F5F Stay Refreshed Power Users Networks The new router is showing a continuous flow of brute force attempts against your device.

The new router is showing a continuous flow of brute force attempts against your device.

The new router is showing a continuous flow of brute force attempts against your device.

S
stoertje2002
Junior Member
Find
3
10-28-2023, 02:17 PM
#1
Hello, I recently switched to a Netgear Nighthawk AX4300 router. I’ve set up a few ports forwarded to my home server for RDP and Emby (similar to Plex). The device includes a 30-day trial of Armor software. Since I forwarded the ports about a week ago—after installing the router—I’m receiving around 100 alerts each day claiming that “Netgear Armor has blocked a brute force hacking attempt on [my computer] from [various IP addresses].” The activity appears to be growing over time. An IP address often repeats briefly before changing, suggesting either multiple attackers or one using a VPN and rotating IPs. Is this genuine? Could there really be more hackers trying to crack my login, which is already pretty mundane? Or are the alerts just false positives from Armor? I had these ports forwarded on my previous router for years without issues, but these notifications are a bit alarming. Thanks!
Reply
Reply
S
stoertje2002
10-28-2023, 02:17 PM #1

Hello, I recently switched to a Netgear Nighthawk AX4300 router. I’ve set up a few ports forwarded to my home server for RDP and Emby (similar to Plex). The device includes a 30-day trial of Armor software. Since I forwarded the ports about a week ago—after installing the router—I’m receiving around 100 alerts each day claiming that “Netgear Armor has blocked a brute force hacking attempt on [my computer] from [various IP addresses].” The activity appears to be growing over time. An IP address often repeats briefly before changing, suggesting either multiple attackers or one using a VPN and rotating IPs. Is this genuine? Could there really be more hackers trying to crack my login, which is already pretty mundane? Or are the alerts just false positives from Armor? I had these ports forwarded on my previous router for years without issues, but these notifications are a bit alarming. Thanks!

Reply
Reply
G
GamerTV1
Member
Find
116
11-09-2023, 07:13 PM
#2
It's possible the connections through forwarded ports are triggering alerts. You might want to disable RDP and Emby to check if the issue persists.
Reply
Reply
G
GamerTV1
11-09-2023, 07:13 PM #2

It's possible the connections through forwarded ports are triggering alerts. You might want to disable RDP and Emby to check if the issue persists.

Reply
Reply
K
Kamikaze_007
Senior Member
Find
625
11-09-2023, 08:55 PM
#3
Did you enable port 3389 on your router? Is it one of the frequently targeted ports for breaches? Consider disabling it and check if the problem resolves.
Reply
Reply
K
Kamikaze_007
11-09-2023, 08:55 PM #3

Did you enable port 3389 on your router? Is it one of the frequently targeted ports for breaches? Consider disabling it and check if the problem resolves.

Reply
Reply
V
Valentine45
Junior Member
Find
23
11-23-2023, 07:10 PM
#4
Running RDP publicly invites dictionary attacks. Avoid exposing ports 445 and 3389. You might limit or slow traffic with ufw, but these scans will persist. The safest approach is to use a VPN for remote access.
Reply
Reply
V
Valentine45
11-23-2023, 07:10 PM #4

Running RDP publicly invites dictionary attacks. Avoid exposing ports 445 and 3389. You might limit or slow traffic with ufw, but these scans will persist. The safest approach is to use a VPN for remote access.

Reply
Reply
T
ThePwner
Junior Member
Find
5
11-29-2023, 05:14 AM
#5
These are automated assaults. The majority originate from bots scanning the web for vulnerable open ports and instantly attempt to exploit them. Those controlling the bots probably remain unaware until they successfully breach and compromise your data. Attackers typically don’t know if your system is valuable until they’ve tested it. Be cautious with personal files—they can lead to identity theft, blackmail, or ransomware. If you need remote access, configure a VPN through your router and connect to your internal network. Avoid sending sensitive information such as RDP directly over the internet.
Reply
Reply
T
ThePwner
11-29-2023, 05:14 AM #5

These are automated assaults. The majority originate from bots scanning the web for vulnerable open ports and instantly attempt to exploit them. Those controlling the bots probably remain unaware until they successfully breach and compromise your data. Attackers typically don’t know if your system is valuable until they’ve tested it. Be cautious with personal files—they can lead to identity theft, blackmail, or ransomware. If you need remote access, configure a VPN through your router and connect to your internal network. Avoid sending sensitive information such as RDP directly over the internet.

Reply
Reply
M
McILucky
Member
Find
194
11-29-2023, 10:08 AM
#6
RDP on port 3389 is frequently targeted by automated attacks. Other common ports include SSH (22), FTP (21), and SMB (445). ^^^DO NOT SHARE THESE ADDRESSES!!!!^ If you need to connect internally from outside, consider configuring OpenVPN over port 443 for secure communication.
Reply
Reply
M
McILucky
11-29-2023, 10:08 AM #6

RDP on port 3389 is frequently targeted by automated attacks. Other common ports include SSH (22), FTP (21), and SMB (445). ^^^DO NOT SHARE THESE ADDRESSES!!!!^ If you need to connect internally from outside, consider configuring OpenVPN over port 443 for secure communication.

Reply
Reply
V
Verloh
Member
Find
71
12-04-2023, 03:07 PM
#7
Thanks for the feedback! It seems I faced a lot of brute force attempts before I noticed. I’m exploring OpenVPN and plan to install it on my server once I disable the RDP port forward.
Reply
Reply
V
Verloh
12-04-2023, 03:07 PM #7

Thanks for the feedback! It seems I faced a lot of brute force attempts before I noticed. I’m exploring OpenVPN and plan to install it on my server once I disable the RDP port forward.

Reply
Reply
T
TBaltazar
Junior Member
Find
19
12-05-2023, 08:41 PM
#8
I understand it's taken some time, so I'll wrap up here. I turned off the port forwarding for RDP, and the alerts about brute force attempts vanished right away. I've been using RDP port forwarding for years, and when I first began, I didn't notice any warnings against it. It highlights how security practices evolve. Thanks for your assistance!
Reply
Reply
T
TBaltazar
12-05-2023, 08:41 PM #8

I understand it's taken some time, so I'll wrap up here. I turned off the port forwarding for RDP, and the alerts about brute force attempts vanished right away. I've been using RDP port forwarding for years, and when I first began, I didn't notice any warnings against it. It highlights how security practices evolve. Thanks for your assistance!

Reply
Reply