NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
LAN access from remote (6700v3)
I am getting massive attacks looking at /val/log/auth.log on my linux machine. Reading online realized it might be due to UpnP enabled in the router. So I disabled it, however I still see the followi...
> [...] on the router port 1010 was forwarded to 22. So I am not able to
> understand why all these other random ports are alse being redirected to
> my linux box?The remote port number is not significant. If you see a connection
(attempt), then the remote client is talking to the external port in
your port-forwarding rule. Have you tried an external port other than
1010?> Initially 22 was the internal port for ssh, I changed it to 2212, but
> the bots are too smart, now i see this in the log!No one in the outside world cares about the internal port, either;
only the external port in the port-forwarding rule matters to an
external client. The only effect of changing the port used on your LAN
would be to make more work for yourself. I'd return it to 22.It's possible that your attackers are trying all possible ports, but
the router will log only the attempts which match a port-forwarding
rule. (Otherwise, there's no connection to log.)
Previous suggestion of disabling UpnP is not working for me. https://community.netgear.com/t5/Nighthawk-WiFi-Routers/LAN-access-from-remote-R7000/m-p/1174819
Is this a bug with the router. Why is the router letting all these connections through??
port 22 is Secure Shell (SSH). Do you have it running? There are many, really many bots that scan port 22 and attempt to enter. If you have a weakly secure SSH, some may succeed