NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
LAN access from remote R7000
Can someone explain what is happening? I am using a Netgear router R7000 Nighthawk router:
[LAN access from remote] from 52.197.117.189:59461 to IP for DLINK 2630, Saturday, Nov 19,2016 04:26:46
[LAN access from remote] from 52.197.117.189:42195 to IP for DLINK 2630, Saturday, Nov 19,2016 04:26:46
[LAN access from remote] from 216.243.31.2:45845 to IP of IP cam Saturday, Nov 19,2016 04:20:52
[LAN access from remote] from 14.134.3.3:28915 to IP of IP cam, Saturday, Nov 19,2016 03:52:50
[LAN access from remote] from 61.160.210.40:46718 to IP of IP cam, Saturday, Nov 19,2016 03:50:32
Also have seen some entries to IP of my Android tablet. These are just a small of some of the messages. they come from foreign countries.
I find this alarming.. please help. I am a layperson at this but I think what is happening is there is no actual intrusion of my IP cams and tablet but there were scans or attempts to do so. Its my undestanding that consumer grade Netgear routers do not permit blocking of specific nor blocks of IP address (i.e. from foreign countries such as China and Russia) but his is covered by the password of the device itself and something called NAT (what is that?). Can someone explain all this to me? Thanks in advance.
Thanks to both of you. I disabled UpNP and the cams (DLINK) still work. However, it seems I don't get any 1 minute limit. The clock shows serveral minutes have passed now and I get no message it has stopped. There is no motion in the background but I dont think its an issue as the clock is still ticking....
Looks like by default this router enabled UpNP and DLINK's software set up each cam for the user without any warning of the implications.
BTW do you know why an Android device would show as an attempted outside connection? Is this due to an intruder just scanning for things?
Will check the logs later and report again to see if any outside connections.
14 Replies
These are not just attempts but actual intrusions. Are you using port forwarding, DMZ or UPnP? These are used to open up access to home network. If you have no need for them, then you should turn them off.
I discovered this website recently. It provides a very basic primer on home networking concepts.
I'm using UpnP. Its required for the cams. Explain to me why they are actual intrusions? The logs of the actual devices do not show the foreign IP and the devices are password protected. I'm just a novice. You are the expert. Explain it to me?
- The "LAN access from remote" message indicates that the router permitted traffic through its firewall, hence they were intrusions. The traffic may have been dropped by the cams but nonetheless the traffic made it past the router's firewall.
Why do the cams require UPnP? For remote access to the cams while away from home? There may be safer ways to accomplish that.Yes the UPnP is due to remote access.
What is a better way to do so?
You don't want your cameras to be directly accessible from the Internet. Vulnerabilities in IoT (Internet of Things) devices, including cameras, have been making the news. Just last month there was a big DDoS attack support by a big botnet of compromosied cameras, printers and routers. The attack severely impacted a significant part of the Internet.
Consider getting 3rd party video security software and making the cameras accessible through it. There are lots of choices out there: Blue Iris, IP Camera Viewer, iSpy, etc. Go to IP camera forums and get tips on setting it up and making it secure.
Just to add – I had the same problem about a year ago. There were numerous entries in the log from various places, many from China. When I turned UPnP off in my R7000 router, they all disappeared. And I did not experience any other problems with UPnP off.
I have some IP cameras, for example Logitech Alert and D-Link cameras. The cameras are registered with the vendor, and I can watch the video from anywhere in the world. With D-Link, I use the “mydlink” app. I don’t know exactly how they access my cameras, but it works fine.
And of course I have good passwords in the cameras
I did a little research. In order to use the mydlink, you have to register your cameras with the mydlink website. Once you do that, the cameras initiate a connection to their server. The "mydlink" app will also contact their server. There are two possible ways the app will get video from the cameras.
If you have UPnP enabled on your router, then the server will tell the app how to contact the camera directly to get the video feed.
If UPnP is not enabled, then the server will obtain the video feed from the camera and relay it to the app. Only 1 minute of video is available. No doubt this is done to keep the server from overloading. While this method is safer for your home network and cameras, you are relaying your video through D-Link. I really doubt D-Link would ever peep into your cameras but it could be a privacy concern for many.
Thanks for the information. Yes, there is a one minute limit of video, and then there is an option to continue watching for another minute.
I also have been thinking that there is a possibility they can peep into the video, but with all those cameras around, I would not be so concerned. But I will be careful with where I place the cameras…
Thanks to both of you. I disabled UpNP and the cams (DLINK) still work. However, it seems I don't get any 1 minute limit. The clock shows serveral minutes have passed now and I get no message it has stopped. There is no motion in the background but I dont think its an issue as the clock is still ticking....
Looks like by default this router enabled UpNP and DLINK's software set up each cam for the user without any warning of the implications.
BTW do you know why an Android device would show as an attempted outside connection? Is this due to an intruder just scanning for things?
Will check the logs later and report again to see if any outside connections.
In the D-Link app there are two options: Remote or local viewing. In local, there is no time limit, since it only uses your LAN. The remote goes through the D-Link server and has the time limit. You should check that you are using the remote option.
I should add that if you and your camera are on the same LAN, the mydlink app will recognize this and use the local option, even if you select remote. So there will not be any time limit.
To test this, you should try to access the camera from another network.
Thats a good point. As you know the router is dual band. I have my devices on one band and mydlink app on a different band to to try to emulate remote access. I guess it doesnt matter. Will try this out soon from an oustide router and report back. I checked the log and have not seen any intrusions!! Very happy.
Both bands on a dual band router on bridged together and are part of the local network. Disconnect the device running the mydlink app from your Wi-Fi network and switch to the cellular data connection. That will put it outside your network.
