Security issues on my network via my Netgear router?

Below is a log excerpt from my Netgear WNDR3700v3 router.

Some of the ports referenced are in the router's port forwarding table, and there is a piece of Internet-accessible hardware at the address 192.168.0.10.

I don't want to jump to the wrong conclusion, so what can I conclude from the following log excerpt?:
----
[LAN access from remote] from 186.18.xxx.xxx:44294 to 192.168.0.10:23 Wednesday, Feb 25,2015 12:29:23
[LAN access from remote] from 120.14.xxx.xxx:62530 to 192.168.0.10:23 Wednesday, Feb 25,2015 11:38:09
[LAN access from remote] from 76.236.xxx.xxx:60773 to 192.168.0.10:23 Wednesday, Feb 25,2015 11:10:54
[LAN access from remote] from 95.67.xxx.xxx:3313 to 192.168.0.10:23 Wednesday, Feb 25,2015 11:04:07
[LAN access from remote] from 189.170.xxx.xxx:44900 to 192.168.0.10:23 Wednesday, Feb 25,2015 10:51:16
[LAN access from remote] from 187.171.xxx.xxx:41781 to 192.168.0.10:23 Wednesday, Feb 25,2015 10:00:09
[LAN access from remote] from 95.7.xxx.xxx:45542 to 192.168.0.10:23 Wednesday, Feb 25,2015 09:52:25
[LAN access from remote] from 59.95.xxx.xxx:42389 to 192.168.0.10:23 Wednesday, Feb 25,2015 09:27:41
[LAN access from remote] from 112.210.xxx.xxx:34480 to 192.168.0.10:23 Wednesday, Feb 25,2015 08:39:49
[LAN access from remote] from 88.250.xxx.xxx:59151 to 192.168.0.10:23 Wednesday, Feb 25,2015 08:21:27
[LAN access from remote] from 182.246.xxx.xxx:38163 to 192.168.0.10:23 Wednesday, Feb 25,2015 08:20:12
----
LVL 1
DaveWWWAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi,

If you have port forwarding configured to the host 192.168.0.10 it's normal to see such logs since you autorize access from Internet to this internal host!!

All the logs shows Telnet access to the 192.168.0.10, if you want to block the Telnet and allow only desired port, double check the port forwarding and firewall rules.

Regards.

Salah
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DaveWWWAuthor Commented:
But are the Internet IP address in the log actual attempts to reach 192.168.0.10? For what it's worth, the piece of hardware was not turned on at the time of access.  That's one of the things that confuses me.
0
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
How not turned on????
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

DaveWWWAuthor Commented:
The piece of hardware is an equipment monitoring system.  The technician that looks after that system had been in several days earlier for maintenance and had turned off the system completely. The system has not yet been turned on.  

At the time of these "LAN access" entries, 192.168.0.10 was not alive on the LAN at all.  From the LAN side, a ping to 192.168.0.10 is not returned (as it is when the system is on).
0
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi,

Have you check if there is any conflict in the port forwarding configuration? or any static NAT appliyed to this IP??

Regards.

Salah
0
DaveWWWAuthor Commented:
Thanks Salah,

No, but I did a test I should have done in the first place: I attempted to access the router's Internet IP via telnet on the forwarded ports from my office PC which is remote. Since there was no hardware at 192.168.0.10, it of course failed, but the log did show "LAN access" to that IP from my IP. So it looks like the log entry should really say "LAN access attempted" since I didn't really get anywhere.
0
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi,

Maybe this is only attempt log, I don't know from where you copied the log!! is it from successful established connecion log or attempted log?

The first read of the log is that an connection was established since there no attempt mention!.

Best Regards.

Salah
0
DaveWWWAuthor Commented:
Agreed, but I have confirmed there is no hardware on the LAN with an ip of 192.168.0.10. It's in the port forwarding table, but the hardware is not presently there.
0
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi Dave,

Maybe this is a dev mistake of how to display the logs, maybe the router constructor need to correct the display to mean attempt instead of access.

Regards.

Salah
0
DaveWWWAuthor Commented:
It turns out that the log shows LAN access when in fact the router has just recorded the traffic through the port, whether there is a receiving device (computer etc.) at the LAN IP address or not.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.