NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Netgear Nighthawk router log file and port mapping
Netgear Nighthawk AC1900 Modle C7000v2 The log file in my router has the following entry: Description Count Last occurence Target source [LAN access from remote] from 178.62.64...
> Any ideas?
UPnP? (ADVANCED > Advanced Setup > UPnP)
So I've done some testing. Its more and more mysterious to me.
I used telnet to connect to external (internet) ip address of my router on port 554.
Low and behold I got a connection and a reply.
RTSP/1.0 400 Bad Request
CSeq: 0
Server: Hipcam RealServer/V1.0
I examined the log file on my router.
It showed a connection to its external IP address on port 554 and it showed it routed the connection to host 10.0.0.18 on the local area network. I double, triple checked there is no port map in the router for port 554. Its almost as if somehow the router has been hacked and there is an invisible port map of port 554 to 10.0.0.18:554.
Host 10.0.0.18 on my LAN is an Anbes floodlight security camera.
Port 554 is for Real Time Stream Control Protocol. It makes sense that the Camera is using Real Time Stream Control Protocol.
What doesn't make sense is that connections to port 554 are being routed to 10.0.0.18 without a portmap set.
Any ideas?
> Any ideas?
UPnP? (ADVANCED > Advanced Setup > UPnP)
Thank you antinode.
I looked where you suggested (UPnP? (ADVANCED > Advanced Setup > UPnP)) and found that indeed it maps
TCP 554 to 10.0.0.18
TCP 1935 to 10.0.0.18
UDP 6000 to 10.0.0.18
UDP 6002 to 10.0.0.18
Didn't know about this. From my perspective this presents a HUGE security hole.
I use my router and its nat capabilities to secure my network.
This blows a huge hole in it.
"UPnP doesn’t require any sort of authentication from the user. Any application running on your computer can ask the router to forward a port over UPnP, which is why the malware above can abuse UPnP."
Is there a way to disable UPnP on the C7000v2 Nighthawk router?
antinode please ignore my request for instructions on how to disable UPnP. I found it Advanced setup->UPnP and one click disables it.
Feeling more secure in my little network.
Don't you think this is a serious issue? Shouldn't this be disabled by default?
With this enabled it would be very easy for malware to set up a remote bot network.
> Don't you think this is a serious issue? [...]
What I think matters little.It's a convenience feature for users who expect everything to just,
uh, "plug 'n' play". I'm sure that it's widely liked (and
little-noticed). It does allow an application (rogue or friendly) to
enable incoming connections without your explicit permission.> [...] Shouldn't this be disabled by default?
I always ensure that it's disabled on my stuff.
I don't see it listed among the "Factory default settings" in the
User Manual (yours or mine (D7000)), which I'd call an oversight, at
best.The usual threats are explicit port forwarding/triggering, DMZ
server, and UPnP. Only UPnP could be enabled by default (because only
it is automatic enough).Me, I'm old fashion. I don't like things happening auto-magically. I like to explicitly make them happen or not.
Thanks to you. I turned off UPnP and I'm investigating the server my camera was talking to.
The camera, like almost everything else, is made in China. I'm going to really check out this supposed streaming video server.
I personally have done a lot of business with China. The Chinese are great people, but their ethics in business are very much "if you can do it, do it". If you get caught you can always apologize after the fact.