I've got an ASUS RT-AC3100 wifi router, latest firmware release. It is not configured for any type of port forwarding.
However I'm sometimes seeing packets originating from outside reaching machines inside the protected network on the wired-LAN side. Specifically, I'm seeing them caught in UFW on my workstations. I'm seeing UFW BLOCKED notices, with the MAC address of the machine and the router's LAN, with a source IP address from the public internet and a destination port of 443 (https). The outside IP's are live.
It isn't many, just a few every now and then. But there shouldn't be any, at all, period.
The router's log is always full of blocked attempts from all over the public internet on a continual basis. So, I know it is up and working.
I'm certain that no form of port-forwarding is configured on the router. I know this because I have occasionally setup access for remote ssh tunneling from specific IP addresses from outside. But none of that is configured now.
This is disturbing, as like I said, should be none.
I've done repeated portscans of my IP address with no open ports found on the public side at all.
It would appear the router has a software bug that occasionally allows packets from outside to reach inside machines.
Not sure how to further troubleshoot this.
Options?
Competely reset the wifi/router to factory, reload the latest firmware and reconfigure?
Toss it in the trash and buy something else? (recommendations?)
However I'm sometimes seeing packets originating from outside reaching machines inside the protected network on the wired-LAN side. Specifically, I'm seeing them caught in UFW on my workstations. I'm seeing UFW BLOCKED notices, with the MAC address of the machine and the router's LAN, with a source IP address from the public internet and a destination port of 443 (https). The outside IP's are live.
It isn't many, just a few every now and then. But there shouldn't be any, at all, period.
The router's log is always full of blocked attempts from all over the public internet on a continual basis. So, I know it is up and working.
I'm certain that no form of port-forwarding is configured on the router. I know this because I have occasionally setup access for remote ssh tunneling from specific IP addresses from outside. But none of that is configured now.
This is disturbing, as like I said, should be none.
I've done repeated portscans of my IP address with no open ports found on the public side at all.
It would appear the router has a software bug that occasionally allows packets from outside to reach inside machines.
Not sure how to further troubleshoot this.
Options?
Competely reset the wifi/router to factory, reload the latest firmware and reconfigure?
Toss it in the trash and buy something else? (recommendations?)
