about the continued hijacking for several years to no avail. It's not a big deal to you (now that you know what they are), but there some folks who are assigned addresses in this range by their ISPs, and they simply can't use ReadyCloud.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
