- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
"LAN access from remote" log entries
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been looking over my daily router logs for the last few days and keep finding this entry sporadically:
[LAN access from remote] from 184.105.247.199:32931 to 10.8.108.64:5353, Wednesday, Jul 06,2016 00:55:38
[LAN access from remote] from 184.105.247.211:49177 to 10.8.108.64:5353, Tuesday, Jul 05,2016 01:12:23
[LAN access from remote] from 71.6.216.54:5353 to 10.8.108.64:5353, Monday, Jul 04,2016 13:38:22
[LAN access from remote] from 184.105.247.231:40494 to 10.8.108.64:5353, Sunday, Jul 03,2016 01:32:55
I have my home network devices setup with reserved IP addresses, so I can tell you that 10.8.108.64 is my own personal MacBook Pro (OS X 10.11.5). I do not have any static routes or port mappings setup to bring specific traffic from the router to my Mac. The public IP addresses shown here trace back to the domains shadowserver.org and rapid7.com. Based upon the time stamps, I'm pretty sure at least some of these entries (if not all) appear to be happening while I'm away from my computer. Anyone got any idea what these logs mean?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Port 5353 is commonly used for Multicast DNS (Apple calls it Bonjour). It's unusual to see a remote device access this port. In addition to disabling port forwarding/triggering, make sure that UPnP and DMZ are disabled, too. Those are the two other vectors by which a remote device could access the internal network.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: "LAN access from remote" log entries
And Rapid7 is an Internet security company.
I don't know what they are doing scanning or trying to access your network, but are you sure your local network has not been compromised/part of a botnet, etc..?
BTW, I am an utter nobody and know-nothing-much, and I'm sure someone with Real Smarts can assist you better, but I'd just check your local PCs/devices anyway.
The one time I had something like this happen was when a friend's son used his laptop on my home network. When he wasn't using it, the botnet he been infected with started doing its nefarious deeds. I booted him off the network, cleaned his laptop, and his mum bent his ear for months of his obsession with visiting absolutely any site that said they had "Game Cheats."
Teenagers, huh? 😉
Hope someone can really help you.
Susi xx
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Port 5353 is commonly used for Multicast DNS (Apple calls it Bonjour). It's unusual to see a remote device access this port. In addition to disabling port forwarding/triggering, make sure that UPnP and DMZ are disabled, too. Those are the two other vectors by which a remote device could access the internal network.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: "LAN access from remote" log entries
Disabling UPnP appears to have stopped these from showing up in the logs. And I'm savvy enough with networking to create any necessary port maps that I might need, so UPnP doesn't seem to offer me any real benefits anyway. I've had it off for several weeks now and have not noticed any issues. Thanks for helping to make my home network more secure!
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more