topic Firewall Log Entry in Security

Firewall Log Entry

CotswoldColin — Tue, 23 Jan 2024 21:16:47 GMT

I have a Huawei DG8041W b/band router which to be fair has been well behaved and reliable over the 4yrs or so since installation. I was looking through the various menus and found the following in the Firewall log which looked a bit weird to me as the src IP resolves to Kazakstan!!. The dest IP seems to be within the TalkTalk range though not mine now - though guess there's dynamic allocation so may have been back in June 2020. I've had the router since April 2020

2020-06-05 12:26:56 [Notice] IN=ppp257 OUT=LocalNetwork Direction=Public->Private Action=Permit src=185.176.27.30 DST=79.76.80.166 PROTO=TCP SPT=51681 DPT=17281

Questions are: a) am i paranoid or is this weird? b) how can i check if this route is still enabled (I have nmap'd myself and neither port is open though guess they mightn't be).

I work in IT though mainly management these days so some of my skills have waned though still understand (most of) the theory so people don't need to dumb down any responses.

thanks

Re: Firewall Log Entry

KeithFrench — Tue, 23 Jan 2024 21:54:54 GMT

Do you have anything on any of your devices that are using TCP port 17281? Is UPnP enabled on your DG8041W, this may be a temp port forwarding rule that has been added by UPnP, if enabled.

Re: Firewall Log Entry

CotswoldColin — Tue, 23 Jan 2024 22:03:57 GMT

hi, thanks for replying so quick. Yes good point, I did buy a cheapy (Sannce) CCTV system which includes an internet connected DVR which I (think) I setup during the initial lockdown period so could well tally with the June '20 date. I created a separate VLAN on the router to segment it from the rest of my home network as not sure I trust it given what you read on the net about such things. I did setup remote monitoring of the CCTV from my smartphone so guess the DVR/control unit 'punched' out to the net to setup the firewall rule though I'd have thought other devices over the years would have done similar though that's the only line in log? I will do some investigations and setup the DVR back on the wifi to see if another rule is created now that I'm on different IP as it's been offline for a while

Thanks again,

Re: Firewall Log Entry

KeithFrench — Tue, 23 Jan 2024 22:17:30 GMT

I would disable UPnP anyway as it is highly insecure & stick with port forwarding. However, if that was the last entry back in June 2020, I would think that there is nothing to worry about.

Re: Firewall Log Entry

CotswoldColin — Wed, 24 Jan 2024 19:53:34 GMT

Hi Again,

Thanks for the advice. It sounds like a prudent step to implement.

Cheers,