We use cookies on our site to give you the best experience.
Accept
Reject
Manage your cookies
Skip to content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Online security

Get answers and information about our security products.

Firewall Log Entry

CotswoldColin
First Timer
Private Message TalkTalk

on ‎23-01-2024 09:16 PM

Message 5 of 5

I have a Huawei DG8041W b/band router which to be fair has been well behaved and reliable over the 4yrs or so since installation. I was looking through the various menus and found the following in the Firewall log which looked a bit weird to me as the src IP resolves to Kazakstan!!. The dest IP seems to be within the TalkTalk range though not mine now - though guess there's dynamic allocation so may have been back in June 2020. I've had the router since April 2020

 

2020-06-05 12:26:56 [Notice] IN=ppp257 OUT=LocalNetwork Direction=Public->Private Action=Permit src=185.176.27.30 DST=79.76.80.166 PROTO=TCP SPT=51681 DPT=17281

 

Questions are: a) am i paranoid or is this weird? b) how can i check if this route is still enabled (I have nmap'd myself and neither port is open though guess they mightn't be).

I work in IT though mainly management these days so some of my skills have waned though still understand (most of) the theory so people don't need to dumb down any responses.

 

thanks 

Labels:
0 Likes
4 REPLIES 4

CotswoldColin
First Timer
Private Message TalkTalk
In response to KeithFrench

on ‎24-01-2024 07:53 PM

Message 1 of 5

Hi Again,

      Thanks for the advice. It sounds like a prudent step to implement.

Cheers,

 

0 Likes

KeithFrench
Community Star
Private Message TalkTalk

on ‎23-01-2024 10:17 PM

Message 2 of 5

I would disable UPnP anyway as it is highly insecure & stick with port forwarding. However, if that was the last entry back in June 2020, I would think that there is nothing to worry about.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

CotswoldColin
First Timer
Private Message TalkTalk

on ‎23-01-2024 10:03 PM

Message 3 of 5

hi, thanks for replying so quick. Yes good point, I did buy a cheapy (Sannce) CCTV system which includes an internet connected DVR which I (think) I setup during the initial lockdown period so could well tally with the June '20 date. I created a separate VLAN on the router to segment it from the rest of my home network as not sure I trust it given what you read on the net about such things. I did setup remote monitoring of the CCTV from my smartphone so guess the DVR/control unit 'punched' out to the net to setup the firewall rule though I'd have thought other devices over the years would have done similar though that's the only line in log? I will do some investigations and setup the DVR back on the wifi to see if another rule is created now that I'm on different  IP as it's been offline for a while

Thanks again,

0 Likes

KeithFrench
Community Star
Private Message TalkTalk

on ‎23-01-2024 09:54 PM

Message 4 of 5

Do you have anything on any of your devices that are using TCP port 17281? Is UPnP enabled on your DG8041W, this may be a temp port forwarding rule that has been added by UPnP, if enabled.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes
© TalkTalk 2024