12
« on: 2016-02-21, 17:23:22 »
Thank you for taking the time to explain the issues. The problem has gone away for now but note from anything I did, however for peace of mind I need to understand what caused it.
The scanning was coming from outside the IPs were varied as shown in the part of the log shown here:
[LAN access from remote] from 81.214.121.40:39262 to 192.168.1.170:53413, Friday, Feb 19,2016 07:16:19
[LAN access from remote] from 68.58.52.149:29680 to 192.168.1.170:12553, Friday, Feb 19,2016 07:15:37
[LAN access from remote] from 74.105.89.93:18244 to 192.168.1.170:12553, Friday, Feb 19,2016 07:13:41
[LAN access from remote] from 159.203.12.173:1612 to 192.168.1.170:22, Friday, Feb 19,2016 07:11:29
[LAN access from remote] from 82.79.50.44:53 to 192.168.1.170:42468, Friday, Feb 19,2016 07:10:51
[LAN access from remote] from 85.25.200.110:61651 to 192.168.1.170:5038, Friday, Feb 19,2016 07:09:49
[LAN access from remote] from 208.54.4.192:48611 to 192.168.1.170:53502, Friday, Feb 19,2016 07:09:34
[LAN access from remote] from 151.236.63.50:25870 to 192.168.1.170:22, Friday, Feb 19,2016 07:08:58
[LAN access from remote] from 125.64.94.200:37093 to 192.168.1.170:8000, Friday, Feb 19,2016 07:08:15
[LAN access from remote] from 185.130.5.201:47514 to 192.168.1.170:53413, Friday, Feb 19,2016 07:04:37
[LAN access from remote] from 185.40.4.185:59222 to 192.168.1.170:8484, Friday, Feb 19,2016 07:03:59
[LAN access from remote] from 50.108.24.59:29338 to 192.168.1.170:12553, Friday, Feb 19,2016 07:03:09
[LAN access from remote] from 74.105.89.93:18244 to 192.168.1.170:12553, Friday, Feb 19,2016 07:01:20
I did have DMZ enabled. I had changed the local network number so 170 is not used locally anymore, it does not show up on the router other than in the logs.
When I looked at the log this morning there were some records with 170 in it which appears to be an Asian pacific registered addresses one is Thailand.
[LAN access from remote] from 140.205.81.52:53 to 192.168.1.170:13221, Sunday, Feb 21,2016 06:54:20
[LAN access from remote] from 140.205.81.52:53 to 192.168.1.170:13221, Sunday, Feb 21,2016 06:39:02
[LAN access from remote] from 180.183.36.210:65348 to 192.168.1.170:53930, Sunday, Feb 21,2016 06:32:58
[LAN access from remote] from 180.183.36.210:43071 to 192.168.1.170:53930, Sunday, Feb 21,2016 06:32:57
Other than these the log is mostly composed of local references.
I have made disconnections of the modem but the external IP has not changed. I contacted the ISP provider COX and they remotely reset the modem, but this did not change the external IP and they tell me they cannot change the external IP!
It appears to me that because the 170 address was port forwarded some scanner picked up on this and it has been distributed by some organization.
The router I have is a relatively high end consumer device but I don think it has the ability to deal with this problem.
73 Brian KF6C.