Am I being hacked?

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
User avatar
russ553
Level 1
Level 1
Posts: 40
Joined: Fri Mar 18, 2011 5:26 pm

Am I being hacked?

Post by russ553 »

Not being a power user, I am unsure what the entries in this file mean. This is my router log file from last night. I seem to have a lot of weird stuff going on with my wireless lately and have seen my cpu activity continue at kinda high rates when not doing anything on the computer.

I keep changing the passwords, admin and sign on to wireless, and have tried 2 different routers with same types of weirdness going on. Lots of activity going on during the early morning hours. And I have no idea why these dates are so wonky.

Code: Select all

Jan  1 06:00:02 (none) daemon.info dnsmasq[353]: started, version 1.10 cachesize 150
Jan  1 06:00:02 (none) daemon.warn dnsmasq[353]: failed to drop root privs
Jan  1 06:00:02 (none) daemon.err dnsmasq[353]: failed to load names from /etc/hosts: No such file or directory
Jan  1 06:00:02 (none) daemon.info dnsmasq[353]: reading /tmp/resolv.conf
Jan  1 06:00:02 (none) user.notice igmp[403]: igmp started! 
Jan  1 06:00:03 (none) user.info syslog: disable write rom conf. 
Jan  1 06:00:03 (none) user.info udhcpd: udhcp server (v0.9.8) started
Jan  1 06:00:04 (none) user.info udhcpd: udhcp server (v0.9.8) started
Jan  1 06:00:04 (none) user.info udhcpc: udhcp client (v0.9.8) started
Jan  1 06:00:04 (none) daemon.info dnsmasq[353]: reading /etc/hosts
Jan  1 06:00:04 (none) daemon.info dnsmasq[353]: reading /tmp/resolv.conf
Jan  1 06:00:04 (none) daemon.info dnsmasq[353]: reading /etc/hosts
Jan  1 06:00:04 (none) daemon.info dnsmasq[353]: reading /tmp/resolv.conf
Jan  1 06:00:04 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.2
Jan  1 06:00:04 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.1
Jan  1 06:00:04 (none) user.notice igmp[403]:  interface 10.179.4.3, DOWNSTREAM ver=0x16 name=br0 index=7 
Jan  1 06:00:04 (none) user.notice igmp[403]:  interface 75.135.26.51, UPSTREAM ver=0x16 name=vlan1 index=5 
Jan  1 06:00:07 (none) user.err syslog: silex/smbd.c:smbd_main(942)
Jan  1 06:00:07 (none) user.err syslog:   smbd version 3.0.34 started. 
Jan  1 06:00:07 (none) user.err syslog: printing/pcap.c:pcap_cache_reload(159)
Jan  1 06:00:07 (none) user.err syslog:   Unable to open printcap file /etc/printcap for read! 
Jan  1 06:00:07 (none) user.err syslog: printing/pcap.c:pcap_cache_reload(159)
Jan  1 06:00:07 (none) user.err syslog:   Unable to open printcap file /etc/printcap for read! 
Jan  1 06:00:07 (none) user.info udhcpd: received REQUEST
Jan  1 06:00:07 (none) user.info udhcpd: received REQUEST
Nov  8 00:04:32 (none) user.info udhcpd: received DISCOVER
Nov  8 00:04:33 (none) user.err syslog: silex/nmbd.c:nmbd_main(723)
Nov  8 00:04:33 (none) user.err syslog:   Netbios nameserver version 3.0.34 started. 
Nov  8 00:04:34 (none) user.info udhcpd: sending ACK to 10.179.4.7
Nov  8 00:04:34 (none) user.info udhcpd:  dhcp_client_list_num :[2] 
Nov  8 00:04:34 (none) user.err syslog: passdb/pdb_smbpasswd.c:startsmbfilepwent(241)
Nov  8 00:04:34 (none) user.err syslog:   startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd did not exist. File successfully created. 
Nov  8 00:04:36 (none) user.info udhcpd: sending OFFER of 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: received DISCOVER
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: sending OFFER of 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: received DISCOVER
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: sending OFFER of 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: received DISCOVER
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: sending OFFER of 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: received DISCOVER
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: sending OFFER of 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: received DISCOVER
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: sending OFFER of 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: received DISCOVER
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: sending OFFER of 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: received REQUEST
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: No changed... 
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: received REQUEST
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: No changed... 
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: received REQUEST
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:36 (none) user.info udhcpd: No changed... 
Nov  8 00:04:36 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 00:04:52 (none) user.info udhcpd: received REQUEST
Nov  8 00:04:52 (none) user.info udhcpd: received DISCOVER
Nov  8 00:04:54 (none) user.info udhcpd: sending ACK to 10.179.4.7
Nov  8 00:04:57 (none) user.info udhcpd: sending OFFER of 10.179.4.9
Nov  8 00:04:57 (none) user.info udhcpd: received DISCOVER
Nov  8 00:04:57 (none) user.info udhcpd: sending ACK to 10.179.4.9
Nov  8 00:04:57 (none) user.info udhcpd: sending OFFER of 10.179.4.9
Nov  8 00:04:57 (none) user.info udhcpd: received REQUEST
Nov  8 00:04:57 (none) user.info udhcpd: sending ACK to 10.179.4.9
Nov  8 00:04:57 (none) user.info udhcpd: No changed... 
Nov  8 00:04:57 (none) user.info udhcpd: sending ACK to 10.179.4.9
Nov  7 18:04:59 (none) user.info wanstatus: Internet Status: Connected
Nov  7 18:04:59 (none) user.info wanstatus: PING Success
Nov  8 00:08:03 (none) user.info udhcpd: received REQUEST
Nov  8 00:08:03 (none) user.info udhcpd: received DISCOVER
Nov  8 00:08:05 (none) user.info udhcpd: sending ACK to 10.179.4.7
Nov  8 00:08:05 (none) user.info udhcpd: sending OFFER of 10.179.4.7
Nov  8 00:08:05 (none) user.info udhcpd: received REQUEST
Nov  8 00:08:05 (none) user.info udhcpd: sending ACK to 10.179.4.7
Nov  8 00:08:05 (none) user.info udhcpd: No changed... 
Nov  8 00:08:05 (none) user.info udhcpd: sending ACK to 10.179.4.7
Nov  8 00:08:08 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:09:09 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:10:12 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:11:14 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:12:17 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:13:18 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:14:21 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:15:23 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:16:26 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:17:28 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:18:31 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:19:33 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:20:36 (none) user.info udhcpd: DHCPINFORM
Nov  8 00:21:31 (none) user.info udhcpd: received REQUEST
Nov  8 00:21:31 (none) user.info udhcpd: sending ACK to 10.179.4.7
Nov  8 00:21:31 (none) user.info udhcpd: No changed... 
Nov  8 00:21:31 (none) user.info udhcpd: sending ACK to 10.179.4.7
Nov  8 03:34:32 (none) user.info udhcpc: Lease of 75.135.26.51 obtained, lease time 28800
Nov  8 03:34:32 (none) daemon.info dnsmasq[353]: reading /etc/hosts
Nov  8 03:34:32 (none) daemon.info dnsmasq[353]: reading /tmp/resolv.conf
Nov  8 03:34:32 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.2
Nov  8 03:34:32 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.1
Nov  8 07:34:32 (none) user.info udhcpc: Lease of 75.135.26.51 obtained, lease time 28800
Nov  8 07:34:32 (none) daemon.info dnsmasq[353]: reading /etc/hosts
Nov  8 07:34:32 (none) daemon.info dnsmasq[353]: reading /tmp/resolv.conf
Nov  8 07:34:32 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.2
Nov  8 07:34:32 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.1
Nov  8 11:34:33 (none) user.info udhcpc: Lease of 75.135.26.51 obtained, lease time 28800
Nov  8 11:34:33 (none) daemon.info dnsmasq[353]: reading /etc/hosts
Nov  8 11:34:33 (none) daemon.info dnsmasq[353]: reading /tmp/resolv.conf
Nov  8 11:34:33 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.2
Nov  8 11:34:33 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.1
Nov  8 12:26:21 (none) user.info udhcpd: received DISCOVER
Nov  8 12:26:21 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 12:26:21 (none) user.info udhcpd: sending OFFER of 10.179.4.8
Nov  8 12:26:21 (none) user.info udhcpd: received REQUEST
Nov  8 12:26:21 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 12:26:21 (none) user.info udhcpd: No changed... 
Nov  8 12:26:21 (none) user.info udhcpd: sending ACK to 10.179.4.8
Nov  8 14:39:42 (none) user.info udhcpd: received REQUEST
Nov  8 14:39:42 (none) user.info udhcpd: sending ACK to 10.179.4.7
Nov  8 14:39:42 (none) user.info udhcpd: No changed... 
Nov  8 14:39:42 (none) user.info udhcpd: sending ACK to 10.179.4.7
Nov  8 15:34:33 (none) user.info udhcpc: Lease of 75.135.26.51 obtained, lease time 28800
Nov  8 15:34:33 (none) daemon.info dnsmasq[353]: reading /etc/hosts
Nov  8 15:34:33 (none) daemon.info dnsmasq[353]: reading /tmp/resolv.conf
Nov  8 15:34:33 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.2
Nov  8 15:34:33 (none) daemon.info dnsmasq[353]: using nameserver 71.10.216.1
Nov  8 09:57:32 (none) user.info httpd: 10.179.4.7 login success
Last edited by russ553 on Sun Nov 08, 2015 1:50 pm, edited 1 time in total.
Been there, done that, can't remember.
User avatar
xenopeek
Level 25
Level 25
Posts: 25231
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Am I being hacked?

Post by xenopeek »

Any IP address starting with 10. is an IP address on your own local network so no this doesn't look like you are being hacked. Is this a logfile from your router perhaps? Then this is showing it doing its job of assigning IP addresses to devices on your own local network.

If this is a logfile from your Linux Mint computer then you yourself installed udhcpd for some reason to have your computer assign IP addresses to devices on your own local network. If that spooks you like this I suggest you stop messing about with your computer and remove the package udhcpd. Leave assignment of IP addresses to your router.
Image
User avatar
russ553
Level 1
Level 1
Posts: 40
Joined: Fri Mar 18, 2011 5:26 pm

Re: Am I being hacked?

Post by russ553 »

xenopeek wrote:Any IP address starting with 10. is an IP address on your own local network so no this doesn't look like you are being hacked. Is this a logfile from your router perhaps? Then this is showing it doing its job of assigning IP addresses to devices on your own local network.

If this is a logfile from your Linux Mint computer then you yourself installed udhcpd for some reason to have your computer assign IP addresses to devices on your own local network. If that spooks you like this I suggest you stop messing about with your computer and remove the package udhcpd. Leave assignment of IP addresses to your router.
It's the log file from my router. I changed the IP address to possibly deter anyone else from getting into my router using the 192.168.2.1 ip. Did this on advice from someone else. I have changed it again since I have broadcast it out to the world. I have not installed anything into my Mint nor messed about with my computer. The router does assign the IP addresses. I'm spooked because of all the activity during the wee hours of the morning when I am blissfully zonked out and nothing is turned on nor running on my network. My wireless connection has also been disconnecting randomly and then signing back on by itself. Has done this several times in a short period of time in several instances. Now that spooks me and is what got me going on this plus the fact that while my computer is just sitting here with no input and the cpu's keep running at high rates.

Thanks for your answer.
Last edited by russ553 on Sun Nov 08, 2015 2:32 pm, edited 1 time in total.
Been there, done that, can't remember.
User avatar
xenopeek
Level 25
Level 25
Posts: 25231
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Am I being hacked?

Post by xenopeek »

You don't own a smartphone? You don't have any other "smart" devices like network connected TV or network connected electricity meter or some such?
Image
User avatar
russ553
Level 1
Level 1
Posts: 40
Joined: Fri Mar 18, 2011 5:26 pm

Re: Am I being hacked?

Post by russ553 »

xenopeek wrote:You don't own a smartphone?
Not yet. I'm old. :mrgreen:

Oops, I do have a smart tv hooked up.
Been there, done that, can't remember.
User avatar
xenopeek
Level 25
Level 25
Posts: 25231
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Am I being hacked?

Post by xenopeek »

russ553 wrote:Oops, I do have a smart tv hooked up.
Somebody is watching TV at night :!: No, not really :) It's either just keeping its network connection alive or it's doing some background stuff like updating the TV guide.
Image
User avatar
russ553
Level 1
Level 1
Posts: 40
Joined: Fri Mar 18, 2011 5:26 pm

Re: Am I being hacked?

Post by russ553 »

I talked with the dog and he said he wasn't doing it. So I must be sleep watching. Tee Hee.

Ok, thanks. I do feel somewhat better.
Been there, done that, can't remember.
Post Reply

Return to “Other networking topics”