I have been locking down my home network due to a large increase in DDOS and hacking attempts. I have a Netgear WNDR3400 v1 router and I have been studying the logs over the past weeks, remotely. We live in Italy and our Slingbox is back home in FL so we can get our fix of good Ole American TV.
Anyway, recently the logs have shown
[LAN Access by remote] outsideIP- n.n.n.n:<random non standard port> to 192.168.n.n:2678.
These successful accesses seemed to come from all over; US, China, Spain, Czeck, Rus, UK, and more. The whois I ran for the ones I looked up said they resolved to foriegn locations but I know that IP's can be spoofed. I wasn't going to waist time trying to track anyone down I just wanted it all to stop. Apparently, 2678 is a port used often by bit torrent ptp comms which relies on UPnP (Universal Plug and Play - nonauthenticated access to some services). My router had UPnP on by default so I disabled that feature and sure enough all the traffic stopped. Now my logs show many of those same sites getting something like the following:
[Service blocked: ICMP_echo_req] from source 188.8.131.52, Wednesday, Jul 25,2012 11:53:30
Except for one pesky connection that seems to get through. It reads:
[LAN access from remote] from 184.108.40.206:43316 to 192.168.n.n:5001 Wednesday, Jul 25,2012 03:27:31
As you may know port 5001 is used by Slingbox to service request for video feeds and of course we require that port for our viewing. This access has been in my router log for a few days now and it has me worried. The IP resolves to Broomfield CO. (near Denver) and seems to be a company called Level3 Communications. I have sent them an email to report this but no response yet. Again, it could be spoofed. Is this an access to my video stream or just an attempt? It seems that they would still have to authenticate with Sling media, right?
I want to get rid of this access but I can't block IPs on the router. So I was wondering if I were able to identify another port of my choosing to replace 5000-5001 would that be enough to get rid of this access? Can it be done? Can I assign another port in the setup process and then setup a forwarded port assignment in the router so we could bypass the standard, and well known, port assignment for Slingbox?
If anyone has any other solutions or comments please send them on.