Windows 10: Router settings, upnp enabled by mistake
Router settings, upnp enabled by mistake
I'm using a Netgear router which is configured to email logs to me once a day. We have been away from this residence with internet and router off for a few months. When we returned, I was having trouble with internet access, and at one point it looked like the router might be the issue. I had tried restoring settings from a previous backup as part of troubleshooting, and I failed to take a close look at those settings. Internet access was restored after some efforts from myself and the ISP. I have one Windows 10 laptop, 3 apple devices, and a printer, all wireless. I have difficult passwords for router admin access and wireless network access. Guest network is off. I have never used port triggering or port forwarding, have never been involved in torrents. Remote access to the router has never been on.
For the past few days since we have been back at this residence and using this internet connection, I saw items in the router logs that I hadn't seen before and I now wish I had paid more attention. These are:
[LAN access from remote] from....and then IP addresses and ports to the Windows 10 laptop. Some of the IP addresses are Microsoft. There are others, however, that are not, and these concern me. There is one from Taiwan, a couple from addresses in the U.S. (I am in the U.S.), and one from Greece. I've checked on the IP addresses in yesterday's log, and they are Spamhaus blacklisted. These connections were to port 57294.
I did some research into this and I have since disabled UpnP in the router settings. These LAN access from remote entries stopped once I did that. A check with speedguide.net which I did just now (with Upnp on the router now disabled) shows that port is now filtered. I don't know if it was before I disabled Upnp.
I use Windows Defender and the Windows firewall. I have Hitman Pro Alert always on. I have scanned the laptop with Malwarebytes and Hitman Pro. Hitman Pro always shows an Ask.com entry for the Chrome browser, but it's just an empty web data file. There's no toolbar involved. No malware has been found. I included the rootkit scan in the Malwarebytes scan.
This laptop is used for banking and I have logged into bank accounts in the past week.
Do I need to be concerned about malware or security compromise?
Upnp let's local software or device go fully open ports like a Xbox so something Local was opening the ports once opened access can then be from remote system to the PC
I don't have any sort of gaming console. All the "LAN access from remote" was related solely to the Windows 10 laptop. I don't know what on this laptop was opening those ports, I can't find anything that points to malware doing it. I am seeing these entries as well:
[UPnP set event: add_nat_rule] and [UPnP set event: del_nat_rule as well. I found some old emails from a couple of years ago with these sorts of entries and I probably disabled UPnP after that. I didn't have this particular laptop back then, it would have been an older laptop running Windows 8. There were no LAN access entries in those logs from back then, just the UPnP events.
I just wonder what was occurring when those connections I mentioned in my post were being made and if I need to be concerned about anything. I'm glad I closed the hole, just wish I had been paying closer attention and could have done it sooner.
Relax there are
ten's hundreds of thousands of script kiddies out there that try to scan vulnerable IP's for open ports that they can use to run some type of exploit that will benefit them.
I have not checked my router logs for quite a while, But when I did I used to strip all the IP's and use an automated scrip to WhoIs to find out what country they were from and never once did I suspect that they somehow managed to break into my home network.
When I did check my router logs I posted them on pastebin.
Here is the last time I checked, To see the whois info you will have to scroll down to line 206.
And also if you end up getting hell bent on blocking countries here is a good place to start
I live in Germany and I recently switched on Vodafone Kabel.
They gave me a cbn CH7466CE. Week 1 all were working properly unltil one day I noticed the weird thing that some settings was gone in my router and in particular on the...
I got a feature called UPnP on my router device and its is default enabled.
I did some research on it and came to know users make it use for media streaming and gaming consoles like Xbox and PS3 and other stuff.I have found some tools like...
I am facing Trade Exchange virus which creates additional tabs while using browser.
I did some research on internet and have tried few methods (Malwarebytes & Adware Removal Tool), but to no help.
I read somewhere that this...
I have an ASUS 2 speed router - it worked fine in Win 7, allowing me to target the 5.2 MHz stream toward my TV for streaming, and use the 2.5 MHz speed for the computers, tablets & phones.
Well, I lost my motherboard, and purchased a CPU with...
Under the Manage Wi-Fi Settings... Manage Known Networks, I made a mistake and selected "FORGET" and then "APPLY". Afterwards, my Wi-Fi connection was not recognized. I connected the ethernet cable to the router and was back on the internet but it...