Hi guys, I've had syslog enabled on a new Draytek router for a few weeks now and it's the first time I've noticed this block of text. What does it mean in plain English? Looks suspicious to me.
DrayTek: PPP Start ()
DrayTek: Incoming Call Failed : No Such Entry for admin
DrayTek: CHAP Login Failed () -
DrayTek: PPP Start ()
DrayTek: Incoming Call Failed : No Such Entry for vpn
DrayTek: CHAP Login Failed () -
DrayTek: PPP Start ()
DrayTek: Incoming Call Failed : No Such Entry for test
DrayTek: CHAP Login Failed () -
DrayTek: PPP Start ()
DrayTek: Incoming Call Failed : No Such Entry for 1
DrayTek: CHAP Login Failed () -
DrayTek: PPP Start ()
DrayTek: Incoming Call Failed : No Such Entry for 123
DrayTek: CHAP Login Failed () -
DrayTek: PPP Start ()
DrayTek: Incoming Call Failed : No Such Entry for 111
DrayTek: CHAP Login Failed () -
DrayTek: PPP Start ()
DrayTek: Incoming Call Failed : No Such Entry for user
DrayTek: CHAP Login Failed () -
DrayTek: PPP Start ()
DrayTek: Incoming Call Failed : No Such Entry for vpn
DrayTek: CHAP Login Failed () -
DrayTek: PPP Start ()
Looks like someone is trying to access your device via Point-to-Point Protocol (PPP)
Quote from: ristau5741 on January 25, 2020, 06:48:37 AM
Looks like someone is trying to access your device via Point-to-Point Protocol (PPP)
Strange because it happened 3 days after finishing conversing with Draytek support after giving them a detailed syslog. Coincidence or something more sinister? :'(
Do you know what setting or where the setting is in the Vigor2862 to stop these sort of attempts?
Could be just anonymous Internet trollbots looking for open vulns.
The best setting to check is to make sure you have the default admin username and password changed as much as possible. You can write them down on a paper and tape it to your device, as hackers can't yet get inside your house to read notes taped to your gear.