- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
curious connection attempts from FVS318G
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
curious connection attempts from FVS318G
anyone have any idea why the VPN Firewall would be probing static IPs on my subnet on port 1792? I can't find a good reason the firewall would be doing this. doesn't seem neferious, but I like to know what's happening on my network.
Five Minutes of PCAP filtered for port 1792
tcpdump port 1792 -vvv -nn -r rPi_2016-11-19_05:39:35.pcap
reading from file rPi_2016-11-19_05:39:35.pcap, link-type EN10MB (Ethernet)
05:41:12.822665 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29)
192.168.0.1.1058 > 192.168.0.6.1792: [udp sum ok] UDP, length 1
05:41:23.138814 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29)
192.168.0.1.1058 > 192.168.0.40.1792: [udp sum ok] UDP, length 1
05:41:23.205347 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29)
192.168.0.1.1058 > 192.168.0.41.1792: [udp sum ok] UDP, length 1
05:41:23.754273 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29)
192.168.0.1.1058 > 192.168.0.47.1792: [udp sum ok] UDP, length 1
05:41:24.314786 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29)
192.168.0.1.1058 > 192.168.0.50.1792: [udp sum ok] UDP, length 1
05:41:24.467801 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29)
192.168.0.1.1058 > 192.168.0.51.1792: [udp sum ok] UDP, length 1
last 24 hours stats:
source | desination | destination port | # of source ports | event count
192.168.0.1 | 192.168.0.10 | 1792 | 7 | 454 |
192.168.0.1 | 192.168.0.165 | 1792 | 7 | 457 |
192.168.0.1 | 192.168.0.17 | 1792 | 7 | 934 |
192.168.0.1 | 192.168.0.20 | 1792 | 7 | 932 |
192.168.0.1 | 192.168.0.21 | 1792 | 7 | 931 |
192.168.0.1 | 192.168.0.22 | 1792 | 7 | 931 |
192.168.0.1 | 192.168.0.31 | 1792 | 7 | 935 |
192.168.0.1 | 192.168.0.40 | 1792 | 7 | 456 |
192.168.0.1 | 192.168.0.41 | 1792 | 7 | 454 |
192.168.0.1 | 192.168.0.47 | 1792 | 7 | 453 |
192.168.0.1 | 192.168.0.50 | 1792 | 7 | 457 |
192.168.0.1 | 192.168.0.51 | 1792 | 7 | 457 |
192.168.0.1 | 192.168.0.6 | 1792 | 7 | 461 |
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: curious connection attempts from FVS318G
Hi AzJimbo,
Welcome to the community! 🙂
Kindly answer the questions below:
a. Are there any firewall rules configured that includes port 1792 on the FVS318G?
b. I found out online that port 1792 is a UDP port used for online games like NHL 2003. Are you playing online games that requires port 1792 to be opened on the FVS318G?
c. What is the current firmware version of the FVS318G?
I look forward to your response.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: curious connection attempts from FVS318G
no rules related to 1792 or any range that includes that port; no nfl games (or any games on that lan segment).
Firmware:3.1.1-18 The curious activity predates my upgrade to this firmware.
I have UPnP disabled. No VLANs running; only two ports open both TCP and no where near that port.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: curious connection attempts from FVS318G
Hi AzJimbo,
Did you perform a factory reset on the FVS318G after upgrading the firmware to v3.1.1.18? It is recommended to reset the firewall router to factory default settings after doing a firmware upgrade then reconfigure it from scratch.
For the logs to be interpreted, I suggest you to open an online case with NETGEAR Support at anytime. Kindly state your concern and attached the logs on the online case. The online case will be escalated to the engineering team and they will be one to analyze the logs.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: curious connection attempts from FVS318G
Hi AzJimbo,
I just want to follow-up. Were you able to perform a factory reset on the FVS318G? Also, were you able to open an online case with NETGEAR Support for the logs to be analyzed? If yes, keep us posted about the progress of the online case.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: curious connection attempts from FVS318G
A factory reset from and reconfig from scratch is not a trivial undertaking. I have to budget time to do this. Reconfiguing from scratch and not just restoring a backup requires that I document the current settings to ensure I don't miss any important rules or settings.
Ultimately, I don't necessarily want to undertake that task unless we're sure that's going to address this curiosity. I'm also more interested in why this generally benign issue is happening vice trying to get it to stop.
Also, the download page didn't mention anything about reconfig from scratch. http://kb.netgear.com/app/answers/detail/a_id/25701 Seeing that for the first time in your note was a little disconcerting.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: curious connection attempts from FVS318G
Hi AzJimbo,
Doing a factory reset then reconfiguring the device from scratch after a firmware upgrade makes the device have a clean start with the new firmware uploaded. If this will seem to take too much of your time, then you may first do a back-up of the configuration then restore it after doing a firmware upgrade and check if same problem occurs. However, be reminded it is possible that the restored configuration might contain errors that is why a way to isolate the problem is to reconfigure the device from scratch.
Going back to the logs/packet capture you've posted, our engineering team is capable of interpreting it. Opening an online case with NETGEAR Support will help.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: curious connection attempts from FVS318G
Hi AzJimbo,
Just want to follow-up on this. Have you already tried to perform a factory reset on the FVS318G? If yes, what are your observations?
Also, were you able to open an online case with NETGEAR Support for the logs to be analyzed?
Regards,
DaneA
NETGEAR Community Team