Review of my home broadband router logs (suspicious activity?)

I figured out a way to verify the time zone, and that's to watch the log for a new event, or to create a new event, like by trying to send an email (since I have all 5 kinds of events checked now).

So I did that a couple hours ago and the time that showed in the log was 7 minutes later than the current time!

I went out for a couple hours and when I tried it just now, the time the log showed was 11 minutes later than the current time.

Put that in your pipe and smoke it.

How do you know which one was right?

This is the current time...

The current time was my computer which has maybe never been wrong, but I checked it with my atomic clock, satellite clock whatever it is.

So, how was it 7 minutes later in the log than in reality? Later meaning it had not yet reached that time.

And why did that change to 11 minutes?

I suspect he'll tell you first ...

If you are that worried about it, why not put the Playstation in your DMZ and firewall everything else reaching your LAN? Your kid would get better gameplay that way.

--
Adrian C

Some one is connceting to one of your device connected. (192.168.1.5 what is this in your family?) using port 9000. You can trace route the other ip address to see what or who this belongs to. Trace route is a DOS command.

Seems to me, that's a lousy tradeoff.

1. You turn off SSID broadcast at home, but that doesn't deter anyone who knows what he's doing (since your laptop & phone has to broadcast your hidden SSID to the router, since the router isn't broadcasting the SSID to the laptop & phone).
2. And, since your laptop or phone doesn't know when it's at home or at a local hotspot, your laptop and phone end up broadcasting your SSID to the whole world when you're away from home.

Seems to me, that's a lousy tradeoff.

It's not privacy. It's just stupidity.

Or ignorance.

The 192.168.1.5 IP address belonged to the Sony Playstation. So, for some reason, the port 9000 was being used.

What does this mean though? Is this correct?

Assuming my static public IP address was 1.2.3.4, does this mean that someone, on the Internet, was going to 1.2.3.4:9000, which, somehow (via magic of upnp?) hit my router and then the router "port forwarded" it to the Sony Playstation at

192.168.1.5 at port 9000?

I've heard the word "DMZ" for years, but I really don't know what it is. So, AFAIK, I don't even *have* a DMZ.

My router is set up like most home routers, which is to say the only thing that is not default is the SSID login/password and admin login/password.

Hiding SSID increases security? Wrong. Not much really. Modem/router combo is always worse than separate router. Put the supplied modem in bridge mode and use your own router. If you can't or ISP won't put in to bridge mode for you , there is another way using DMZ in your modem. I have only DOCIS III cable modem, my router at present is Linksys EA8500 which never went down since I first boot in summer time. Very stable router.

I think we're sort of saying the same thing, but, I don't know if we agree on the broadcast details.

We both agree that telling your ROUTER not to broadcast the SSID is a false security measure.

But, fact is, you *must* broadcast your SSID somehow.

a. So, either the router broadcasts your SSID. b. Or your mobile device broadcasts your SSID.

Here's how I understand it to work:

1. Let's assume your SSID is "DonY".
2. Let's assume you told your router *not* to broadcast your SSID.
3. Guess what happens when you boot your laptop? a. Your laptop shouts out "Hey DonY, are you there?" b. Your router answers "Yes. I am here. I was being quiet". c. Your laptop connects to your router by that so-called hidden SSID.

Now, guess what your cellphone does? HINT: Same thing.

So, guess what happens when you boot your laptop at a starbucks? HINT: Your laptop shouts out "Hey DonY, are you here?"

So, in effect, an SSID that is not being broadcast *by your router* at home, is broadcast *by your laptop* both at home, and at Starbucks.

If I'm wrong - someone will explain where - but that's how I understand it.

a. Either the router broadcasts the SSID, b. Or the device does.

Lots of Googling. Practice makes perfection. Port can be open or closed. When you close a port, something may not work because some ports are used ad default for certain things. ip address is just like unique address, port is like a gate. Even if you are knocking on the right address, if gate is not open, you can't get in(or communicate) Sounds like you are just using the router with default settings. Do you use ad blocker, pop up blocker, etc. on your browser or router?You use W10?

Well, out of the box is not going to do what you want.

However the WNDR3400v2 does support DMZ configuration. There's loads of netgear, web site and youtube resources to help you do this.

But you must worry about other things. Are you sure letting a child play some of these (mostly violent) video games is a sensible introduction to becoming an adult?

--
Adrian C

DMZ = "De-Militarized Zone" it is the name given to a port on your router that can be configured to be completely OPEN to the internet, no firewall, no port blocking, nothing. This may be advantageous for someone running a particular type of server on their home network - an FTP server or Web Server or something that they want to expose to the internet so that it can be accessed from the outside. In such configurations that device usually will have a software type firewall installed to prevent hackers from gaining access.

Most routers I have seen include this feature and it has is uses, but it must be used with extreme caution!

S Sinzig.

Okay, I understand that explanation. Now please tell me how my iPad or laptop broadcasting my home SSID willy nilly at the Starbucks or the passenger terminal at SFO or PHX is going to compromise my home network?

Not saying it couldn't be done but... Talk about freakin' remote...

I don't bother to hide my SSID at home. Anyone who cares to clone a MAC address to by-pass the MAC filter and decrypt a 26 alpha-numeric pass phrase can have it. Good luck with that

In short, yes. Your game console or computer or whatever needs to "talk" to another computer on the internet, in this case is uses Port

9000. The router opens Port 9000 and the packets get through to that other computer out there on the internet. To reply, that other computer only knows your static public IP, ie. "1.2.3.4" and sends its packets back to you at that IP on the same port, 9000. Your router receives these packets, and does NAT (Network address translation) translating the packets from 1.2.3.4:9000 (Your public IP) to 192.168.1.5:9000 your private home network IP and sending them there. This happens all time when you are accessing the web, either through HTTP, FTP, SSL, whatever. They all use their own specific ports, (ie HTTP is usually port 80, FTP 20 or 21, etc.)

S Sinzig.

[snip]

Not much, but not none either. Consider that most people won't know there's a network there.

I've never had a combination, but agree that it would be less secure.

I had DOCSIS II until June, when my ISP increased the speed to 50Mbps which is too fast for a single channel so I had to get a new modem. I needed a new router too, but that (thankfully) was a completely separate thing.

--
Currently: happy holidays (Friday December 25, 2015 12:00:00 AM for 1 
day). 

Mark Lloyd 
http://notstupid.us/ 

"The dogma of the divinity of Jesus should have died on the cross, when 
the man of Nazareth gave up the ghost." [Lemuel K. Washburn, _Is The 
Bible Worth Reading And Other Essays_]

[snip]

If your router is broadcasting the SSID, EVERY wireless device in range will receive it and most will show it to the user.

Compare this to what happens when your device is broadcasting it. Will others even see that?

--
Currently: happy holidays (Friday December 25, 2015 12:00:00 AM for 1 
day). 

Mark Lloyd 
http://notstupid.us/ 

"The dogma of the divinity of Jesus should have died on the cross, when 
the man of Nazareth gave up the ghost." [Lemuel K. Washburn, _Is The 
Bible Worth Reading And Other Essays_]

Right. The router is accepting back-traffic to one device (the Playstation) on that one port.

Basically, yes. As long as it's ONLY talking to the Playstation, that probably means that a game is soliciting the feedback (and not that anyone is trying to attack your network). There's nothing special about '9000', it's possible that other games use other ports.

Security is a thousand good practices, just like grammar is, or cleanliness or politeness or class. They're all a thousand little things.

SSID good practices are what we're talking about here.

There are a few problems with the scenario you proposed, but I have to manually *insert* an attacker who cares, in order for it to matter.

For example, let's say you're cheating on your wife, and, let's say, you connected to your girlfriend's SSID, called "GIRLFRIEND" and, let's say, for now, she's *not* hiding her SSID. Guess what?

Your laptop (or phone) *still* has a record of that connection, which, if your wife cared to snoop, can see by looking at your laptop or phone.

Now, let's say, for argument's sake, that your wife doesn't have physical access to your laptop or phone, but, your girlfriend told her router to not broadcast her SSID, but that you connected to her SSID.

Guess what?

When you're at home, your laptop or phone first shouts out "Hey GIRLFRIEND, are you there?" and only when the router doesn't respond to that request, does your laptop or phone bother to go down the list of other stored or located SSIDs.

It's actually easier than that *if* you use an existing SSID and password since the rainbow tables will already have the hash value stored.

I'm not saying "I" care to to that, but someone might. As always, security is a thousand little things done right.