Jump to content

Network security advice,please?


biob
 Share

Recommended Posts

Hi guys and girls

im getting increasingly worried about the web facing side of my network😔 I’ve recently seen getting port scanned by a device which shouldn’t that shouldn’t be there( only one device should be there). I’m double NAT’d with ISP router and my own.

Ive recently bought a edgerouter, but worried about configuring the firewall wrong. Can someone please advise? I want to keep my family safe.

Link to comment
Share on other sites

Hi digininja,

sorry yes I meant internet facing.

The first router(ISP device, WiFi is disabled)in the chain only has one client connected(my router, WiFi enabled and internal devices connect to this). Example let say my router was 10.4.4.2 and the isp router is the gateway(10.4.4.1). My router was being port scanned on 10.4.4.77, this showed up in my routers logs(IP scheme is for demonstration purposes)

I’ve also seen a couple of port scans on my router from external IP’s and when I investigated my isp router had been reset to factory default(This concerned me).

 

Link to comment
Share on other sites

I should mention when I saw it in the logs I pinged it and done a basic port scan on my phone. It was still there and port 53 was open on it. Started up my laptop and the used nmap and  device stopped responding. Tried on my phone again and it wasn’t there anymore.

Link to comment
Share on other sites

Don't worry about the external stuff, any box on the internet is getting hit like that all the time.

For the internal, I assume the ISP modem is plugged directly into your firewall box with a cable and that there is nothing else connected between them, all the rest of the boxes are on the other side of your internal box.

Are you using a different subnet for the internal network? i.e. not 10.4.4.0/24? Where are you seeing the alerts? Is it on your router or on another box? What is the router? Is it something you can trust to give good information or a cheap box that may just have bugs and be mis-representing the information?

Link to comment
Share on other sites

Have ISP box in router mode(first layer of NAT) connected to second router(internal network, different subnet). RJ45 connection between both router with nothing in between.

My router is a Netgear nighthawk and not a lot of control options. SPI is turned on ,on both router and I’ve also setup to block ports that have no reason to leave my network.

im seeing the alerts on the nighthawk logs.

                           Internet

ISP router/modem(NAT)(first subnet)

My router(NAT)(2nd subnet, nighthawk)

                          My network

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...