Around 45-50 TCP ports in the range 10000-10241 are being forwarded onto one of my internal machines despite the router having recently been reset to factory defaults.

The only config changes that I've made are the ones needed to get it working (i.e. username/password etc.).

Does anybody know why these ports are being forwarded, or how to stop the forwarding?

TIA

Steve

*bump*

Anyone?

Steve

Originally posted by steveda
Around 45-50 TCP ports in the range 10000-10241 are being forwarded onto one of my internal machines despite the router having recently been reset to factory defaults.

The only config changes that I've made are the ones needed to get it working (i.e. username/password etc.).

Does anybody know why these ports are being forwarded, or how to stop the forwarding?


So these ports are being listed via the nat inbound list command?

Originally posted by Steve


So these ports are being listed via the nat inbound list command?

No, the only port listed in the output from that command is tcp port 22 that I've added. None of the other ports are listed.

I've uploaded the complete list of ports (http://www.haagen-dazs.org/nmap-home-adsl.txt).

The unwanted ports are currently 'filtered', as the personal firewall on the system that traffic is being directed to is dropping the unwanted traffic.

Please let me know if you need any further information (packet captures etc.) to look into this.

TIA

Steve

Originally posted by steveda


No, the only port listed in the output from that command is tcp port 22 that I've added. None of the other ports are listed.

I've uploaded the complete list of ports (http://www.haagen-dazs.org/nmap-home-adsl.txt).

The unwanted ports are currently 'filtered', as the personal firewall on the system that traffic is being directed to is dropping the unwanted traffic.

Please let me know if you need any further information (packet captures etc.) to look into this.

TIA

Steve

Nobody else is saying this so I'm wondering if it's something at your end. Does you personal firewall tell you IP address from where the packets are coming from? Are they actually coming from the router?

Originally posted by Steve
Nobody else is saying this so I'm wondering if it's something at your end. Does you personal firewall tell you IP address from where the packets are coming from? Are they actually coming from the router?

The source IP address is that of the system doing the port scanning (outside of my network).

I was messing around with the configuration of the router just after I bought it, and didn't know if this was related, so I reset the router to its factory defaults before re-configuring it for my setup (the only things that I've changed are the user details, and adding port 22 inbound)

Maybe nobody else is noticing this, as they're not so paranoid as I am? ;)

To be honest, I'm not overly concerned about it as I've finally finished re-setting my network up, and now have a separate firewall directly behind the router in addition to local packet filtering, but I feel that its something people should be aware of, as it provides an easy route for somebody to get onto an internal network from the internet.

Steve