NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Java_man's avatar
Java_man
Aspirant
Jun 28, 2022

R7000 DHCP question

I checked my R7000 log this morning and saw this:

"[LAN access from remote] from 192.144.226.157:26559 to 192.168.1.2:80, Tuesday, Jun 28,2022 03:33:38"

 

Reading through the logs I see multiple entries like this with different IP address all "to 192.168.1.2"

 

I have DHCP turned on and the range begins at 192.168.1.2.

 

I have a list of devices that are Allowed and 192.168.1.2 is not one them.

 

Is this a problem I should be concerned about?

11 Replies

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User

    Do a who is lookup on 192.144.226.157

     

    What FW version is currently loaded? 

    What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

    • Java_man's avatar
      Java_man
      Aspirant

      Thanks for the reply. 

       

      Netgear FW: V1.0.9.88_10.2.88

       

      I looked up a couple of the IPs and they were an ISP in England - pptechnology.

       

      Modem: Motorola Surfboard SB6120 connected to Comcast.

       

      Also noticed they're all connecting to  192.168.1.2:80 (port 80 - the HTTP port). 

      • FURRYe38's avatar
        FURRYe38
        Guru - Experienced User

        What devices has the address 192.168.1.2? 

         

    • Java_man's avatar
      Java_man
      Aspirant

      Gotta step out for a couple hours.  I'll check in when I get back.

       

      Thanks again.

    • Java_man's avatar
      Java_man
      Aspirant

      I did a little more digging in the logs.  Here are a few examples:

       

      [LAN access from remote] from 2.57.122.209:17773 to 192.168.1.2:80, Monday, Jun 27,2022 07:37:33 PPTECHNOLOGY LIMITED

       

      [LAN access from remote] from 185.196.220.70:50551 to 192.168.1.2:80, Monday, Jun 27,2022 07:10:34 = HOSTLICK - Germany (AbuseIPDB: This IP was reported 1,076 times. Confidence of Abuse is 12%)

       

      [LAN access from remote] from 221.176.116.78:20647 to 192.168.1.2:80, Monday, Jun 27,2022 07:09:36 = China Mobile Communications Corporation - ISP (AbuseIPDB: This IP was reported 663 times. Confidence of Abuse is 100%)

       

      [LAN access from remote] from 154.89.5.87:58914 to 192.168.1.2:80, Monday, Jun 27,2022 06:39:43 = AgotoZ HK Limited (AbuseIPDB: This IP was reported 1,132 times. Confidence of Abuse is 100%)

       

      [LAN access from remote] from 128.1.248.46:18057 to 192.168.1.2:80, Monday, Jun 27,2022 06:35:25 = Zenlayer Inc (AbuseIPDB: This IP was reported 14,921 times. Confidence of Abuse is 100%)