Orbi WiFi 7 RBE973
Reply

Re: LAN access from remote R7000

GearNetRouter
Virtuoso

LAN access from remote R7000

Can someone explain what is happening? I am using a Netgear router R7000 Nighthawk router: 

[LAN access from remote] from 52.197.117.189:59461 to  IP for DLINK 2630, Saturday, Nov 19,2016 04:26:46

[LAN access from remote] from 52.197.117.189:42195 to  IP for DLINK 2630, Saturday, Nov 19,2016 04:26:46

[LAN access from remote] from 216.243.31.2:45845 to  IP of IP cam Saturday, Nov 19,2016 04:20:52
[LAN access from remote] from 14.134.3.3:28915 to IP of IP cam, Saturday, Nov 19,2016 03:52:50

[LAN access from remote] from 61.160.210.40:46718 to IP of IP cam, Saturday, Nov 19,2016 03:50:32

Also have seen some entries to IP of my Android tablet. These are just a small of some of the messages. they come from foreign countries.

I find this alarming.. please help. I am a layperson at this but I think what is happening is there is no actual intrusion of my IP cams and tablet but there were scans or attempts to do so. Its my undestanding that consumer grade Netgear routers do not permit blocking of specific nor blocks of IP address (i.e. from foreign countries such as China and Russia) but his is covered by the password of the device itself and something called NAT (what is that?). Can someone explain all this to me? Thanks in advance.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 15

Accepted Solutions
GearNetRouter
Virtuoso

Re: LAN access from remote R7000

Thanks to both of you. I disabled UpNP and the cams (DLINK) still work. However, it seems I don't get any 1 minute limit. The clock shows serveral minutes have passed now and I get no message it has stopped. There is no motion in the background but I dont think its an issue as the clock is still ticking....

 

Looks like by default this router enabled UpNP and DLINK's software set up each cam for the user without any warning of the implications.

 

BTW do you know why an Android device would show as an attempted outside connection? Is this due to an intruder just scanning for things?

 

Will check the logs later and report again to see if any outside connections. 

View solution in original post

Message 10 of 15

All Replies
TheEther
Guru

Re: LAN access from remote R7000

These are not just attempts but actual intrusions.  Are you using port forwarding, DMZ or UPnP?  These are used to open up access to home network.  If you have no need for them, then you should turn them off.  

 

I discovered this website recently.  It provides a very basic primer on home networking concepts.

Message 2 of 15
GearNetRouter
Virtuoso

Re: LAN access from remote R7000

I'm using UpnP. Its required for the cams. Explain to me why they are actual intrusions? The logs of the actual devices do not show the foreign IP and the devices are password protected. I'm just a novice. You are the expert. Explain it to me?

Message 3 of 15
TheEther
Guru

Re: LAN access from remote R7000

The "LAN access from remote" message indicates that the router permitted traffic through its firewall, hence they were intrusions. The traffic may have been dropped by the cams but nonetheless the traffic made it past the router's firewall.

Why do the cams require UPnP? For remote access to the cams while away from home? There may be safer ways to accomplish that.
Message 4 of 15
GearNetRouter
Virtuoso

Re: LAN access from remote R7000

Yes the UPnP is due to remote access.

What is a better way to do so?

Message 5 of 15
TheEther
Guru

Re: LAN access from remote R7000

You don't want your cameras to be directly accessible from the Internet.  Vulnerabilities in IoT (Internet of Things) devices, including cameras, have been making the news.  Just last month there was a big DDoS attack support by a big botnet of compromosied cameras, printers and routers.  The attack severely impacted a significant part of the Internet.

 

Consider getting 3rd party video security software and making the cameras accessible through it.  There are lots of choices out there: Blue Iris, IP Camera Viewer, iSpy, etc.  Go to IP camera forums and get tips on setting it up and making it secure.

Message 6 of 15
Pluto8
Apprentice

Re: LAN access from remote R7000

Just to add – I had the same problem about a year ago. There were numerous entries in the log from various places, many from China. When I turned UPnP off in my R7000 router, they all disappeared. And I did not experience any other problems with UPnP off.

 

I have some IP cameras, for example Logitech Alert and D-Link cameras. The cameras are registered with the vendor, and I can watch the video from anywhere in the world. With D-Link, I use the “mydlink” app. I don’t know exactly how they access my cameras, but it works fine.

 

And of course I have good passwords in the cameras

Message 7 of 15
TheEther
Guru

Re: LAN access from remote R7000

I did a little research.  In order to use the mydlink, you have to register your cameras with the mydlink website.  Once you do that, the cameras initiate a connection to their server.  The "mydlink" app will also contact their server.  There are two possible ways the app will get video from the cameras.

 

If you have UPnP enabled on your router, then the server will tell the app how to contact the camera directly to get the video feed.  

 

If UPnP is not enabled, then the server will obtain the video feed from the camera and relay it to the app.  Only 1 minute of video is available.  No doubt this is done to keep the server from overloading.  While this method is safer for your home network and cameras, you are relaying your video through D-Link.  I really doubt D-Link would ever peep into your cameras but it could be a privacy concern for many. 

Message 8 of 15
Pluto8
Apprentice

Re: LAN access from remote R7000

Thanks for the information. Yes, there is a one minute limit of video, and then there is an option to continue watching for another minute.

 

 I also have been thinking that there is a possibility they can peep into the video, but with all those cameras around, I would not be so concerned. But I will be careful with where I place the cameras…

Message 9 of 15
GearNetRouter
Virtuoso

Re: LAN access from remote R7000

Thanks to both of you. I disabled UpNP and the cams (DLINK) still work. However, it seems I don't get any 1 minute limit. The clock shows serveral minutes have passed now and I get no message it has stopped. There is no motion in the background but I dont think its an issue as the clock is still ticking....

 

Looks like by default this router enabled UpNP and DLINK's software set up each cam for the user without any warning of the implications.

 

BTW do you know why an Android device would show as an attempted outside connection? Is this due to an intruder just scanning for things?

 

Will check the logs later and report again to see if any outside connections. 

Message 10 of 15
Pluto8
Apprentice

Re: LAN access from remote R7000

In the D-Link app there are two options: Remote or local viewing. In local, there is no time limit, since it only uses your LAN. The remote goes through the D-Link server and has the time limit. You should check that you are using the remote option.

Message 11 of 15
Pluto8
Apprentice

Re: LAN access from remote R7000

I should add that if you and your camera are on the same LAN, the mydlink app will recognize this and use the local option, even if you select remote. So there will not be any time limit.

 

To test this, you should try to access the camera from another network.

Message 12 of 15
GearNetRouter
Virtuoso

Re: LAN access from remote R7000

Thats a good point. As you know the router is dual band. I have my devices on one band and mydlink app on a different band to to try to emulate remote access. I guess it doesnt matter. Will try this out soon from an oustide router and report back. I checked the log and have not seen any intrusions!! Very happy.

Message 13 of 15
TheEther
Guru

Re: LAN access from remote R7000

Both bands on a dual band router on bridged together and are part of the local network.  Disconnect the device running the mydlink app from your Wi-Fi network and switch to the cellular data connection.  That will put it outside your network.

Message 14 of 15
JohnQMajors
Initiate

Re: LAN access from remote R7000

This is one aspect where NetGear is sorely lacking imho.

previous threads, (Block-inbound-IP-address/m-p/1010272#M21664) posted as 'Solved' is not 'Solved'.

Every post such as this, the response is generally stated as; 'the router has a built in firewall that will take care of it' which is total BS.

ANYTIME someone has a specific IP and port to probe you with, it can be only a matter of time when they will hit up the unique format that will allow access.... PERIOD. For NetGear to rely solely on its internal Firewall is nonsense. (case in point below).

I chose this router after literally months of research, and this was a feature (or lack thereof) that almost caused me to go with another brand. I chose performance, a decision I am wondering about.

Especially since the 'internet of things' is becoming more and more an everyday, every home (I know not literally but still) occurrence,  NetGear seriously needs to give some re-thought to add this feature "InBound IP Address Block" into the firmware... PERIOD.

While I do have some IP cameras, I do not access them from remote, (and that means nothing as others possibly _could_) however I do have a FTP server which I often use from remote.

 

Somehow, someway, someone has determined this, and I routinely get probes of my IP address, specifically targeting the xx.xx.xx.50:52522 IP address this server is configured for, and probing one port call after another, some ports for which I must open for the server to work.

It's only a matter of time before they accidently find the port, and will get a login prompt. Provided that scenario occurs, NOTHING in the NetGear firewall is going to stop it as it will appear to be legit traffic.  <<< ---- *** Note NetGear -- THIS IS WHY THIS IS NEEDED!!!

 

One day, they are going to hit upon the correct, open port, and get a response of some type, and then I'm screwed... they'll hit me and hit hard... don't worry NetGear's firewall is on duty.... seriously?


Yes I could change the internal IP, then reconfig the server, then the Windows Firewall, and change the open ports in the router, and ... blah blah blah.

Would be much simpler to just be able to add, ban 185.156.*.*  and DONE. I know no one in Amsterdam, or China, or Hong Kong. No one should be probing my IP.

 

I shake my head sometimes at folks who are so fonvinced they are correct, and they just aren't.

 

This is the best performance router I've ever had. It's like having a Rolls Royce, but it doesn't come with a radio.  It's just nonsense.

 

Message 15 of 15
Top Contributors
Discussion stats
  • 14 replies
  • 24399 views
  • 3 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7