Accessibility Resource Center
Skip to main content
Shop
Shop
-
Shop all
- Deals Deals
- Devices Devices
-
Accessories
Accessories
Accessories
- Shop all accessories
-
Phone accessories
Phone accessories
Phone accessories
-
Tablet accessories
Tablet accessories
Tablet accessories
-
Watch accessories
Watch accessories
Watch accessories
- Charging
- Audio
- Gaming
- Smart home
- Deals
-
Plans
Plans
Plans
- Shop all plans
- Unlimited
- International services
- Connected devices
-
Those who serve
Those who serve
Those who serve
- Student plans
-
Other plans
Other plans
Other plans
- Bring your own device
- Home Home
- Prepaid Prepaid
-
+play
-
+play
- Entertainment Entertainment
-
Apps & add-ons
Apps & add-ons
Apps & add-ons
-
Business
Why Verizon
Support
Support
Choose your cart
Choose your cart
Have a phone you love? Get up to $500 when you bring your phone. OR get iPhone 13, on us for a limited time. With Select 5G Unlimited plans. Buy now
Receive up to $504 promo credit ($180 w/Welcome Unlimited, $360 w/ 5G Start, or $504 w/5G Do More, 5G Play More, 5G Get More or One Unlimited for iPhone plan (Welcome Unlimited and One Unlimited for iPhone plans can't be mixed w/other Unlimited plans; all lines on the account req'd on respective plans)) when you add a new smartphone line with your own 4G/5G smartphone on an eligible postpaid plan between 2/10/23 and 4/5/23. Promo credit applied over 36 months; promo credits end if eligibility requirements are no longer met.
$699.99 (128 GB only) device payment purchase or full retail purchase w/ new smartphone line on One Unlimited for iPhone (all lines on account req'd on plan), 5G Start, 5G Do More, 5G Play More or 5G Get More plan req'd. Less $699.99 promo credit applied over 36 mos.; promo credit ends if eligibility req’s are no longer met; 0% APR.
end of navigation menu
Sign in
- Verizon Community
- Categories
- Home
- Products
- Home Internet (Fios and High Speed)
- WBM User Unknown - firewall config change
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
955 Members online 255K Discussions 42.3K Solutions
More Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Correct answers are available for this post.
Jump to solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my Security Log I have been seeing a strange message that keeps appearing, see below.
I have no idea what this is or if this is someone hacking my router or if a virus is on my computer. It has appeared even during times when my computer has been turned off. I have my firewall set at max security and changed my password. Even after changing my password this appeared. Not sure what this is or what to do about it but I am very concerned.
Firewall Setup Configuration change
WBM user Unknown (0.0.0.0) has changed security settings[repeated 5 times, last time on Aug 25 03:00:26 2010]
Solved! Go to Correct Answer
1 Solution
Correct answers
Correct answers are available for this post.
Jump to solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found this thread while looking for information about the "WBM user Unknown (0.0.0.0) has changed security settings"event that is logged in these FIOS routers on business networks.
So far I have seen no definitive answers but the various clues in all the messages here and on DSLREPORTS has caused me to think this message is likely due to something like antivirus definition updates. It might also include any internal changes that are reactions to some self (the router) initiated event.
I'm going to go with that and consider it harmless since I can find not visible settings changes.
0.0.0.0 can translate to HERE in some networking speak. Just like 127.0.0.1
In other situations 0.0.0.0 translates to any interface or all interfaces. We also use it to mean any address that is not on the LAN side of a router. Just depends on where it is seen.
So it seems to me it is something inside the web management system that is updating something and since I can see no changes it is likely rules updates for firewall or other threat mitigation systems rules and possibly even firmware inside the router/firewall On mine I doubt firmware because my uptime is months and I think firmware requires a reboot.
My other business networks use various other routers that perform these updates as needed. Sometimes many times a day and other times less frequently.
Those other devices typically check some remote server and based on my subscriptions (antivirus, website category definitions etc.) they then check the list of updates to any paid subscription definition and download and install it into the rules system and SEND ME AN EMAIL STATING WHICH DEFINITIONS HAVE BEEN UPDATED. On some days this might consist of many updated rules and others only 1. Those cost $1000s and did not come free with an account and we pay a subscription fee for security definition updates so it makes sense that they provide a bit more functionality to detail what we get for the money and that the Verizon device just takes care of it and logs a security change.
13 Replies
Correct answers are available for this post.
Jump to solution.
Re: WBM User Unknown - firewall config change
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't know what it is for sure, but there are users at another forum asking about it. not sure if it means anything.
One guy reset the log, and disconnected physically from the net, and then factory restored his router, and he still got the message, so he was thinking it might be just a bug in the firmware,
Correct answers are available for this post.
Jump to solution.
Re: WBM User Unknown - firewall config change
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a user on the other forum mentions this.
kinda makes sense.
"I believe the default config for the router is to query for updated firmware at specified intervals."
WBM means web based management, and 0.0.0.0 means the request did not come from outside your home. it was internal.
Correct answers are available for this post.
Jump to solution.
Re: WBM User Unknown - firewall config change
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This explanation was given by Actiontec (they build the router for Verizon)
Product:MI424WR (Rev. I) - Wireless Broadband Router
Incident Summary
=========================
Since Verizon can't answer this question I would like to know for the
people who built this router.
Verizon Actiontec MI242WR (not sure of Rev)
firmware 40.19.36
Why do I get this log security event every day?
mmm dd hh:mm:ss yyyy
Firewall Setup Configuration change WBM user Unknown (0.0.0.0) has
changed security settings
=========================
Resolution:
=========================
Each and every day, Verizon has a server that makes contact with your
router to check its firmware.
No changes are made to your router however, it simply checks the router
to make sure the firmware is up to date and this generates a log entry.
=========================
Correct answers are available for this post.
Jump to solution.
Re: WBM User Unknown - firewall config change
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VSurfn:
Although that sounds like a viable explanation from Actiontec...I just don't buy it! You say you get that log entry every day? I received just one entry in my log showing the identical message. That issue took place 27 times between January 22 and January 30, 2013. My log goes back to December 14, 2007 and that entry has never, ever appeared prior to last week.
If you ask me...Actiontec is just blowing smoke up your skirt!
Apparently neither Verizon nor Actiontec has a viable answer!
Correct answers are available for this post.
Jump to solution.
Re: WBM User Unknown - firewall config change
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I dont buy it either. I have been having the same issue - the thing is it that it seems to happen right after I log into the router and make changes. The ither night I logged in at 3AM and changed some settings because I was having issues with my android phone transfering files. The next day I logged in and one hour after I had logged in, I had this message:
| WBM user admin (192.168.1.7) has changed security settings [repeated 2 times, last time on Feb 6 03:55:21 2013] |
Why would I have a login 1 hour after I did? So the last few days, I have been regularly logging in and changing things just to see what happens. EVERY TIME I login, shortly after I get the same log as above. Why does it have to check for firmware updates several times a day, right after I login? I also chaged the general settings to allow only 1 session at a time, so If I am logged in, nobody else can. Well, several times I have tried to login and I get a message saying that I have to wait for the current session to end. Meaning that somebody else is logged in.
I am not liking this at all. I think it is a back door, and there is more going on than firmware checks. I am going to keep researching this and to the bottom of it.
Correct answers are available for this post.
Jump to solution.
Re: WBM User Unknown - firewall config change
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"WBM" is Web Based Management and the ip address 0.0.0.0 is known as the default route, so it's unlikely these are external events.
There are backdoors to that router, but they don't come from WBM.
Correct answers are available for this post.
Jump to solution.
Re: WBM User Unknown - firewall config change
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the info..
Are you pretty savvy with networking? There are some other logs that concern me. Here is one:
Its the bittorrent part that I was wondering about.. I dont have that on my machine. I double checked ( at one time my son installed utorrent, but it was uninstalled over a year ago)
Thanks.
Peace,
elPhish
| Inbound Traffic | Accepted Traffic - Service | BitTorrent (TCP): TCP 120.192.95.36:43092->192.168.1.7:32701 on clink1
|
Correct answers are available for this post.
Jump to solution.
Re: WBM User Unknown - firewall config change
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That IP '120.192.95.36' is from china so that log entry is telling you that a machine at your location (192.168.1.7) has a torrent program and is downloading from that other ip.
So you want to do an ipconfig on each of your machines to see which has the .7 address
Deciphering the Information
To get to ipconfig, we have to get to the command line.
- Click Start, click Run, type in “cmd” & hit enter.
- Type in ipconfig & hit enter. (you can use ipconfig /all for detailed information)
You will get a screen that looks like this.
Correct answers are available for this post.
Jump to solution.
Re: WBM User Unknown - firewall config change
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For what it is worth guys and I am no techy here, but I have gotten that message several times. I actually got 13 today. However, the caveat is, I have been trying to unsuccesul to wake my pc via a mobile phone today with the Ceton media Center App. the 13 events that the security log documented was in fact me trying to get into my system.
The irony here for me is that my port forwarding should be working, but I router kung fu is still to strong.
Follow Verizon
Follow Verizon Fios