Sign in with
Sign up | Sign in
Your question
Closed

Unstoppable remote lan access

Last response: in Networking
Share
February 26, 2009 1:47:34 PM

Ok all, I'm new here so I'll try to be thorough and give as much info as I can. My roomate recently bought a computer, about 2 months ago, and he "contracted" some trojans.. 17 of em... through an "unknown" way.. porn sites. So I took his PC off the network because we were getting DOS attacked. I thought it would help.
I've recently been checking the network and we still get DOS attacked and now LAN accessed from remote... I figured "Ok I must have accidentally turned on remote access". I didn't. Not on the router or in xp.
My firewalls are active.. the router is secure and MAC filtered. I called comcast about it and they referred to me to Netgear support. After being on hold for a half an hour they took me through this process of restarting my router over and over. The support guy tried to Remote access it and couldn't, after all the steps, he was trying to check the logs. He told me to reset it to factory settings and call back. Great! Another half-hour and I'm on the phone with another guy telling me it's impossible to remote access my router because it's secure and he can't access it. Even though the logs state every 6 seconds a new Ip is accessing my PC's IP. So i hang up.
These ip's are from all over the world, and they always access the same port, which is 58315. I've tried looking up some ways to block specific ports with xp.. but no luck.. the only ones i could find are for Sp 2. I've tried using Ipsec.. http://support.microsoft.com/kb/813878 ..How to block specific network protocols and ports by using IPSec. I cannot get netdiag to install from my burned xp cd. Anyone have any ideas on how to block this port or a free firewall program that has UDP/TCP filtering or port filtering? I'm running around in circles now.. any help would be apreciated!

We are both running XP SP3 and the router I use is a NETGEAR WNR2000, remote access is off, I have no P2P/torrent/sharing enabled.. heres my log:

[LAN access from remote] from 123.122.97.185:12932 to 192.168.1.3:58315, Wednesday, February 25,2009 21:02:06
[LAN access from remote] from 125.69.81.60:17243 to 192.168.1.3:58315, Wednesday, February 25,2009 21:02:01
[LAN access from remote] from 115.35.6.58:8732 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:56
[LAN access from remote] from 60.241.221.38:16001 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:51
[LAN access from remote] from 79.53.181.241:34234 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:46
[LAN access from remote] from 86.204.82.246:18757 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:41
[LAN access from remote] from 195.200.91.142:1274 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:36
[LAN access from remote] from 79.163.156.227:23177 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:31
[LAN access from remote] from 78.106.101.115:12412 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:27
[LAN access from remote] from 218.1.250.40:1056 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:21
[LAN access from remote] from 93.100.29.204:13551 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:16
[LAN access from remote] from 201.8.169.176:17978 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:11
[LAN access from remote] from 220.234.82.192:23591 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:06
[LAN access from remote] from 79.184.234.68:24409 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:01
[LAN access from remote] from 122.148.70.181:55550 to 192.168.1.3:58315, Wednesday, February 25,2009 21:00:56
[LAN access from remote] from 60.185.178.132:19916 to 192.168.1.3:58315, Wednesday, February 25,2009 21:00:51

It happens all day long!
February 28, 2009 3:01:16 AM

Figured it out.. uPnP was allowed on my router.. people or bots were opening up ports using UPnP IGD hacking...with the command AddPortMapping.
the applications wireshark and core force helped me discover all the attacks and in turn what TYPE of port the attacks were occuring.
If there is alot of network traffic you can't account for, check if uPnp is enabled and check your logs for remote lan access in your logs... you might have been UPnP hacked.. which is apparantly pretty easy in XP.
February 28, 2009 3:02:14 AM

especially if you use bittorrent software
Related resources
Anonymous
August 18, 2009 6:46:57 AM

hi... could u pls help me in the similar topic....
how to access the PC of 172.138.x.x from one of our 172.137.x.x LAN...
pinging it, will give a reply but i'm unable to access...
January 3, 2011 3:27:31 AM

I am having the same problem. How did you solve it. Using simple terms.
July 8, 2011 9:14:11 PM

Google for where you turn UPnP off for your router.
Netgear N300 has UPnP under Advanced.
This was the *WRONG DEFAULT* for the router.
I confirm that this solved it and I also confirmed that my Linux
box got very chatty with numerous computers before the connection
crashed, UPnP republished and the cycle began again.
June 18, 2013 5:23:42 AM

baiku said:
Figured it out.. uPnP was allowed on my router.. people or bots were opening up ports using UPnP IGD hacking...with the command AddPortMapping.
the applications wireshark and core force helped me discover all the attacks and in turn what TYPE of port the attacks were occuring.
If there is alot of network traffic you can't account for, check if uPnp is enabled and check your logs for remote lan access in your logs... you might have been UPnP hacked.. which is apparantly pretty easy in XP.

Thank You! I had the same thing happening on a Linux box. I turned off UPNP and the extra traffic died on the router.
!