Afrihost New Network Feedback

Status
Not open for further replies.
MickeyD

MickeyD

RIP
Joined
Oct 4, 2010
Messages
139,117
Mod note to the Afrihost reps: Is it possible for you to draw up a template of what basic information you require and exactly which tests you would like your customers to run and then send to you? This will save plenty of time and reduce the frustrations of members after they send either the wrong tests or incomplete tests to you.

My personal opinion is that your customers should first contact your support desk if they have any issues. If it is not dealt with promptly or to their satisfaction, then this channel can be used to escalate it or make others aware of their problems.
 
AfriGenie

AfriGenie

Afrihost
Company Rep
Joined
Oct 9, 2014
Messages
7,266
User_7578 said:
ADSL2+ Is flaky with 3 - 5 (that I am aware of) unexplained disconnections per day, G.DMT seems stable so far.

Throughput is about what you expect for a 7Mbps line, speedtest.net shows 6077 Kbps down and 650 Kbps up while wget ftp://ftp-test.telkomadsl.co.za/16Meg-test.file gets 728KB/s.

My ping to bras.afrihost.com hovers at 43ms when it is the only thing running, it goes up to 300ms during the speedtest.net upload test. I had packet loss (less than 5%) when pinging bras.afrihost.com over the weekend IIRC that was on ADSL2+.

It should be noted that Telkom upgrade the network about 2 to 3 weeks ago. My attenuation use to be about 40db and Telkom limited my sync rateto 5Mbps for stability.
Click to expand...

Can you please PM me your details quickly, let me check on your DSL line and Exchange status. If your Exchange has been upgraded you should hopefully see a steady improvement in your connection.
 
Samildanach

Samildanach

Well-Known Member
Joined
Oct 15, 2009
Messages
126
Hi Guys,

I logged a support call this morning but somewhere myself and the support dude misunderstands each other.

This basically is my problem:


Last night while playing games I had terrible lag spikes throughout. even in local Dota2 games my ping would shoot up from 100ms to 1400 and even 1600ms. This was around 9, 10 o'clock. After I switched from afrigreen to nomal afrihost network and rebooted my router it subsided to a degree and then was back to normal. I went into my router via chrome and went to check the logs. I found the following there:

Date/Time Facility Severity Message
2016/07/18 7:13 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=9471 DF PROTO=TCP SPT=50704 DPT=28159 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 MARK=0x8000000
2016/07/18 7:23 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=66.240.192.138 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=97 ID=37044 PROTO=TCP SPT=36877 DPT=17000 WINDOW=27688 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 7:35 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=139.217.27.204 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=228 ID=54321 PROTO=TCP SPT=20984 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 7:46 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.47.61.11 DST=169.0.159.221 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=8480 PROTO=TCP SPT=23076 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 7:55 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.40.4.201 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=26434 DF PROTO=TCP SPT=12942 DPT=5005 WINDOW=512 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:00 syslog info -- MARK --
Jul 18 08:03:40 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.40.4.201 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=36446 DF PROTO=TCP SPT=12931 DPT=86 WINDOW=512 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:17 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.40.4.201 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=36446 DF PROTO=TCP SPT=12930 DPT=8125 WINDOW=512 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:23 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=71.6.165.200 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=96 ID=63041 PROTO=TCP SPT=34680 DPT=23424 WINDOW=45638 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.130.5.99 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=36105 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:45 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=39 ID=15654 DF PROTO=TCP SPT=53742 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:53 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=183.60.48.25 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=12215 DPT=3306 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:00 syslog info -- MARK --
Jul 18 09:03:40 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=104.219.238.10 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=35130 PROTO=TCP SPT=45772 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:15 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=37 ID=25673 DF PROTO=TCP SPT=54805 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=62637 DF PROTO=TCP SPT=55362 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=57861 DF PROTO=TCP SPT=55362 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=222.186.51.178 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=93 ID=256 PROTO=TCP SPT=6000 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.97.78.14 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=3153 DF PROTO=TCP SPT=33874 DPT=59887 WINDOW=7300 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.97.78.14 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=3154 DF PROTO=TCP SPT=33874 DPT=59887 WINDOW=7300 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.97.78.14 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=3155 DF PROTO=TCP SPT=33874 DPT=59887 WINDOW=7300 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.97.78.14 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=3156 DF PROTO=TCP SPT=33874 DPT=59887 WINDOW=7300 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:52 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=139.162.192.213 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=44393 DPT=4040 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:00 syslog info -- MARK --
Jul 18 10:03:04 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=106.184.2.29 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=51698 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:15 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=188.68.224.62 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=17576 PROTO=TCP SPT=55675 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:23 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=5.196.72.168 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=52941 DPT=123 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=82.221.104.13 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=59026 DF PROTO=TCP SPT=62601 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:43 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=96.48.254.56 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=31272 DF PROTO=TCP SPT=51341 DPT=59887 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000

Ignote the date and time stamps as my routers time and date has not been set.

Being intrusions is throwing up a bit of a red flag to me. What can I do and can you assist me?

My support ticket is #EBE-551-99549

He requested that I send him a traceroute and here is my reply with the traceroute.

My internet is now fine. Speeds are fine at the moment. It is the logs of last night that are bothering me.

If you read the pasted logs you will see that there was attempts to "intrude" on my router. From Canada, China and the USA no less looking at their IP's.

But since you asked - here is my tracert to mweb which hosts the dota servers.

Tracing route to www.mweb.co.za [196.2.63.110]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.0.0.2
2 * * * Request timed out.
3 25 ms 24 ms 25 ms dbn-up2.ip.adsl.co.za [169.1.5.174]
4 27 ms 23 ms 23 ms 169-1-5-208.ip.afrihost.co.za [169.1.5.208]
5 23 ms 23 ms 24 ms optinet.db1.napafrica.net [196.10.141.75]
6 54 ms 51 ms 55 ms 197-82-7-1.dbn.mweb.co.za [197.82.7.1]
7 52 ms 50 ms 52 ms te0-0-0-0.vic-p-1.optinet.net [197.84.4.38]
8 53 ms 50 ms 51 ms te0-0-0-0.cpt-p-2.optinet.net [197.84.4.46]
9 49 ms 48 ms 49 ms vl11.cpt-hscore-1.optinet.net [197.84.5.238]
10 56 ms 54 ms 51 ms 196.28.178.66
11 52 ms 51 ms 51 ms cte-core-sw2.vwol.net [196.41.144.35]
12 53 ms 50 ms 50 ms www.mweb.co.za [196.2.63.110]

Trace complete.


Is there cause to worry with the "intrusions?"

Thanks!
 
Last edited:
P

PurSpyk!!

Expert Member
Joined
Aug 10, 2005
Messages
1,667
MickeyD said:
Mod note to the Afrihost reps: Is it possible for you to draw up a template of what basic information you require and exactly which tests you would like your customers to run and then send to you? This will save plenty of time and reduce the frustrations of members after they send either the wrong tests or incomplete tests to you.

My personal opinion is that your customers should first contact your support desk if they have any issues. If it is not dealt with promptly or to their satisfaction, then this channel can be used to escalate it or make others aware of their problems.
Click to expand...

My issue is you submit tests either here or via a support ticket and then nothing happens, so in the end why are we even submitting tests? Is it a delaying tactic in the hope the issue will resolve itself? if you read this thread you can see the hassles I have been having, and still have.
 
U

User_7578

Member
Joined
Mar 3, 2016
Messages
12
AfriGenie said:
Can you please PM me your details quickly, let me check on your DSL line and Exchange status. If your Exchange has been upgraded you should hopefully see a steady improvement in your connection.
Click to expand...

Sent

My original reason for asking about the 7Mbps on a 8Mbps product was due to conflicting information I got while talking to one of your support personnel via telephone. I suspect now that issue was related to a mix up with sync rate vs download rates and/or Kb/s vs KB/s.

Still thanks for looking into this from your side.
 
D

Davedes

Expert Member
Joined
Nov 21, 2011
Messages
1,001
not sure whats going on here but the packet loss and end latency is a concern.

|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| ADSL - 0 | 67 | 67 | 0 | 1 | 3 | 1 |
| No response from host - 100 | 14 | 0 | 0 | 0 | 0 | 0 |
| jhb-up1.ip.adsl.co.za - 8 | 53 | 49 | 33 | 34 | 44 | 34 |
| jhb-up7.ip.adsl.co.za - 69 | 19 | 6 | 32 | 35 | 46 | 34 |
| jhb-net1.ip.adsl.co.za - 0 | 67 | 67 | 33 | 37 | 81 | 40 |
| 169-1-5-74.ip.afrihost.co.za - 0 | 67 | 67 | 31 | 33 | 50 | 33 |
| 41.169.57.216 - 0 | 67 | 67 | 34 | 35 | 54 | 35 |
|if-ae-7-0.tcore1.JSO-Johannesburg.as6453.net - 0 | 67 | 67 | 32 | 36 | 78 | 34 |
|if-ae-4-2.tcore1.KLT-Cape-Town.as6453.net - 2 | 63 | 62 | 211 | 217 | 254 | 222 |
| if-ae-5-90.tcore2.PV9-Lisbon.as6453.net - 2 | 63 | 62 | 217 | 222 | 237 | 224 |
| if-ae-2-2.tcore1.PV9-Lisbon.as6453.net - 0 | 67 | 67 | 210 | 218 | 250 | 218 |
|if-ae-1-3.tcore1.SV8-Highbridge.as6453.net - 0 | 67 | 67 | 214 | 228 | 253 | 218 |
|if-ae-2-2.tcore2.SV8-Highbridge.as6453.net - 2 | 63 | 62 | 205 | 213 | 248 | 213 |
| if-ae-11-2.tcore1.L78-London.as6453.net - 0 | 67 | 67 | 216 | 221 | 239 | 225 |
| if-ae-17-2.tcore1.LDN-London.as6453.net - 2 | 63 | 62 | 0 | 208 | 216 | 209 |
| 195.219.83.102 - 2 | 63 | 62 | 0 | 207 | 254 | 205 |
| ae-1-3104.ear2.London2.Level3.net - 94 | 15 | 1 | 0 | 208 | 208 | 208 |
| unknown.Level3.net - 2 | 63 | 62 | 212 | 217 | 234 | 215 |
| No response from host - 100 | 14 | 0 | 0 | 0 | 0 | 0 |
| ae0.er01.telhc.bbc.co.uk - 4 | 59 | 57 | 0 | 222 | 231 | 226 |
| 132.185.255.148 - 4 | 59 | 57 | 213 | 219 | 238 | 223 |
| bbc-vip116.telhc.bbc.co.uk - 0 | 67 | 67 | 206 | 215 | 241 | 211 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider


|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| ADSL - 0 | 52 | 52 | 1 | 1 | 3 | 1 |
| 155.239.255.250 - 0 | 52 | 52 | 25 | 25 | 28 | 25 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
 
D

Davedes

Expert Member
Joined
Nov 21, 2011
Messages
1,001
MTR to www.afrihost.co.za

|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| ADSL - 0 | 52 | 52 | 1 | 1 | 12 | 1 |
| No response from host - 100 | 10 | 0 | 0 | 0 | 0 | 0 |
| jhb-up1.ip.adsl.co.za - 8 | 41 | 38 | 32 | 34 | 41 | 34 |
| jhb-rx1.ip.adsl.co.za - 60 | 15 | 6 | 0 | 33 | 34 | 33 |
| jhb-net1.ip.adsl.co.za - 0 | 52 | 52 | 33 | 36 | 69 | 36 |
| mweb.jb1.napafrica.net - 0 | 52 | 52 | 32 | 34 | 42 | 33 |
| 201.bu-ether5.vic-pe-2.optinet.net - 0 | 52 | 52 | 34 | 35 | 42 | 34 |
| 197-81-226-81.jhb.mweb.co.za - 3 | 48 | 47 | 33 | 36 | 44 | 36 |
| 197-81-226-61.jhb.mweb.co.za - 0 | 52 | 52 | 32 | 34 | 45 | 34 |
| 197-81-229-4.jhb.mweb.co.za - 0 | 52 | 52 | 32 | 34 | 45 | 33 |
| 197-81-229-15.jhb.mweb.co.za - 0 | 52 | 52 | 32 | 34 | 48 | 34 |
| 41-86-112-68.mweb.co.za - 0 | 52 | 52 | 31 | 33 | 49 | 32 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
 
H

Hummercellc

Expert Member
Joined
Jan 6, 2008
Messages
3,451
Is anyone else having problems with International services timing out and connections dropping?

plycoco.de (come and goes)
Sipgate.de (calls are terrible)

bbc.co.uk (does not load fully)

Switching to Mweb and all the above is fine.:confused:
 
Dianysis

Dianysis

Expert Member
Joined
Oct 30, 2014
Messages
2,040
Hi AH.

Got the following email from you guys:

The following ADSL line fault report was recently updated:

*** Telephone number: xxxxxxxxxx
**** Fault reference: 635CTK250416
* Afrihost reference: AH20160425-272973
***** Time of update: 2016-04-26 11:06:21 (3 hours ago)

Type of update: Telkom has added an update to the fault. This means that they are actively engaging the problem with your line, and have been working to address it. As we receive more updates we will keep you informed.

It however doesn't tell what the update is.

Can you tell me?
 
Samildanach

Samildanach

Well-Known Member
Joined
Oct 15, 2009
Messages
126
Hummercellc said:
Is anyone else having problems with International services timing out and connections dropping?

plycoco.de (come and goes)
Sipgate.de (calls are terrible)

bbc.co.uk (does not load fully)

Switching to Mweb and all the above is fine.:confused:
Click to expand...

I'm in Amanzimtoti and my internationals are atrocious to say the least. I have also seen when doing a speedtest it picks a Cape Town server to ping off and not the normal Durban one.
 
D

DonaldMickey

Well-Known Member
Joined
Mar 15, 2015
Messages
173
Igor III said:
Not sure if it is only Torrents that are affected - been trying to download WoW for the past two days and have the download running constant ........... on a 2 meg line best I can get at the moment is ~100 kB/s (no matter what time of the day).

When I look at my stats on ClientZone, I only manage to download 9 Gigs for the day :crying: .......... file size I am downloading is 31 Gigs *cries in all languages known to man*

Maybe it is just paranoid me ....... but if I look at the history pattern of AH, I am extremely concerned that we are possibly going to see a repeat:

1) Some clients QQ about connection and download issues - AH denies the problem.
2) Some clients continue to QQ about the situation and the number is slowly growing - AH semi acknowledges the problem, but claims it is not on their side.
3) AH system slowly shows signs of catastrophic failure - AH acknowledges they have minor issues and their techies are tending to it.
4) A couple of months later and a hoard of angry clients banging on the door - AH manages to resurrect their system.

The only question I do have is this: Why is AH not reacting to the first signs of cracks in their system as reported by clients, or is my perception totally wrong?

or ....................................

Maybe this is what is implied in the term "best effort"?
Click to expand...
Watch carefully - this is exactly what is happening again.

I imagine at some point we will be told there is a problem.
 
AfriFella

AfriFella

Afrihost
Company Rep
Joined
Jun 2, 2015
Messages
2,828
Samildanach said:
Hi Guys,

I logged a support call this morning but somewhere myself and the support dude misunderstands each other.

This basically is my problem:


Last night while playing games I had terrible lag spikes throughout. even in local Dota2 games my ping would shoot up from 100ms to 1400 and even 1600ms. This was around 9, 10 o'clock. After I switched from afrigreen to nomal afrihost network and rebooted my router it subsided to a degree and then was back to normal. I went into my router via chrome and went to check the logs. I found the following there:

Date/Time Facility Severity Message
2016/07/18 7:13 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=9471 DF PROTO=TCP SPT=50704 DPT=28159 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 MARK=0x8000000
2016/07/18 7:23 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=66.240.192.138 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=97 ID=37044 PROTO=TCP SPT=36877 DPT=17000 WINDOW=27688 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 7:35 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=139.217.27.204 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=228 ID=54321 PROTO=TCP SPT=20984 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 7:46 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.47.61.11 DST=169.0.159.221 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=8480 PROTO=TCP SPT=23076 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 7:55 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.40.4.201 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=26434 DF PROTO=TCP SPT=12942 DPT=5005 WINDOW=512 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:00 syslog info -- MARK --
Jul 18 08:03:40 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.40.4.201 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=36446 DF PROTO=TCP SPT=12931 DPT=86 WINDOW=512 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:17 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.40.4.201 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=36446 DF PROTO=TCP SPT=12930 DPT=8125 WINDOW=512 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:23 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=71.6.165.200 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=96 ID=63041 PROTO=TCP SPT=34680 DPT=23424 WINDOW=45638 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=185.130.5.99 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=36105 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:45 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=39 ID=15654 DF PROTO=TCP SPT=53742 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 8:53 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=183.60.48.25 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=12215 DPT=3306 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:00 syslog info -- MARK --
Jul 18 09:03:40 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=104.219.238.10 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=35130 PROTO=TCP SPT=45772 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:15 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=37 ID=25673 DF PROTO=TCP SPT=54805 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=62637 DF PROTO=TCP SPT=55362 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.147.211.237 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=57861 DF PROTO=TCP SPT=55362 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=222.186.51.178 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=93 ID=256 PROTO=TCP SPT=6000 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.97.78.14 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=3153 DF PROTO=TCP SPT=33874 DPT=59887 WINDOW=7300 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.97.78.14 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=3154 DF PROTO=TCP SPT=33874 DPT=59887 WINDOW=7300 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.97.78.14 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=3155 DF PROTO=TCP SPT=33874 DPT=59887 WINDOW=7300 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=184.97.78.14 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=3156 DF PROTO=TCP SPT=33874 DPT=59887 WINDOW=7300 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 9:52 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=139.162.192.213 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=44393 DPT=4040 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:00 syslog info -- MARK --
Jul 18 10:03:04 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=106.184.2.29 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=51698 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:15 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=188.68.224.62 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=17576 PROTO=TCP SPT=55675 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:23 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=5.196.72.168 DST=169.0.159.221 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=52941 DPT=123 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=82.221.104.13 DST=169.0.159.221 LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=59026 DF PROTO=TCP SPT=62601 DPT=28159 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
2016/07/18 10:43 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=96.48.254.56 DST=169.0.159.221 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=31272 DF PROTO=TCP SPT=51341 DPT=59887 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000

Ignote the date and time stamps as my routers time and date has not been set.

Being intrusions is throwing up a bit of a red flag to me. What can I do and can you assist me?

My support ticket is #EBE-551-99549

He requested that I send him a traceroute and here is my reply with the traceroute.

My internet is now fine. Speeds are fine at the moment. It is the logs of last night that are bothering me.

If you read the pasted logs you will see that there was attempts to "intrude" on my router. From Canada, China and the USA no less looking at their IP's.

But since you asked - here is my tracert to mweb which hosts the dota servers.

Tracing route to www.mweb.co.za [196.2.63.110]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.0.0.2
2 * * * Request timed out.
3 25 ms 24 ms 25 ms dbn-up2.ip.adsl.co.za [169.1.5.174]
4 27 ms 23 ms 23 ms 169-1-5-208.ip.afrihost.co.za [169.1.5.208]
5 23 ms 23 ms 24 ms optinet.db1.napafrica.net [196.10.141.75]
6 54 ms 51 ms 55 ms 197-82-7-1.dbn.mweb.co.za [197.82.7.1]
7 52 ms 50 ms 52 ms te0-0-0-0.vic-p-1.optinet.net [197.84.4.38]
8 53 ms 50 ms 51 ms te0-0-0-0.cpt-p-2.optinet.net [197.84.4.46]
9 49 ms 48 ms 49 ms vl11.cpt-hscore-1.optinet.net [197.84.5.238]
10 56 ms 54 ms 51 ms 196.28.178.66
11 52 ms 51 ms 51 ms cte-core-sw2.vwol.net [196.41.144.35]
12 53 ms 50 ms 50 ms www.mweb.co.za [196.2.63.110]

Trace complete.


Is there cause to worry with the "intrusions?"

Thanks!
Click to expand...

Hi Samildanach! Sorry to hear about your poor connection to Dota2 last night Glad to hear that you're back online.

I'll send your ticket number over to our Critical Care Team to give you a more technical response (at least, more technical than I am capable of). :) I don't believe that the word "intrusion" indicates any sort of breach in your network security, though. :)
 
AfriFella

AfriFella

Afrihost
Company Rep
Joined
Jun 2, 2015
Messages
2,828
Davedes said:
not sure whats going on here but the packet loss and end latency is a concern.

|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| ADSL - 0 | 67 | 67 | 0 | 1 | 3 | 1 |
| No response from host - 100 | 14 | 0 | 0 | 0 | 0 | 0 |
| jhb-up1.ip.adsl.co.za - 8 | 53 | 49 | 33 | 34 | 44 | 34 |
| jhb-up7.ip.adsl.co.za - 69 | 19 | 6 | 32 | 35 | 46 | 34 |
| jhb-net1.ip.adsl.co.za - 0 | 67 | 67 | 33 | 37 | 81 | 40 |
| 169-1-5-74.ip.afrihost.co.za - 0 | 67 | 67 | 31 | 33 | 50 | 33 |
| 41.169.57.216 - 0 | 67 | 67 | 34 | 35 | 54 | 35 |
|if-ae-7-0.tcore1.JSO-Johannesburg.as6453.net - 0 | 67 | 67 | 32 | 36 | 78 | 34 |
|if-ae-4-2.tcore1.KLT-Cape-Town.as6453.net - 2 | 63 | 62 | 211 | 217 | 254 | 222 |
| if-ae-5-90.tcore2.PV9-Lisbon.as6453.net - 2 | 63 | 62 | 217 | 222 | 237 | 224 |
| if-ae-2-2.tcore1.PV9-Lisbon.as6453.net - 0 | 67 | 67 | 210 | 218 | 250 | 218 |
|if-ae-1-3.tcore1.SV8-Highbridge.as6453.net - 0 | 67 | 67 | 214 | 228 | 253 | 218 |
|if-ae-2-2.tcore2.SV8-Highbridge.as6453.net - 2 | 63 | 62 | 205 | 213 | 248 | 213 |
| if-ae-11-2.tcore1.L78-London.as6453.net - 0 | 67 | 67 | 216 | 221 | 239 | 225 |
| if-ae-17-2.tcore1.LDN-London.as6453.net - 2 | 63 | 62 | 0 | 208 | 216 | 209 |
| 195.219.83.102 - 2 | 63 | 62 | 0 | 207 | 254 | 205 |
| ae-1-3104.ear2.London2.Level3.net - 94 | 15 | 1 | 0 | 208 | 208 | 208 |
| unknown.Level3.net - 2 | 63 | 62 | 212 | 217 | 234 | 215 |
| No response from host - 100 | 14 | 0 | 0 | 0 | 0 | 0 |
| ae0.er01.telhc.bbc.co.uk - 4 | 59 | 57 | 0 | 222 | 231 | 226 |
| 132.185.255.148 - 4 | 59 | 57 | 213 | 219 | 238 | 223 |
| bbc-vip116.telhc.bbc.co.uk - 0 | 67 | 67 | 206 | 215 | 241 | 211 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider


|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| ADSL - 0 | 52 | 52 | 1 | 1 | 3 | 1 |
| 155.239.255.250 - 0 | 52 | 52 | 25 | 25 | 28 | 25 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
Click to expand...

Davedes said:
MTR to www.afrihost.co.za

|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| ADSL - 0 | 52 | 52 | 1 | 1 | 12 | 1 |
| No response from host - 100 | 10 | 0 | 0 | 0 | 0 | 0 |
| jhb-up1.ip.adsl.co.za - 8 | 41 | 38 | 32 | 34 | 41 | 34 |
| jhb-rx1.ip.adsl.co.za - 60 | 15 | 6 | 0 | 33 | 34 | 33 |
| jhb-net1.ip.adsl.co.za - 0 | 52 | 52 | 33 | 36 | 69 | 36 |
| mweb.jb1.napafrica.net - 0 | 52 | 52 | 32 | 34 | 42 | 33 |
| 201.bu-ether5.vic-pe-2.optinet.net - 0 | 52 | 52 | 34 | 35 | 42 | 34 |
| 197-81-226-81.jhb.mweb.co.za - 3 | 48 | 47 | 33 | 36 | 44 | 36 |
| 197-81-226-61.jhb.mweb.co.za - 0 | 52 | 52 | 32 | 34 | 45 | 34 |
| 197-81-229-4.jhb.mweb.co.za - 0 | 52 | 52 | 32 | 34 | 45 | 33 |
| 197-81-229-15.jhb.mweb.co.za - 0 | 52 | 52 | 32 | 34 | 48 | 34 |
| 41-86-112-68.mweb.co.za - 0 | 52 | 52 | 31 | 33 | 49 | 32 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
Click to expand...

Packet loss seems to be coming in at the 4th hop here... What DNS are you using?
 
AfriFella

AfriFella

Afrihost
Company Rep
Joined
Jun 2, 2015
Messages
2,828
Dianysis said:
Hi AH.

Got the following email from you guys:

The following ADSL line fault report was recently updated:

*** Telephone number: xxxxxxxxxx
**** Fault reference: 635CTK250416
* Afrihost reference: AH20160425-272973
***** Time of update: 2016-04-26 11:06:21 (3 hours ago)

Type of update: Telkom has added an update to the fault. This means that they are actively engaging the problem with your line, and have been working to address it. As we receive more updates we will keep you informed.

It however doesn't tell what the update is.

Can you tell me?
Click to expand...

Looks like the update on your fault is that your fault has been handed over to a tech. :) Shouldn't be long before it gets resolved now. :)
 
Dianysis

Dianysis

Expert Member
Joined
Oct 30, 2014
Messages
2,040
AfriFella said:
Looks like the update on your fault is that your fault has been handed over to a tech. :) Shouldn't be long before it gets resolved now. :)
Click to expand...
Ok cool. You reckon today maybe? I am off until next Tuesday and really want to download the interwebs.
 
AfriFella

AfriFella

Afrihost
Company Rep
Joined
Jun 2, 2015
Messages
2,828
Dianysis said:
Ok cool. You reckon today maybe? I am off until next Tuesday and really want to download the interwebs.
Click to expand...

That'll be hard to confirm from my side... Generally the tech phones first before visiting your premises, or he/she would phone after your line was attended to.
 
H

Hummercellc

Expert Member
Joined
Jan 6, 2008
Messages
3,451
What is going on with International?

Skype - Dropping to UK/Local fine
Windows Updates - Won't download
CNN/BBC/EZTV - all slow to open
Sipgate - Dropping and breaking up
Whatsapp - serious delay

Local traffic seems fine though

Will stay on Mweb account until Afrihost fix it.
 
Status
Not open for further replies.
Top