cancel
Showing results for 
Search instead for 
Did you mean: 

Event Log - Port Forwarding

Hooked
Posts: 7
Registered: ‎04-11-2015

Event Log - Port Forwarding

I have a PlusNet One router and was getting a speed problem so have replaced it with a BT Hub5. The setting were the same with no port forwarding. 

The event log only had a few  entries:

11:13:22, 08 Jun. IN: BLOCK [16] Remote administration (TCP [112.85.42.229]:53302-​>[84.92.34.104]:22 on ppp3)
11:13:17, 08 Jun. IN: BLOCK [16] Remote administration (TCP [112.85.42.229]:59543-​>[84.92.34.104]:22 on ppp3)
11:13:12, 08 Jun. IN: BLOCK [16] Remote administration (TCP [112.85.42.229]:56476-​>[84.92.34.104]:22 on ppp3)
11:12:19, 08 Jun. IN: BLOCK [16] Remote administration (TCP [112.85.42.229]:60457-​>[84.92.34.104]:22 on ppp3)

Looking at the Event log (all) for the new router, every 2 mins or so I get the following:

13:40:30, 12 Jun. IN: ACCEPT [57] Connection closed (Port Forwarding: UDP [192.168.1.128]:55973 <-​-​> [x.x.x.x]:55973 -​ -​ -​ [82.14.31.220]:61474 ppp3 NAPT)
13:39:16, 12 Jun. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.128]:55973 <-​-​> [x.x.x.x]:55973 -​ -​ -​ [90.216.171.150]:61295 ppp3 NAPT)
13:39:10, 12 Jun. (228498.650000) Admin login successful by 192.168.1.128 on HTTP
13:38:37, 12 Jun. (228465.950000) New GUI session from IP 192.168.1.128
13:38:10, 12 Jun. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.128]:55973 <-​-​> [x.x.x.x]:55973 -​ -​ -​ [82.14.31.220]:61474 ppp3 NAPT)
13:38:10, 12 Jun. IN: ACCEPT [54] Connection opened (Port Forwarding: UDP [192.168.1.128]:55973 <-​-​> [x.x.x.x]:55973 -​ -​ -​ [40.81.122.228]:3544 ppp3 NAPT)
13:38:01, 12 Jun. (228429.150000) Lease for IP 192.168.1.128 renewed by host WinPC_R (MAC 98:af:65:1c:68:67). Lease duration: 1440 min

This only happens for my PC (192.168.1.128), no other devices cause the entry (my wife's PC or 2 x android phones). I was concerned that this indicated some sort of attack! I checked the LAN traffic and can't find any evidence of access. I have also run the Shields Up from Gibson Labs (GRC) and they confirm, I am 100% shielded, and nothing is visible in the first 1000 ports.

Should I be worried about this?

Thanks 

3 REPLIES 3
Hooked
Posts: 7
Registered: ‎04-11-2015

Re: Event Log - Port Forwarding

OK, it was a pretty uninteresting question I know.

What is interesting is that I have changed my internal IP now on the router from x.x.x.128 to x.x.x.148 and no more port forwarding entries for two days now. Nor any entries that said 'added'

Port forwarding rule added via UPnP/TR064. Protocol: UDP, external ports: any-​>59764, internal ports: 59764, internal client: 192.168.1.128

How can rules be added  for 'outside' that give access to 'any' external address? UPNP is enabled, It is still supposed to be secure.

Thanks

Aspiring Hero
Posts: 12,527
Thanks: 609
Fixes: 19
Registered: ‎01-09-2007

Re: Event Log - Port Forwarding

What is TR064?

"In The Beginning Was The Word, And The Word Was Aardvark."

Hooked
Posts: 7
Registered: ‎04-11-2015

Re: Event Log - Port Forwarding

What indeed, but that is what the router log said. There have been other posts but they related to gaming which I don't do.

Richard