Unauthorized Remote Lan Login on Netgear Router on Comcast
I have been searching for an answer all over the place and hope someone can help me. I even called comcast, but they had no suggestions beyond those I have already tried. I have WPA/TKIP security on my network, Norton, Windows defender, Spybot, and a few other security programs. I am running Windows XP. I have a netgear G/N router. I have allowed LAN access limited to only the MAC addresses of my current computers in the house. I am NOT allowing remote login at all, though this Chinese IP keeps logging in remotely to my router every few minutes. It originates in Bejing and some other cities. I have firewalls from comcast and the router firewall configured.
None of the security programs I have run come up with any indication of intusion. But I am concerned - I don't care if their government is watching me or something crazy - I am only concerned because I do online banking and such and no one should be logging into this router except me from the one designated computer.
The only other setting that I can't seem to change is the Port Forwarding setting. It is running through a service called Age-of-Empire. We don't play any on-line games associated with this. I have added some service rules - like going through FTP on a specific port and such. I cannot seem to change the default or remove the age of empire service. Could that be the problem?
Also, it is logging into the default access of the router. 192.168.100.1 . It logs in on different ports all the time, so I can't just block access to one port. Can I change the default router address?
How do I block/stop this? I am obviously very uncomfortable with this situation, and if anyone has any insight, please share. Thank you!
Software/Hardware used:
Software/Hardware used:
ASKED:
September 4, 2008 7:52 PM
UPDATED:
September 29, 2008 3:29 PM
Answer Wiki:
Can you be sure that the logins are successful? It could be that this remote system is just scanning yours and/or running a continuous script to cause denial-of-service or something. One main suggestion is to ensure that you have the latest firmware on your Netgear. You might actually have to blow away the configuration on the router and start from scratch (with your ISP's assistance of course). This will allow you to start with a clean build since it sounds like the current build/config is suspect. Have you tried asking this question on a Netgear forum or contacting Netgear support?
+++++++++++++++++++++++++++++++++++++++++++++++
You should be able to manually configure your router's IP address. That can be done through the webinterface of the router.
May I ask how you determined the IP was Chinese?
<a href="http://kbserver.netgear.com/kb_web_files/n101675.asp">Netgear Router Security Help</a>
Hope this helps!
-Schmidtw
To see all answers submitted to the Answer Wiki: View Answer History.
Yes I am surev that they are logging in. I don’t have an example of a particular id incident because I am on my laptop right now. But I did a reverse lookup of the IP on several IP sites and found the same information. That the IP originated in China, in various cities. I will need to call Netgear themselves, because I have even changed the router’s IP (not the external, I mean internal) as well as adjusting the internal network device IP’s. I am still getting logins. If anyone has any ideas, please let me know. I will post any follow up info. Thanks!!
Change all passwords on the device. Get the device off the public network until you need it online for your use.
I would take your router offline for a day or so if you can…You didn’t say if you have a static or dynamic address. If static, call your ISP and get a new one. If dynamic, you should be getting a new address periodically. When this occurs, are the “logins” still occurring?