F5F Stay Refreshed Power Users Networks Router Security

Router Security

Router Security

F
Foxson
Member
Find
155
02-07-2023, 06:37 AM
#1
I have been observing some irregularities with my router over the past two weeks. I decided to review the network logs to understand what might be causing the instability, especially since I’m forwarding certain ports for services like Nextcloud and a Minecraft server. I’m familiar with the potential dangers of port forwarding and checked the router logs, which revealed someone was accessing my Nextcloud server from various ports remotely. While I don’t think they successfully gained access, I wondered if it’s possible to temporarily disable network connectivity or if there’s any form of remote intrusion. I haven’t encountered any specific attacks matching my symptoms. Currently, I’ve stopped using the cloud server and turned off the affected port on my forwarding settings. The issue has stopped occurring for about half an hour, though it still happens every few minutes.
Reply
Reply
F
Foxson
02-07-2023, 06:37 AM #1

I have been observing some irregularities with my router over the past two weeks. I decided to review the network logs to understand what might be causing the instability, especially since I’m forwarding certain ports for services like Nextcloud and a Minecraft server. I’m familiar with the potential dangers of port forwarding and checked the router logs, which revealed someone was accessing my Nextcloud server from various ports remotely. While I don’t think they successfully gained access, I wondered if it’s possible to temporarily disable network connectivity or if there’s any form of remote intrusion. I haven’t encountered any specific attacks matching my symptoms. Currently, I’ve stopped using the cloud server and turned off the affected port on my forwarding settings. The issue has stopped occurring for about half an hour, though it still happens every few minutes.

Reply
Reply
B
bigdogebro123
Junior Member
Find
8
02-07-2023, 08:38 AM
#2
The router seems to be malfunctioning because it keeps trying to connect repeatedly.
Reply
Reply
B
bigdogebro123
02-07-2023, 08:38 AM #2

The router seems to be malfunctioning because it keeps trying to connect repeatedly.

Reply
Reply
F
FrostyPorkChop
Member
Find
158
02-24-2023, 11:46 PM
#3
You're wondering if someone is trying to connect to my server. It seems like only a few ports are open, and the last time someone accessed it remotely was at 11 AM with the message "Lan accessed remotely." The random restarts you experienced were around 1 to 2:10 PM.
Reply
Reply
F
FrostyPorkChop
02-24-2023, 11:46 PM #3

You're wondering if someone is trying to connect to my server. It seems like only a few ports are open, and the last time someone accessed it remotely was at 11 AM with the message "Lan accessed remotely." The random restarts you experienced were around 1 to 2:10 PM.

Reply
Reply
F
Fareh
Junior Member
Find
49
02-25-2023, 02:24 AM
#4
It seems like the issue might be with your router's functionality.
Reply
Reply
F
Fareh
02-25-2023, 02:24 AM #4

It seems like the issue might be with your router's functionality.

Reply
Reply
I
Imhacking__
Junior Member
Find
17
02-27-2023, 02:19 AM
#5
You're dealing with a tricky setup issue. The logs show your router is responding to your server's IP, but there might be a mismatch or misconfiguration. After powering up, the router soft restarted, which could have reset settings. Check if the port you're seeing is active and ensure your server is correctly assigned an IP address. If the issue persists, consider verifying the network settings on both devices.
Reply
Reply
I
Imhacking__
02-27-2023, 02:19 AM #5

You're dealing with a tricky setup issue. The logs show your router is responding to your server's IP, but there might be a mismatch or misconfiguration. After powering up, the router soft restarted, which could have reset settings. Check if the port you're seeing is active and ensure your server is correctly assigned an IP address. If the issue persists, consider verifying the network settings on both devices.

Reply
Reply
F
fit02z
Junior Member
Find
18
02-27-2023, 02:59 AM
#6
It's not possible to resolve these issues. You'd need to either swap the entire router or update its firmware.
Reply
Reply
F
fit02z
02-27-2023, 02:59 AM #6

It's not possible to resolve these issues. You'd need to either swap the entire router or update its firmware.

Reply
Reply
P
PunjabiAK74U
Member
Find
73
02-27-2023, 10:47 AM
#7
You can review the Netgear logs to see if traffic from your IP appears outside your local network. The DoS attack alert indicates a potential scanning activity targeting your device, likely related to exploiting vulnerabilities. After updating firmware, ensure your Nextcloud server is properly secured and consider blocking suspicious IPs.
Reply
Reply
P
PunjabiAK74U
02-27-2023, 10:47 AM #7

You can review the Netgear logs to see if traffic from your IP appears outside your local network. The DoS attack alert indicates a potential scanning activity targeting your device, likely related to exploiting vulnerabilities. After updating firmware, ensure your Nextcloud server is properly secured and consider blocking suspicious IPs.

Reply
Reply
K
Kytzis
Member
Find
183
02-27-2023, 01:26 PM
#8
You're safe if you haven't made mistakes like enabling DMZ or similar settings and your router isn't exposed to any exploitable weaknesses. If vulnerabilities existed, the logs wouldn't matter since they could be deleted easily.
Reply
Reply
K
Kytzis
02-27-2023, 01:26 PM #8

You're safe if you haven't made mistakes like enabling DMZ or similar settings and your router isn't exposed to any exploitable weaknesses. If vulnerabilities existed, the logs wouldn't matter since they could be deleted easily.

Reply
Reply
K
kawaiGIRL50
Junior Member
Find
15
02-28-2023, 05:47 PM
#9
I use my AT router in pass-through mode connected to a Netgear router, but I’m not sure it’s a problem since neither device appears in DMZ.
Reply
Reply
K
kawaiGIRL50
02-28-2023, 05:47 PM #9

I use my AT router in pass-through mode connected to a Netgear router, but I’m not sure it’s a problem since neither device appears in DMZ.

Reply
Reply