NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Java_man
Jun 28, 2022Aspirant
R7000 DHCP question
I checked my R7000 log this morning and saw this:
"[LAN access from remote] from 192.144.226.157:26559 to 192.168.1.2:80, Tuesday, Jun 28,2022 03:33:38"
Reading through the logs I see multiple entries like this with different IP address all "to 192.168.1.2"
I have DHCP turned on and the range begins at 192.168.1.2.
I have a list of devices that are Allowed and 192.168.1.2 is not one them.
Is this a problem I should be concerned about?
11 Replies
- FURRYe38Guru - Experienced User
Do a who is lookup on 192.144.226.157
What FW version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
- Java_manAspirant
Thanks for the reply.
Netgear FW: V1.0.9.88_10.2.88
I looked up a couple of the IPs and they were an ISP in England - pptechnology.
Modem: Motorola Surfboard SB6120 connected to Comcast.
Also noticed they're all connecting to 192.168.1.2:80 (port 80 - the HTTP port).
- FURRYe38Guru - Experienced User
What devices has the address 192.168.1.2?
- Java_manAspirant
Gotta step out for a couple hours. I'll check in when I get back.
Thanks again.
- Java_manAspirant
I did a little more digging in the logs. Here are a few examples:
[LAN access from remote] from 2.57.122.209:17773 to 192.168.1.2:80, Monday, Jun 27,2022 07:37:33 PPTECHNOLOGY LIMITED
[LAN access from remote] from 185.196.220.70:50551 to 192.168.1.2:80, Monday, Jun 27,2022 07:10:34 = HOSTLICK - Germany (AbuseIPDB: This IP was reported 1,076 times. Confidence of Abuse is 12%)
[LAN access from remote] from 221.176.116.78:20647 to 192.168.1.2:80, Monday, Jun 27,2022 07:09:36 = China Mobile Communications Corporation - ISP (AbuseIPDB: This IP was reported 663 times. Confidence of Abuse is 100%)
[LAN access from remote] from 154.89.5.87:58914 to 192.168.1.2:80, Monday, Jun 27,2022 06:39:43 = AgotoZ HK Limited (AbuseIPDB: This IP was reported 1,132 times. Confidence of Abuse is 100%)
[LAN access from remote] from 128.1.248.46:18057 to 192.168.1.2:80, Monday, Jun 27,2022 06:35:25 = Zenlayer Inc (AbuseIPDB: This IP was reported 14,921 times. Confidence of Abuse is 100%)
- FURRYe38Guru - Experienced User
Hmmm...