Unauthorized Remote Lan Login on Netgear Router on Comcast

15 pts.
Tags:
Comcast
LAN Security
Netgear router
Security
Wan security
I have been searching for an answer all over the place and hope someone can help me. I even called comcast, but they had no suggestions beyond those I have already tried. I have WPA/TKIP security on my network, Norton, Windows defender, Spybot, and a few other security programs. I am running Windows XP. I have a netgear G/N router. I have allowed LAN access limited to only the MAC addresses of my current computers in the house. I am NOT allowing remote login at all, though this Chinese IP keeps logging in remotely to my router every few minutes. It originates in Bejing and some other cities. I have firewalls from comcast and the router firewall configured. None of the security programs I have run come up with any indication of intusion. But I am concerned - I don't care if their government is watching me or something crazy - I am only concerned because I do online banking and such and no one should be logging into this router except me from the one designated computer. The only other setting that I can't seem to change is the Port Forwarding setting. It is running through a service called Age-of-Empire. We don't play any on-line games associated with this. I have added some service rules - like going through FTP on a specific port and such. I cannot seem to change the default or remove the age of empire service. Could that be the problem? Also, it is logging into the default access of the router. 192.168.100.1 . It logs in on different ports all the time, so I can't just block access to one port. Can I change the default router address? How do I block/stop this? I am obviously very uncomfortable with this situation, and if anyone has any insight, please share. Thank you!

Answer Wiki

Thanks. We'll let you know when a new response is added.

Can you be sure that the logins are successful? It could be that this remote system is just scanning yours and/or running a continuous script to cause denial-of-service or something. One main suggestion is to ensure that you have the latest firmware on your Netgear. You might actually have to blow away the configuration on the router and start from scratch (with your ISP’s assistance of course). This will allow you to start with a clean build since it sounds like the current build/config is suspect. Have you tried asking this question on a Netgear forum or contacting Netgear support?

+++++++++++++++++++++++++++++++++++++++++++++++

You should be able to manually configure your router’s IP address. That can be done through the webinterface of the router.

May I ask how you determined the IP was Chinese?

Netgear Router Security Help

Hope this helps!

-Schmidtw

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Citykat
    Yes I am surev that they are logging in. I don't have an example of a particular id incident because I am on my laptop right now. But I did a reverse lookup of the IP on several IP sites and found the same information. That the IP originated in China, in various cities. I will need to call Netgear themselves, because I have even changed the router's IP (not the external, I mean internal) as well as adjusting the internal network device IP's. I am still getting logins. If anyone has any ideas, please let me know. I will post any follow up info. Thanks!!
    15 pointsBadges:
    report
  • Labnuke99
    Change all passwords on the device. Get the device off the public network until you need it online for your use.
    32,960 pointsBadges:
    report
  • Kevin Beaver
    I would take your router offline for a day or so if you can...You didn't say if you have a static or dynamic address. If static, call your ISP and get a new one. If dynamic, you should be getting a new address periodically. When this occurs, are the "logins" still occurring?
    17,740 pointsBadges:
    report
  • scotts37
    I have been seeing the same thing on my router.  Almost daily, and sometimes multiple times per day.
    [LAN access from remote] from 174.55.204.119:3074 to 192.168.1.4:3074, Tuesday, January 14,2014 17:26:49   Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}   
    Th IP address goes back to Comast in Penn.  I have also had hits coming from Comcast in NH, and NJ.  Not always is the endpoint LAN IP the same.
    It's looking like Comcast is taking liberties as much as the NSA these days.
    10 pointsBadges:
    report
  • TomLiotta

    So far, we don't see any evidence of "logging in" in the original question nor in later comments. Connection attempts are going to happen everywhere in an almost constant stream. That's just the way things are.

    And if Comcast IPs are seen on a Comcast network, they should actually be expected.

    Port 3074 could also be reasonable, whether it comes from a different Comcast IP address or any other address. A major example of port 3074 usage is for the Xbox Live service.

    It's also used for the OPSEC-OMI service which is a Check Point central policy database interface. Conceivably, someone could use an automated tool to attempt connections to see if any device or network info can be pulled through it, but it's not likely to be a successful connection.

    In general, looking at home router logs and seeing remote connection attempts is a waste of time. You'll never stop doing it, and nothing of value will be found. Only when evidence exists that actual successful connections have been made will any logs of incoming connection requests be useful. And then they'll probably only be useful to authorities investigating specific criminal complaints, which might be a "one in a million" kind of case for a home router.

    The attempts can't be stopped. And there's essentially no reason to be concerned about them as long as standard firewall and other safe practices are followed.

    Tom

    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following