Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Remote Access to LAN R7800

westewart
Aspirant
Aspirant
‎2022-07-04 12:26 PM
‎2022-07-04 12:26 PM

Remote Access to LAN R7800

Hi,

I am concerned about remote access to my LAN.  I have not noticed anything, but for the 1st time I just looked at my router log and saw the following:

[DoS Attack: ACK Scan] from source: 159.100.4.212, port 443, Monday, July 04, 2022 13:00:24
[DoS Attack: ACK Scan] from source: 52.39.32.173, port 443, Monday, July 04, 2022 12:56:45
[LAN access from remote] from 93.186.201.117:36312 to 192.168.1.10:80, Monday, July 04, 2022 12:56:24
[DoS Attack: ACK Scan] from source: 52.39.32.173, port 443, Monday, July 04, 2022 12:56:14
[LAN access from remote] from 109.237.103.123:49642 to 192.168.1.10:80, Monday, July 04, 2022 12:55:54
[LAN access from remote] from 109.237.103.123:47190 to 192.168.1.10:80, Monday, July 04, 2022 12:55:54
[LAN access from remote] from 109.237.103.123:47220 to 192.168.1.10:80, Monday, July 04, 2022 12:55:54

I access the LAN remotely from my apple on occasions, but these logged events were not me.  What should I do to stop these other people whoever they are?

Thanks,

westewart

Message 1 of 7
0 Kudos
Reply
microchip8
Master
Master
‎2022-07-04 03:14 PM
‎2022-07-04 03:14 PM

Re: Remote Access to LAN R7800

Disable remote access. it's nothing but troubles and easy to circumvent
Message 2 of 7
0 Kudos
Reply
michaelkenward
Guru Guru
Guru
‎2022-07-05 10:46 AM
‎2022-07-05 10:46 AM

Re: Remote Access to LAN R7800

@westewart wrote:

Hi,

I am concerned about remote access to my LAN.  I have not noticed anything, but for the 1st time I just looked at my router log and saw the following:

[DoS Attack: ACK Scan] from source: 159.100.4.212, port 443, Monday, July 04, 2022 13:00:24
[DoS Attack: ACK Scan] from source: 52.39.32.173, port 443, Monday, July 04, 2022 12:56:45

Those alerts may have nothing to do with remote access, which can be a useful tool.

 

Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.

 

Search - NETGEAR Communities – DoS attacks

 

Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.

 

Here is a useful tool for that task:

 

IPNetInfo: Retrieve IP Address Information from WHOIS servers

 

One of those is from diva-e Datacenters GmbH. The other one is Amazon.

 

If these events are slowing down your router, that may be because it is using up processor time as it writes the events to your logs. Anything that uses processor power – event logging, QoS management, traffic metering – may cause slowdowns. Disable logging of DoS attacks and see if that reduces the problem. This does not prevent the router from protecting you from the outside world.

 

 

Message 3 of 7
0 Kudos
Reply
westewart
Aspirant
Aspirant
‎2022-07-05 12:15 PM
‎2022-07-05 12:15 PM

Re: Remote Access to LAN R7800

Hi MircroChip8,

I need to do remote work, so how can I access my server more securely?

 

Message 4 of 7
0 Kudos
Reply
westewart
Aspirant
Aspirant
‎2022-07-05 12:18 PM
‎2022-07-05 12:18 PM

Re: Remote Access to LAN R7800

Hi MichaelKenward,

I am not as concerned about the dos attacks that don't seem to have a noticeable impact on router performance.  What I'm concerned about are the remote accesses.  How to I stop them?Does a remote access showing up in the log mean that they were failed attempts at remote access, or does it mean they were successful remote accesses?

 

Message 5 of 7
0 Kudos
Reply
michaelkenward
Guru Guru
Guru
‎2022-07-05 01:22 PM
‎2022-07-05 01:22 PM

Re: Remote Access to LAN R7800

@westewart wrote:

How to I stop them?Does a remote access showing up in the log mean that they were failed attempts at remote access, or does it mean they were successful remote accesses?

 

Very good questions. I'd say that if your password etc security is good, these alerts could be on a par with the fake detections of DoS Attacks.

 

Unfortunately, Netgear's guidance on what those reports mean is hopeless.

 

Google found this:

 

Interpreting Netgear wireless router security logs - Super User

 

I agree with you that remote access is valuable. I am surprised by a blanket "turn it off" suggestion. Maybe they don't use it.

 

Netgear has disabled various really dangerous "remote" options

 

I use the Nighthawk App for remote access all the time. (I have two ISP accounts that I watch.) I don't see entries like that in my logs.

 

Have you looked at these to see if they relate to what you are doing?

 

Don't forget, if they are logged, then they probably aren't getting through your router's defences.

 

 

 

 

 

Message 6 of 7
0 Kudos
Reply
Netbob
Aspirant
Aspirant
‎2022-11-27 07:50 PM
‎2022-11-27 07:50 PM

Re: Remote Access to LAN R7800

just a quick note, instead of turning on remote mgment on your router, create an internal vpn (on the router or my preferred way, on a spare raspberry pi) that way you can start a vpn session from wherever you are and to your router, you are local.)

hih, nb

Message 7 of 7
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 6 replies
  • ‎2022-07-04 12:26 PM
  • 1246 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7