Reply

Is my Nighthawk R7000 letting unauthorized users into my network?

Mike-207
Aspirant

Is my Nighthawk R7000 letting unauthorized users into my network?

Hi Guys -

I have a Nighthawk R7000 router running firmware V1.0.9.28_10.2.32.

I have some DLink DCS-2530L security cameras on my network with IP addresses 192.168.1.105, 192.168.1.106, etc.

I have UPnP enabled, which is necessary so I can acess the security cameras remotely on ports 80 and 443.

In my router log files there are sometimes bursts of entries that are at wierd times of the night and day and from wierd locations (this bunch is from Moldova!).  They are not from me.  For example:

[LAN access from remote] from 77.89.197.110:55238 to 192.168.1.106:80, Sunday, Apr 01,2018 23:24:01
[LAN access from remote] from 77.89.197.110:55198 to 192.168.1.105:80, Sunday, Apr 01,2018 23:24:01
[LAN access from remote] from 77.89.197.110:55160 to 192.168.1.106:80, Sunday, Apr 01,2018 23:24:01
[LAN access from remote] from 77.89.197.110:55127 to 192.168.1.105:80, Sunday, Apr 01,2018 23:24:01
[LAN access from remote] from 77.89.197.110:55089 to 192.168.1.106:80, Sunday, Apr 01,2018 23:24:00
[LAN access from remote] from 77.89.197.110:55041 to 192.168.1.105:80, Sunday, Apr 01,2018 23:24:00
[LAN access from remote] from 77.89.197.110:55004 to 192.168.1.106:80, Sunday, Apr 01,2018 23:24:00
[LAN access from remote] from 77.89.197.110:54972 to 192.168.1.105:80, Sunday, Apr 01,2018 23:24:00
[LAN access from remote] from 77.89.197.110:54937 to 192.168.1.106:80, Sunday, Apr 01,2018 23:23:59
[LAN access from remote] from 77.89.197.110:54909 to 192.168.1.105:80, Sunday, Apr 01,2018 23:23:59
[LAN access from remote] from 77.89.197.110:54858 to 192.168.1.106:80, Sunday, Apr 01,2018 23:23:59
[LAN access from remote] from 77.89.197.110:54832 to 192.168.1.105:80, Sunday, Apr 01,2018 23:23:59
[LAN access from remote] from 77.89.197.110:54781 to 192.168.1.106:80, Sunday, Apr 01,2018 23:23:59

So, does anyone know:

- Is someone successfully penetrating my network and accessing my cameras?

- Why doesn't the log file say whether the access request is discarded or passed through to the device?

- How can I prevent unauthorized access while still allowing me to access my cameras remotely?

 

Thanks for your help!

Mike

 

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 6
IrvSp
Master

Re: Is my Nighthawk R7000 letting unauthorized users into my network?

Port 80 is a 'listening' port usually for a web server? Probably someone scanned your IP Address and found the port open and tried to connect to it I think? I don't know what uses those ports though? They are all 'private' ports or "Xsan. Xsan Filesystem Access" port for Apple?

 

They are not getting onto your network I think, just accessing the camera's. Does the camera have s/w that would allow blocking?

 

Maybe someone else can help you better here... I don't think you can block that intrusion via the router unless you close the port, which you probably can't do if you want external access.

Message 2 of 6
deboerdn2000
Aspirant

Re: Is my Nighthawk R7000 letting unauthorized users into my network?

Well someone is actively scanning your network. Whether they are getting in the cameras, you need to look at the log files for the camera. The only thing you can do is make sure the camera user and passwords are secure. I am curious though why you have port 80 forward on all of them. as typically you would have to use cam 1 port 80, cam 2 port 81 and so on. as far as blocking it, the router doesnt have the ability to block by country. all you can do is just make sure everything is secure and that you use firewalls on any device that you can, along with strong passwords.  

Message 3 of 6
Mike-207
Aspirant

Re: Is my Nighthawk R7000 letting unauthorized users into my network?

Thanks, deboerdn2000 and IrvSp, for your useful suggestions.

I do have good passwords on the cameras, so hopefully that is effective. 

Maybe these rapid-fire probes are guessing at different likely passwords?

The internal ports for the cameras are 80 and 443, but the external ports are 80, 443 8080, 3128, 45263, and 58088.  I didn't provide these numbers, the installation utility came up with them.  They seem a bit arbitrary.

Shortly after I installed the cameras the probes started.  I changed the static IP addresses and very quickly the probes switched to the new IP addresses.  This is all a mystery to me as to how they could be discovered so quickly.

Thanks for your ideas.

Mike

 

 

Message 4 of 6
douggiese
Apprentice

Re: Is my Nighthawk R7000 letting unauthorized users into my network?

I'm a bit of a novice but is it posiible your seeing communcation between a recording device on your network and your cameras?

 

 

'

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 5 of 6
schumaku
Guru

Re: Is my Nighthawk R7000 letting unauthorized users into my network?

Hello Mike,


@Mike-207 wrote:

- Is someone successfully penetrating my network and accessing my cameras?

 


Someone was able to establish a TCP session over the public exposed port (as per the UPnP PMP) to the camera port 80, the camera Web Server.

 

@Mike-207 wrote:

- Why doesn't the log file say whether the access request is discarded or passed through to the device?

The router can't know. Check the logs of the camera for access attempts or possible successful authentications.

@Mike-207 wrote:

 

- How can I prevent unauthorized access while still allowing me to access my cameras remotely?

Not exposing the ports to the Internet - and think about using the OpenVPN only. By how far this is possible using the camera software, the Apps, ... I don't know.

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 2873 views
  • 0 kudos
  • 5 in conversation
Announcements