Windows 10: Router settings, upnp enabled by mistake

  1.    24 Nov 2016 #1

    Router settings, upnp enabled by mistake


    Hello,

    I'm using a Netgear router which is configured to email logs to me once a day. We have been away from this residence with internet and router off for a few months. When we returned, I was having trouble with internet access, and at one point it looked like the router might be the issue. I had tried restoring settings from a previous backup as part of troubleshooting, and I failed to take a close look at those settings. Internet access was restored after some efforts from myself and the ISP. I have one Windows 10 laptop, 3 apple devices, and a printer, all wireless. I have difficult passwords for router admin access and wireless network access. Guest network is off. I have never used port triggering or port forwarding, have never been involved in torrents. Remote access to the router has never been on.

    For the past few days since we have been back at this residence and using this internet connection, I saw items in the router logs that I hadn't seen before and I now wish I had paid more attention. These are:

    [LAN access from remote] from....and then IP addresses and ports to the Windows 10 laptop. Some of the IP addresses are Microsoft. There are others, however, that are not, and these concern me. There is one from Taiwan, a couple from addresses in the U.S. (I am in the U.S.), and one from Greece. I've checked on the IP addresses in yesterday's log, and they are Spamhaus blacklisted. These connections were to port 57294.

    I did some research into this and I have since disabled UpnP in the router settings. These LAN access from remote entries stopped once I did that. A check with speedguide.net which I did just now (with Upnp on the router now disabled) shows that port is now filtered. I don't know if it was before I disabled Upnp.

    I use Windows Defender and the Windows firewall. I have Hitman Pro Alert always on. I have scanned the laptop with Malwarebytes and Hitman Pro. Hitman Pro always shows an Ask.com entry for the Chrome browser, but it's just an empty web data file. There's no toolbar involved. No malware has been found. I included the rootkit scan in the Malwarebytes scan.

    This laptop is used for banking and I have logged into bank accounts in the past week.

    Do I need to be concerned about malware or security compromise?
      My System SpecsSystem Spec

  2.    24 Nov 2016 #2

    Upnp let's local software or device go fully open ports like a Xbox so something Local was opening the ports once opened access can then be from remote system to the PC
      My System SpecsSystem Spec

  3.    24 Nov 2016 #3

    Samuria said: View Post
    Upnp let's local software or device go fully open ports like a Xbox so something Local was opening the ports once opened access can then be from remote system to the PC
    I don't have any sort of gaming console. All the "LAN access from remote" was related solely to the Windows 10 laptop. I don't know what on this laptop was opening those ports, I can't find anything that points to malware doing it. I am seeing these entries as well:

    [UPnP set event: add_nat_rule] and [UPnP set event: del_nat_rule as well. I found some old emails from a couple of years ago with these sorts of entries and I probably disabled UPnP after that. I didn't have this particular laptop back then, it would have been an older laptop running Windows 8. There were no LAN access entries in those logs from back then, just the UPnP events.

    I just wonder what was occurring when those connections I mentioned in my post were being made and if I need to be concerned about anything. I'm glad I closed the hole, just wish I had been paying closer attention and could have done it sooner.
      My System SpecsSystem Spec

  4. sml156's Avatar
    Posts : 405
    Microsoft Windows 10 Pro 32-bit 10586
       24 Nov 2016 #4

    Relax there are ten's hundreds of thousands of script kiddies out there that try to scan vulnerable IP's for open ports that they can use to run some type of exploit that will benefit them.

    I have not checked my router logs for quite a while, But when I did I used to strip all the IP's and use an automated scrip to WhoIs to find out what country they were from and never once did I suspect that they somehow managed to break into my home network.

    When I did check my router logs I posted them on pastebin.

    Here is the last time I checked, To see the whois info you will have to scroll down to line 206.
    http://pastebin.com/K9EiVwGN

    And also if you end up getting hell bent on blocking countries here is a good place to start
    Taiwan; http://www.ipdeny.com/ipblocks/data/...ggregated.zone

    All countries;
    http://www.ipdeny.com/ipblocks/
      My System SpecsSystem Spec


 

Related Threads
Hello everyone I live in Germany and I recently switched on Vodafone Kabel. They gave me a cbn CH7466CE. Week 1 all were working properly unltil one day I noticed the weird thing that some settings was gone in my router and in particular on the...
UPnP feature in Network and Sharing
Hi all, I got a feature called UPnP on my router device and its is default enabled. I did some research on it and came to know users make it use for media streaming and gaming consoles like Xbox and PS3 and other stuff.I have found some tools like...
Trade exchange virus + Unable to access router settings in AntiVirus, Firewalls and System Security
Hello everyone! I am facing Trade Exchange virus which creates additional tabs while using browser. I did some research on internet and have tried few methods (Malwarebytes & Adware Removal Tool), but to no help. I read somewhere that this...
I have an ASUS 2 speed router - it worked fine in Win 7, allowing me to target the 5.2 MHz stream toward my TV for streaming, and use the 2.5 MHz speed for the computers, tablets & phones. Well, I lost my motherboard, and purchased a CPU with...
Solved Manage Wi-Fi Settings Mistake in Network and Sharing
Under the Manage Wi-Fi Settings... Manage Known Networks, I made a mistake and selected "FORGET" and then "APPLY". Afterwards, my Wi-Fi connection was not recognized. I connected the ethernet cable to the router and was back on the internet but it...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 08:33.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums