Discussion stats
  • 3 replies
  • 5003 views
  • 0 kudos
  • 2 in conversation
Announcements

Top Contributors
Reply
Highlighted
Novice

LAN access from remote?

Hi, I'm looking for guidance on an issue I have been monitoring lately. I have a 3700v3 with all the proper security settings configured per netgear. I don't use any torrents or remote functionality etc.. Just basic home network stuff.

I keep noticing the logs show
[LAN access from remote] from 108.168.212.234:5060 to 192.168.1.12:49889]

the internal LAN IP is a iPod touch (.12)? I can't figure out if this is an app on the ipod communicating and is OK or if I should be concerned (I am)?

Lately the wifi seems like its not very consistent in that any of the wireless devices indicate they are connected but can't get anywhere and I either reboot the router or device and things seem better

There are a few "DoS attack: FIN Scan" logs but assuming that is just noise

Also, every time I log in to the router, the logs show "[Admin login failure] from source 192....." but yet I am logged in?

I'm thinking of moving to a new hardware (firewall type of switch) as nowadays things are just getting worse - any thoughts?

Cheers.

Message 1 of 4
Highlighted
NETGEAR Employee Retired

Re: LAN access from remote?

You say that you keep noticing that line, does that mean that in each case the external IP address and port numbers are the same? It is most likely to be an application running on the iPod touch.

The source IP address traces back to Citrix Systems in the US, a highly respected company.

The target port 49889 relates to the Apple Xsan Filesystem Access.

The source port may well vary from one log entry to another, but if not then it may relate to apps like iChat/iConnectHere/iTalkBB etc.

I have a small business VPN firewall router, it still logs similar messages to what you see, and the only real difference is that it is highly configurable. I would say that changing devices for ‘only’ the reasons you describe would be unnecessary unless you become fully familiar with the operation of the firewall, and at that point you might decide that you don’t need to make changes beyond the defaults to deal with the messages you see.

I think you are right to be concerned and ask questions, but in this specific case I doubt that you have anything to worry about.
____________________________
Working on behalf of Netgear
My name is Andy
Message 2 of 4
Highlighted
Novice

Re: LAN access from remote?

Yes the source IP entries appear to be the same address/port. Although when I look up 108.168.212.234 it says it's residential and coming from SoftLayer Technologies Inc, softlayer.com, not sure where Citrix is coming from? My only reason for looking into new hardware is that the netgear doesn't have anything to configure/block in so far as firewall etc..and a VPN firewall router appliance is what I am looking into. Yes, point taken about understanding the operation of firewall, which I am trying to advance my skills on. Smiley Happy
Message 3 of 4
Highlighted
NETGEAR Employee Retired

Re: LAN access from remote?

In a lookup I see;

Organization Citrix Systems Inc - Demos Center 40874
ISP SoftLayer Technologies

As for learning about firewalls, that’s a fine idea, and if you are happy to pay for the hardware then that’s fine also, provided that you’re not basing that decision solely on what you are seeing in the Netgear router logs as that might be something of an overreaction.
____________________________
Working on behalf of Netgear
My name is Andy
Message 4 of 4