AMG1001-T10A NAT problem
Didier
Posts: 2 Freshman Member
Hi,
My home network is behind an AMG1001-T10A ADSL router and on my only desktop computer connected at
that time, I saw a connexion attempt which was blocked by my firewall:
16:20:58.878937 rule 0/0(match): block in on rl0: 125.64.94.208.57033 > 192.168.1.10.13215: UDP, length 0
16:20:58.878947 rule 0/0(match): block in on rl0: 125.64.94.208.57033 > 192.168.1.10.13215: UDP, length 0
16:20:58.879914 rule 0/0(match): block in on rl0: 125.64.94.208.57033 > 192.168.1.10.13215: UDP, length 0
The AMG1001 NAT router is redirecting only tcp ports 7547,80,443 to my desktop computer (192.168.1.10),
so I am surprised to see an attempt to connect to port 13215 which is normally not redirected.
This public IP 125.64.94.208 is from China and has been reported for scanning: https://www.abuseipdb.com/check/125.64.94.208
Do you think my router has been hacked ?
#CPE_January
My home network is behind an AMG1001-T10A ADSL router and on my only desktop computer connected at
that time, I saw a connexion attempt which was blocked by my firewall:
16:20:58.878937 rule 0/0(match): block in on rl0: 125.64.94.208.57033 > 192.168.1.10.13215: UDP, length 0
16:20:58.878947 rule 0/0(match): block in on rl0: 125.64.94.208.57033 > 192.168.1.10.13215: UDP, length 0
16:20:58.879914 rule 0/0(match): block in on rl0: 125.64.94.208.57033 > 192.168.1.10.13215: UDP, length 0
The AMG1001 NAT router is redirecting only tcp ports 7547,80,443 to my desktop computer (192.168.1.10),
so I am surprised to see an attempt to connect to port 13215 which is normally not redirected.
This public IP 125.64.94.208 is from China and has been reported for scanning: https://www.abuseipdb.com/check/125.64.94.208
Do you think my router has been hacked ?
#CPE_January
0
All Replies
-
Hi.
It looks like the router blocked these traffic, based on current information, there is no clear clue shown your router has been hacked.
However, it would be highly recommend that you could check if there is any unusual settings in your router and also change the password for it.
0 -
Thank You Ansa for your reply,
I didn't left the default password and changed it for a strong password. All settings are Ok and I redirected port 7547 because this port is seen by default from the Internet. This router is not secured by defaut, so I changed ACL to disable access from WAN.
I am a bit worried about this router because it seems there is no more firmware updates.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 251 USG FLEX H Series
- 270 Security Ideas
- 1.4K Switch
- 72 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight