This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Hot to Determine if Unauthorized Remote Access Succeeded
I review my router's log regularly and aside from the occasional DOS and FIN ”attacks" I can usually account for the IP addresses listed. There are, however, these entries for remote access to my LAN that I am at a loss to explain. All the more worrisome is the idea that my network is not secure, which serves to increase my paranoia to a level that is no way enjoyable. [My router's settings are secure as possible, e.g. remote management is disabled, and Access Control is enabled etc.]
I need to understand why the log captured the following attempts to access my network. I included just a few of the entries on this week's log as an example, listing the more exotic IP address from countries known to harbor malicious hackers out to steal something of value. I listed three examples below:
[LAN access from remote] from 122.114.252.227:43350 to 192.168.1.199:80, Saturday, Mar 25,2017 13:40:16
If you are able to shed some light on this, I would be greatly appreciative, and I am sure others with similar findings would also appreciate the education.
I appreciate the time you took to write a thoughtful, informative response to my question. You have certainly proven your knowledge in this area because the IP 192.168.199 is used by my Xbox 1, and I have forwarded ports to decrease lag and improve performance for gaming. I have configured the settings on both my router (Nighthawk X6 R7900 with latest firmware update) and OS (Win 7 x64) to a degree that my network should be safe from these unscrupulous &^%^ $#, yet doesn’t interfere with Xbox/gaming performance.
Nevertheless, these devious f^&%$ who have nothing else to do but troll the internet in search of an unsecure network continue to worry me. So, while I have prepared my network defending it against their continual probing, how can one determine what they did, how long they did it, and what if anything did they get. The more I learn about their actions while trying to gain entry into my router/network, the more I can do to protect myself. I would much rather be proactive in protecting myself and I am sure many others feel the same way. So, with this in mind, I have the following questions:
Can the router be configured to capture more information, e.g., activity, number of times they tried to enter the admin’s account password, duration of their activity?
If you have remote management enabled on the router, then I'm pretty sure the router will log each time someone remotely logs into the router. Logging into the router, however, is different than "LAN access from remote". The latter indicates that the router permitted unsolicited traffic to pass through the router to a device on your home network. In your case, several remote sites are attempting to connect to the HTTP port on your Xbox. I don't know if the Xbox listens to port 80. You can easily check by pointing your browser at 192.168.1.199:80. If something comes up, then your Xbox is listening. Depending on what is displayed, you'll have to decide if you want to continue exposing that port to the Internet.
Does Windows log the above, or can Windows be configured to log the activity, password attempts, duration of activity etc.?
I'm pretty sure Windows can log attempts by people to log into Windows. It won't log attempts by someone to access your Xbox.
I am able to test the security of my browser (Panopticlick2) the (true) bandwidth (Speedtest.net) not my ISP’s overestimated/lie of my internet connection: Does a reputable, safe site that tests the security of a home network exist, or is using such a site an invitation for trouble?
There are various websites that will basically attempt to scan your router for open ports. Google test open router ports and you will find several sites.
Re: Hot to Determine if Unauthorized Remote Access Succeeded
There have been many discussions on this forum about this problem. If you don't need UPnP, go to into the router setup and disable it, Then you will probably not see any of those entries any more.
Re: Hot to Determine if Unauthorized Remote Access Succeeded
Globally disabling UPnP on the router might (for the notorious) or might not be a good advise (for most users).
Many systems on the LAN make use of UPnP IGP, the ability to NAT froward ports on the router. For some applications like gaming devices it's a must. For some applications offering direct remote access from the Internet like ie. a NAS or a surveillance system it's required to keep the remote access up. Of course, manual port forwarding can be done.
First check which system on your LAN has the 192.168.1.199 address - look into the Attached Devices list. Then figure out if that Web (or the like) server must be reachable over the Internet. If not, look into that device if you can disable this port forwarding on that device.
Re: Hot to Determine if Unauthorized Remote Access Succeeded
Schumaku,
I appreciate the time you took to write a thoughtful, informative response to my question. You have certainly proven your knowledge in this area because the IP 192.168.199 is used by my Xbox 1, and I have forwarded ports to decrease lag and improve performance for gaming. I have configured the settings on both my router (Nighthawk X6 R7900 with latest firmware update) and OS (Win 7 x64) to a degree that my network should be safe from these unscrupulous &^%^ $#, yet doesn’t interfere with Xbox/gaming performance.
Nevertheless, these devious f^&%$ who have nothing else to do but troll the internet in search of an unsecure network continue to worry me. So, while I have prepared my network defending it against their continual probing, how can one determine what they did, how long they did it, and what if anything did they get. The more I learn about their actions while trying to gain entry into my router/network, the more I can do to protect myself. I would much rather be proactive in protecting myself and I am sure many others feel the same way. So, with this in mind, I have the following questions:
Can the router be configured to capture more information, e.g., activity, number of times they tried to enter the admin’s account password, duration of their activity?
Does Windows log the above, or can Windows be configured to log the activity, password attempts, duration of activity etc.?
I am able to test the security of my browser (Panopticlick2) the (true) bandwidth (Speedtest.net) not my ISP’s overestimated/lie of my internet connection: Does a reputable, safe site that tests the security of a home network exist, or is using such a site an invitation for trouble?
I am well aware that myriad posts cover parts of my questions. I still think it is worth discussing here because the threats to the common home user continue to evolve and thieves in China, Israel, and wherever else rarely take a break from searching for the home network they can infiltrate and steal from.
Re: Hot to Determine if Unauthorized Remote Access Succeeded
I tried searcing for the prior discussions addressing my questions, but have not been able to find a post that describes how to determine what was done, for how long, and how many times they tried to access my LAN/WAN. If you have a link to the many discussions on this forum, I would appreciate it if you posted one or two.
I appreciate the time you took to write a thoughtful, informative response to my question. You have certainly proven your knowledge in this area because the IP 192.168.199 is used by my Xbox 1, and I have forwarded ports to decrease lag and improve performance for gaming. I have configured the settings on both my router (Nighthawk X6 R7900 with latest firmware update) and OS (Win 7 x64) to a degree that my network should be safe from these unscrupulous &^%^ $#, yet doesn’t interfere with Xbox/gaming performance.
Nevertheless, these devious f^&%$ who have nothing else to do but troll the internet in search of an unsecure network continue to worry me. So, while I have prepared my network defending it against their continual probing, how can one determine what they did, how long they did it, and what if anything did they get. The more I learn about their actions while trying to gain entry into my router/network, the more I can do to protect myself. I would much rather be proactive in protecting myself and I am sure many others feel the same way. So, with this in mind, I have the following questions:
Can the router be configured to capture more information, e.g., activity, number of times they tried to enter the admin’s account password, duration of their activity?
If you have remote management enabled on the router, then I'm pretty sure the router will log each time someone remotely logs into the router. Logging into the router, however, is different than "LAN access from remote". The latter indicates that the router permitted unsolicited traffic to pass through the router to a device on your home network. In your case, several remote sites are attempting to connect to the HTTP port on your Xbox. I don't know if the Xbox listens to port 80. You can easily check by pointing your browser at 192.168.1.199:80. If something comes up, then your Xbox is listening. Depending on what is displayed, you'll have to decide if you want to continue exposing that port to the Internet.
Does Windows log the above, or can Windows be configured to log the activity, password attempts, duration of activity etc.?
I'm pretty sure Windows can log attempts by people to log into Windows. It won't log attempts by someone to access your Xbox.
I am able to test the security of my browser (Panopticlick2) the (true) bandwidth (Speedtest.net) not my ISP’s overestimated/lie of my internet connection: Does a reputable, safe site that tests the security of a home network exist, or is using such a site an invitation for trouble?
There are various websites that will basically attempt to scan your router for open ports. Google test open router ports and you will find several sites.
