FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
15,666 views 0 comments
by anonymous
Hello,

We have some RUT950 installed as 4g modem. For some needs their sim card has a public IP, so we can go inside our equipment via VPN.

But since last september we encontered an increase in consumption of data. The tcpdebug isn't showing something clear. When we inspect the state of connexion, a destination host is at the high : rev.poneytelecom.eu:443. When I want to block it's IP address, another IP give the place, with the same name.

Have one of you meet this host ? I don't see what that means. And how to block definitively that.

Regards,

Stephane

3 Answers

0 votes
by anonymous

Hello all,

Finally, I have found what is the cause of our trouble.

In User Script that was the line /sbin/keepaliver added. In any case, not by us. I removed the script (via ssh) and reseted User Script as the default value.
The suspicious connections did not reappear. Great.

But I keep watching in case.

Stéphane

Best answer
0 votes
by anonymous

Salu Stephane,

I quote:

Poney Telecom is an internet server company run from France has been at the centre of multiple allegations of organised international criminal activity for a few years with all warnings, court summons and legal demands to be closed ignored.

Read here.

Cheers,

Joerg

0 votes
by
Please check your Firmware Version. It looks like your Router was owned due to a bug in firmware <= 00.03.265.

Search for "CVE-2017-8116: Teltonika router unauthenticated remote code execution" and update the firmware asap and check if WAN HTTP(S) access is activated in Administration --> Access Control Menu.

BR, Ronald