NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
[LAN access from remote] R7000
I recently got a security camera system installed. The installers opened a few ports to allow me to view the cameras remotely. I noticed these remote access entries in my router. They're basically hi...
> [...] The installers opened a few ports [...]
Does that mean port forwarding? Actual port-forwarding rules?
> [...] They're basically hitting my NVR, and would see a login screen.
> [...]Yup. Welcome to the Internet. Choose good passwords.
> [...] Is there a way that I can tell if these intruders simply got as
> far as the login screen, or if they were actually able to get past those
> [...]Not from the router. The router records the connection, not the
whole transaction, so I wouldn't expect to get more information from it.
Your (unspecified) "my NVR" (or a camera itself) might keep track of
successful connections, but that's not a router question.
You might get fewer access attempts if you chose some less popular
external port numbers for this stuff. Ports like "8080" and its
immediate neighbors are very commonly used, hence probed/attacked.
Ports of a more odd-ball character, like, say, "930X" might get less
attention. A Web search for terms like:
port XXXX
might offer some clues as to how any particular port ("XXXX") gets used,
officially or unofficially. Choosing something which is used by some
game or other might not be stealthier than what you have now.
Thank you antinode. Very solid advice. Both on the passwords, as well as on the ports I should switch to.
Yes, by opening ports I meant port forwarding. On my router firewall by default all incoming traffic was blocked previous. With the security cameras, the installer forwarded some ports with rules like.
Forward incoming TCP requests on 8083 to [local IP]:8083
Based on your comment I looked into my NVR, which had its own logs. Fortunately no-one was able to go through the login yet, but all the probing still makes me uncomfortable. I removed all port forwarding for now, until I figure out a better solution (remote viewing is not that important to me anyway).
> Forward incoming TCP requests on 8083 to [local IP]:8083
Same "[local IP]" for all, or unique for each camera? (There's no
need to hide your private LAN IP addresses.)
Knowing approximately nothing about your (unspecified) "my NVR" or
the cameras, I can't say if all the different "808X" ports were worth
the bother, but you can change the external port in a port-forwarding
rule without disturbing any of the other stuff.
For example, a rule like the following would do it:
Ports
Protocol External Internal Server IP Address
TCP 9383 8083 [local IP] Then, in a web browser in the outside world, you'd use a URL like:
http://<your_public_IP_address>:9383
instead of:
http://<your_public_IP_address>:8083
which, I assume, is what you're doing now.
> [...] I removed all port forwarding for now, [...]
You could run the experiment with odd-ball ports, and see if there's
any benefit.
You're right, I wasn't trying to hide my internal IPs, just make it easier to read. I know very little about this topic. Your first response give me the pointers to read up more and educate myself.
To answer your question about my NVR, I have 4 security cameras that plug into the NVR directly. These 4 cameras are not visible to the outside world, in fact not even within my LAN. I can only access them through the NVR (and the NVR is visible locally and externally on 8083).
I do have an additional IP camera that plugs directly into my router (I think, though now I am wondering where is it getting its power from) and is visible on the LAN, and the outside world on a different port (8701).
At some point I may run the experiment with oddball ports to see if that lightens the probing load. For now, when I thought more about it, I came to the conclusion that for a layperson like me making my devices visible outside is more trouble than it's worth. In 15 years of having a home network, this was the first time I looked at my router logs (or even realized there is such a thing).
But thank you. You've been more helpful than you realize.