Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I have an Actiontec V1000H router/modem. I have been having virus issues recentl

ID: 661341 • Letter: I

Question

I have an Actiontec V1000H router/modem. I have been having virus issues recently so I done a factory reset on all but 1 of the computers on the network. I went to add in a Port Forwarding exception so my son can run a Minecraft server, and the port forwarding rules list had about 50 entries on there. I know in the past when I went in there, there were no rules, but all of a sudden there are something like 50. So I did a factory reset on the router. Within 1 hour, new rules were already added, and less than 24 hrs later there is at least 50 open ports (or ranges of ports). Should this be happening? It seems every device on the network is adding rules to the list. Is this because the virus I had is still coming from the one system that wasn't wiped? It's really wierd though because even my son's IPOD, and my wifes Android phone have added open ports. Should I be concerned? Is there anything you can suggest that would stop this? Please advise. Thanks.

Explanation / Answer

As it suggested above, it really sounds like it is UPnP.

If you are parano or believe this might be a security threat, you can consider the following : Someone got admin privileges to change the settings of your router. Exploit-db, security focus, and some other website might reveal an exploit for this router. Try not to leave a insecure protocol enabled if you make no use of it (telnet/ftp/old version of ssh).

For instance someone coud try to exploit / brute force / or dictionary attack a telnet access to your router to gain control.

To fix this, as the previous posts suggest :

Make sure the firmware is up to date

Disable UPnP

change and choose a truly RANDOM and secure(long/digits/upper,lower/SpecChar) password for the router admin

If you notice the issue remains... Try an other router (same story, new, up to date, and secure). Monitoring the traffic and looking at debug/verbose network logs might help you identify what is going on. Setting up a nids can help too but............... I thing this is just UPnP, I dunno why I wrote such a long post.

Related Questions

I have already answered these Computer Networking questions. I just wanted to co
Question #668000
I have already answered these Computer Networking questions. I just wanted to co
Question #668001
I have already answered these Computer Networking questions. I just wanted to co
Question #668002
I have already answered these Computer Networking questions. I just wanted to co
Question #668003
I have already answered these Computer Networking questions. I just wanted to co
Question #668004
I have already asked this question on Chegg but I am reasking to get another opt
Question #3745791
I have already asked this question previously and the answer was incorrect and m
Question #2791386
I have already asked this question, and got a result for part A, so you can skip
Question #1493357
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I have an ASUS RT-AC68U router and would like to set up port forwarding, but I w
Next
I have an Economics test tomorrow and my teacher didn\'t give us the answers to

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.