New
#1
Router settings, upnp enabled by mistake
Hello,
I'm using a Netgear router which is configured to email logs to me once a day. We have been away from this residence with internet and router off for a few months. When we returned, I was having trouble with internet access, and at one point it looked like the router might be the issue. I had tried restoring settings from a previous backup as part of troubleshooting, and I failed to take a close look at those settings. Internet access was restored after some efforts from myself and the ISP. I have one Windows 10 laptop, 3 apple devices, and a printer, all wireless. I have difficult passwords for router admin access and wireless network access. Guest network is off. I have never used port triggering or port forwarding, have never been involved in torrents. Remote access to the router has never been on.
For the past few days since we have been back at this residence and using this internet connection, I saw items in the router logs that I hadn't seen before and I now wish I had paid more attention. These are:
[LAN access from remote] from....and then IP addresses and ports to the Windows 10 laptop. Some of the IP addresses are Microsoft. There are others, however, that are not, and these concern me. There is one from Taiwan, a couple from addresses in the U.S. (I am in the U.S.), and one from Greece. I've checked on the IP addresses in yesterday's log, and they are Spamhaus blacklisted. These connections were to port 57294.
I did some research into this and I have since disabled UpnP in the router settings. These LAN access from remote entries stopped once I did that. A check with speedguide.net which I did just now (with Upnp on the router now disabled) shows that port is now filtered. I don't know if it was before I disabled Upnp.
I use Windows Defender and the Windows firewall. I have Hitman Pro Alert always on. I have scanned the laptop with Malwarebytes and Hitman Pro. Hitman Pro always shows an Ask.com entry for the Chrome browser, but it's just an empty web data file. There's no toolbar involved. No malware has been found. I included the rootkit scan in the Malwarebytes scan.
This laptop is used for banking and I have logged into bank accounts in the past week.
Do I need to be concerned about malware or security compromise?