NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Unwanted Remote Login To My LAN
I keep getting LAN Access from remote entries in the log on my Orbi RBR20. UPnP is dissabled. I have added some of the IP addresses to the blocked list on my NAS. What can I do/check please?
You are, of course, correct. The NAS can be programmed to be sophisticated about who to admit (and who to reject). The Orbi is a more simpleminded gatekeeper. It is either "let people knock on this door" or "turn everybody away." Who gets admitted is up to whoever is running the door.
If you tell Orbi to allow connection to the NAS (or any other local resource), it is up to the resource to determine who should (and who should not) be granted access.
What is the device at 192.168.0.4? It looks like it is a website serving both HTTP (port 80) and HTTPS (port 443), as well as port 5000 and 5001.
If you don't have UPnP then did you explicitly setup port forwarding rules for these ports to this device so that it can be accessed by the outside internet? Any open port to the internet will be accessed/attacked and logged like this. It's usually safe as long as your device and the web software it's running keeps up with proper security patches and you're only serving web traffic.
Mikey94025 wrote:What is the device at 192.168.0.4? It looks like it is a website serving both HTTP (port 80) and HTTPS (port 443), as well as port 5000 and 5001.
If you don't have UPnP then did you explicitly setup port forwarding rules for these ports to this device so that it can be accessed by the outside internet? Any open port to the internet will be accessed/attacked and logged like this. It's usually safe as long as your device and the web software it's running keeps up with proper security patches and you're only serving web traffic.
Thanks for the reply.
192.168.0.4 is my Synology NAS. I had set up port forwarding for Ports 80 and 443, I have temporarily dissabled them along with 5000 and 5001.
The Synology NAS is up to date so should be secire. The fright was the message that there was a remote login to my LAN
Sealine wrote:
192.168.0.4 is my Synology NAS. I had set up port forwarding for Ports 80 and 443, I have temporarily dissabled them along with 5000 and 5001.The Synology NAS is up to date so should be secire. The fright was the message that there was a remote login to my LAN
Makes sense now. Once ports are "open", anyone (anywhere - are you Russians listening?) will discover them as they scan the entire IP address space looking for some computer to respond. So, they hit your public IP address and probe the "common" ports (21,22,25,80,443, etc.) and the NAS responds with a login page. Now all they have to do is try user names and passwords until either (a) they get in, or (b) they decide to move on. Once you close the ports, then the intrusions cease.
Sort of cool that the Orbi logs when a connection comes through to the NAS.
p.s. sorry about the sick humor. It's not Russians, it's the NSA.
- Thank you for your reply. Ah, right. That is probably what is happening then.
However, the NAS can block IP addresses and can also do it by country. The Russians and Asia are already blocked so I would have thought that they would not get a login response?
Why Orbi doesn’t have this feature is beyond me. It would stop these scans dead.You are, of course, correct. The NAS can be programmed to be sophisticated about who to admit (and who to reject). The Orbi is a more simpleminded gatekeeper. It is either "let people knock on this door" or "turn everybody away." Who gets admitted is up to whoever is running the door.
If you tell Orbi to allow connection to the NAS (or any other local resource), it is up to the resource to determine who should (and who should not) be granted access.