Strange things in log?

I read log and saw this. I did not change any settings.
Does it look suspicious or not?

[282146.771564] mtk_soc_eth 15100000.ethernet ethi:
configuring for phy/sgmii link mode

[282147.170010] mtk_soc_eth 15100000.ethernet eth1: PHY [mdio-bus:01] driver [RTL8221B-VB-CG 2.5Gbps PHY.

[282147.180264] mtk_soc_eth 15100000.ethernet eth1: configuring for phy/sgmii link mode

282147.286214 kmwan: Delete node:wan

[282150.116480] mtk_soc_eth 15100000.ethernet eth1: Link is

Up - 1Gbps/Full - flow control off

[282150.124855] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready

[282151.434723] Enable hnat guest interface

[282151.438657] extif_set_dev(ra1)

[282151.441799] mtk_ppe_dev_register_hook: ineterface ra1

register (5)

[282151.448165] extif_set_dev(rax1)

[282151.451385] mtk_ppe_dev_register_hook: ineterface rax1

register (6)

[282151.457927] Disable hnat ipv6

[282153.883265] [add_dev_config 306ladd node success. iface:wan, dev:eth1, ifindex:3

lol - almost everything in the system logs look suspicious :crazy_face:. But I don’t see any evidence of malicious events there.

Because the Openwrt OS is open source and needs to accommodate so many different hardware platforms, there is often many log entries that are a result of the system working it’s way through what is in yours. Also, many times people don’t have IPv6 enabled, so the system works through all that.

To me, this just looks like your router is setting up your ports and enabling nat.

3 Likes

Why do you think this log-snippet looks suspicious? It shows the standard startup and configuration of the router's Ethernet and wireless interfaces. There's no indication of unauthorized access, malicious activity, or unusual traffic patterns in this snippet.

2 Likes

Yup, for me, this log looks like a normal OpenWrt log as well. Nothing special.
Those logs are not really for end users, too much spam-y things in there.

1 Like

Thanks for the help.

When I saw this I change the admin password at 192.168.8.1, just to be sure. And then tried to log in through the app one time but got ”Too many failed log in attempts wait 506 seconds”

Did the app make the log in attempts with the old password after I changed it?

I guess so, yeah.

I tried change the password again and could not replicate it. Maybe it was a bug?

The reason I’m reading logs and being a bit worried is that my neighbor hacked my last router.

That stinks! How did they get in? Most modern routers are relatively secure unless you have weak passwords or open ports.

I always set very complex passwords out of habit and keep my guest interface disabled unless I have company. And I have transitioned to WireGuard vpn rather than opening ports for services.

  • Change your Wi-Fi password and the password for the web interface.
  • Disable guest Wi-Fi (if not needed).
  • Always use complex passwords.
  • Ensure nobody has physical access to your network.

If you are really worried about network activity, install something like NetAlertX on a Raspberry Pi (a Raspberry Pi Zero 2 W for around 20 bucks with an additional network adapter is sufficient for home network use).

It will help you with:

  • Detection of unknown devices on the network.
  • Monitoring of port changes.
  • Real-time notifications of unusual network activity.
  • Regular network scans
1 Like

What is the danger of an always-on guest network?

A guest Wi-Fi is not inherently a danger, but the less attack surface you offer, the better.

1 Like