This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Netgear Nighthawk router log file and port mapping
Netgear Nighthawk AC1900 Modle C7000v2
The log file in my router has the following entry:
Description
Count
Last occurence
Target
source
[LAN access from remote] from 178.62.64.126:37460 to 10.0.0.18:1935
1
Wed Dec 16 19:53:26 2020
10.0.0.18:1935
178.62.64.126:37460
There is no port mapped to local host 10.0.0.18 and port 1935 is not mapped to any host.
How is it possible for to 178.62.64.126 attempt to address a local host which should be invisible to it?
The router should block access because there is no port mapped to that machine, but even further how is it possible for 178.62.64.126 to even attempt to access that host on my local network?
Re: Netgear Nighthawk router log file and port mapping
So I've done some testing. Its more and more mysterious to me.
I used telnet to connect to external (internet) ip address of my router on port 554.
Low and behold I got a connection and a reply.
RTSP/1.0 400 Bad Request CSeq: 0 Server: Hipcam RealServer/V1.0
I examined the log file on my router.
It showed a connection to its external IP address on port 554 and it showed it routed the connection to host 10.0.0.18 on the local area network. I double, triple checked there is no port map in the router for port 554. Its almost as if somehow the router has been hacked and there is an invisible port map of port 554 to 10.0.0.18:554.
Host 10.0.0.18 on my LAN is an Anbes floodlight security camera.
Port 554 is for Real Time Stream Control Protocol. It makes sense that the Camera is using Real Time Stream Control Protocol.
What doesn't make sense is that connections to port 554 are being routed to 10.0.0.18 without a portmap set.
Re: Netgear Nighthawk router log file and port mapping
Thank you antinode.
I looked where you suggested (UPnP? (ADVANCED > Advanced Setup > UPnP)) and found that indeed it maps
TCP 554 to 10.0.0.18
TCP 1935 to 10.0.0.18
UDP 6000 to 10.0.0.18
UDP 6002 to 10.0.0.18
Didn't know about this. From my perspective this presents a HUGE security hole.
I use my router and its nat capabilities to secure my network.
This blows a huge hole in it.
"UPnP doesn’t require any sort of authentication from the user. Any application running on your computer can ask the router to forward a port over UPnP, which is why the malware above can abuse UPnP."
Is there a way to disable UPnP on the C7000v2 Nighthawk router?
Re: Netgear Nighthawk router log file and port mapping
> Don't you think this is a serious issue? [...]
What I think matters little.
It's a convenience feature for users who expect everything to just, uh, "plug 'n' play". I'm sure that it's widely liked (and little-noticed). It does allow an application (rogue or friendly) to enable incoming connections without your explicit permission.
> [...] Shouldn't this be disabled by default?
I always ensure that it's disabled on my stuff.
I don't see it listed among the "Factory default settings" in the User Manual (yours or mine (D7000)), which I'd call an oversight, at best.
The usual threats are explicit port forwarding/triggering, DMZ server, and UPnP. Only UPnP could be enabled by default (because only it is automatic enough).
Re: Netgear Nighthawk router log file and port mapping
Me, I'm old fashion. I don't like things happening auto-magically. I like to explicitly make them happen or not.
Thanks to you. I turned off UPnP and I'm investigating the server my camera was talking to.
The camera, like almost everything else, is made in China. I'm going to really check out this supposed streaming video server.
I personally have done a lot of business with China. The Chinese are great people, but their ethics in business are very much "if you can do it, do it". If you get caught you can always apologize after the fact.
