Security issues on my network via my Netgear router?

Below is a log excerpt from my Netgear WNDR3700v3 router.

Some of the ports referenced are in the router's port forwarding table, and there is a piece of Internet-accessible hardware at the address 192.168.0.10.

I don't want to jump to the wrong conclusion, so what can I conclude from the following log excerpt?:
----
[LAN access from remote] from 186.18.xxx.xxx:44294 to 192.168.0.10:23 Wednesday, Feb 25,2015 12:29:23
[LAN access from remote] from 120.14.xxx.xxx:62530 to 192.168.0.10:23 Wednesday, Feb 25,2015 11:38:09
[LAN access from remote] from 76.236.xxx.xxx:60773 to 192.168.0.10:23 Wednesday, Feb 25,2015 11:10:54
[LAN access from remote] from 95.67.xxx.xxx:3313 to 192.168.0.10:23 Wednesday, Feb 25,2015 11:04:07
[LAN access from remote] from 189.170.xxx.xxx:44900 to 192.168.0.10:23 Wednesday, Feb 25,2015 10:51:16
[LAN access from remote] from 187.171.xxx.xxx:41781 to 192.168.0.10:23 Wednesday, Feb 25,2015 10:00:09
[LAN access from remote] from 95.7.xxx.xxx:45542 to 192.168.0.10:23 Wednesday, Feb 25,2015 09:52:25
[LAN access from remote] from 59.95.xxx.xxx:42389 to 192.168.0.10:23 Wednesday, Feb 25,2015 09:27:41
[LAN access from remote] from 112.210.xxx.xxx:34480 to 192.168.0.10:23 Wednesday, Feb 25,2015 08:39:49
[LAN access from remote] from 88.250.xxx.xxx:59151 to 192.168.0.10:23 Wednesday, Feb 25,2015 08:21:27
[LAN access from remote] from 182.246.xxx.xxx:38163 to 192.168.0.10:23 Wednesday, Feb 25,2015 08:20:12
----
LVL 1
DaveWWWAsked:
Who is Participating?
 
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi,

If you have port forwarding configured to the host 192.168.0.10 it's normal to see such logs since you autorize access from Internet to this internal host!!

All the logs shows Telnet access to the 192.168.0.10, if you want to block the Telnet and allow only desired port, double check the port forwarding and firewall rules.

Regards.

Salah
0
 
DaveWWWAuthor Commented:
But are the Internet IP address in the log actual attempts to reach 192.168.0.10? For what it's worth, the piece of hardware was not turned on at the time of access.  That's one of the things that confuses me.
0
 
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
How not turned on????
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
DaveWWWAuthor Commented:
The piece of hardware is an equipment monitoring system.  The technician that looks after that system had been in several days earlier for maintenance and had turned off the system completely. The system has not yet been turned on.  

At the time of these "LAN access" entries, 192.168.0.10 was not alive on the LAN at all.  From the LAN side, a ping to 192.168.0.10 is not returned (as it is when the system is on).
0
 
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi,

Have you check if there is any conflict in the port forwarding configuration? or any static NAT appliyed to this IP??

Regards.

Salah
0
 
DaveWWWAuthor Commented:
Thanks Salah,

No, but I did a test I should have done in the first place: I attempted to access the router's Internet IP via telnet on the forwarded ports from my office PC which is remote. Since there was no hardware at 192.168.0.10, it of course failed, but the log did show "LAN access" to that IP from my IP. So it looks like the log entry should really say "LAN access attempted" since I didn't really get anywhere.
0
 
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi,

Maybe this is only attempt log, I don't know from where you copied the log!! is it from successful established connecion log or attempted log?

The first read of the log is that an connection was established since there no attempt mention!.

Best Regards.

Salah
0
 
DaveWWWAuthor Commented:
Agreed, but I have confirmed there is no hardware on the LAN with an ip of 192.168.0.10. It's in the port forwarding table, but the hardware is not presently there.
0
 
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi Dave,

Maybe this is a dev mistake of how to display the logs, maybe the router constructor need to correct the display to mean attempt instead of access.

Regards.

Salah
0
 
DaveWWWAuthor Commented:
It turns out that the log shows LAN access when in fact the router has just recorded the traffic through the port, whether there is a receiving device (computer etc.) at the LAN IP address or not.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.