Jump to content
biob

Network security advice,please?

Recommended Posts

Hi guys and girls

im getting increasingly worried about the web facing side of my network😔 I’ve recently seen getting port scanned by a device which shouldn’t that shouldn’t be there( only one device should be there). I’m double NAT’d with ISP router and my own.

Ive recently bought a edgerouter, but worried about configuring the firewall wrong. Can someone please advise? I want to keep my family safe.

Share this post


Link to post
Share on other sites

Give us more information. What do you mean by a device that shouldn't be there? Where is it and how do you know it is scanning you?

When you say web facing, do you mean internet facing?

  • Upvote 1

Share this post


Link to post
Share on other sites

Hi digininja,

sorry yes I meant internet facing.

The first router(ISP device, WiFi is disabled)in the chain only has one client connected(my router, WiFi enabled and internal devices connect to this). Example let say my router was 10.4.4.2 and the isp router is the gateway(10.4.4.1). My router was being port scanned on 10.4.4.77, this showed up in my routers logs(IP scheme is for demonstration purposes)

I’ve also seen a couple of port scans on my router from external IP’s and when I investigated my isp router had been reset to factory default(This concerned me).

 

Share this post


Link to post
Share on other sites

I should mention when I saw it in the logs I pinged it and done a basic port scan on my phone. It was still there and port 53 was open on it. Started up my laptop and the used nmap and  device stopped responding. Tried on my phone again and it wasn’t there anymore.

Share this post


Link to post
Share on other sites

I think the scan on my phone is giving a false positive.... can scan other IP’s in that range and I’m getting same results 🤔

Share this post


Link to post
Share on other sites

One example of log

DoS attack:FIN Scan (1) attack packets from 216.58.204.34

internal one was:

DoS attack:ACK Scan (1) attack packets from 10.4.4.77

Share this post


Link to post
Share on other sites

Don't worry about the external stuff, any box on the internet is getting hit like that all the time.

For the internal, I assume the ISP modem is plugged directly into your firewall box with a cable and that there is nothing else connected between them, all the rest of the boxes are on the other side of your internal box.

Are you using a different subnet for the internal network? i.e. not 10.4.4.0/24? Where are you seeing the alerts? Is it on your router or on another box? What is the router? Is it something you can trust to give good information or a cheap box that may just have bugs and be mis-representing the information?

Share this post


Link to post
Share on other sites

Have ISP box in router mode(first layer of NAT) connected to second router(internal network, different subnet). RJ45 connection between both router with nothing in between.

My router is a Netgear nighthawk and not a lot of control options. SPI is turned on ,on both router and I’ve also setup to block ports that have no reason to leave my network.

im seeing the alerts on the nighthawk logs.

                           Internet

ISP router/modem(NAT)(first subnet)

My router(NAT)(2nd subnet, nighthawk)

                          My network

Share this post


Link to post
Share on other sites

To hit that IP address, have you tried plugging in on the modem to nighthawk connection?

Share this post


Link to post
Share on other sites

Maybe you have a 5gz isp router/modem but your devices arent picking it up because they dont support 5gz network?

Share this post


Link to post
Share on other sites

He said he had turned WiFi off on the ISP device. Anything on his device should be getting an IP from the client side which wouldn't be on that subnet.

  • Like 1

Share this post


Link to post
Share on other sites

I’ve stuck a Packet squirrel in between isp router and mine. Turned all my clients off, so I can see what was going through last night. But have nothing in router logs for last night 🤔

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...