The OP didn't mention anything about a firewall issue, or a firewall logging
issue, so I cannot see how you made that initial assumption in your posting.
An external network (ie Internet) user cannot make UPnP port forward
requests to the router, or log into the base station to setup port forwards.
If the person has their network compromised in such a way that port forwards
are still being added, it's still an internal attack to the network if port
forward entries are being created. The initial port foward would have come
from the internal network, and subsequent requests made through this port
forward won't be logged by the base station's log.
The only port fowarding request would be logged is the UPnP entry being
created from inside the network (if that is indeed what is happening). But
that would be an internal (LAN) network request, not an external (Internet)
request
Telling the user that " the firewall doing its job by blocking those
attempts" is just wrong, because that's not what the user is observing. The
user is observing port forwards being created. That's the key here.
--
Jason Tsang - Microsoft MVP
Find out about the MS MVP Program -
http://mvp.support.microsoft.com/default.aspx
"Chris H." <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Or, the machine was accessed during a period when the firewall was down
and
> someone is controlling the machine externally?
> --
> Chris H.
> Microsoft Windows MVP
> Associate Expert
> Expert Zone - www.microsoft.com/windowsxp/expertzone
>
> "Jason Tsang" <jason-(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > Upnp apps (Win/MSN Messenger and other apps)?
> >
> > You are assuming external (to the LAN) users are adding it (which is
> > unlikely in this scenerio)
> > You haven't ruled out internal users or programs (which is the far more
> > likely scenerio here)
> >
> > --
> > Jason Tsang - Microsoft MVP
> >
> > Find out about the MS MVP Program -
> > http://mvp.support.microsoft.com/default.aspx
> >
> > "Chris H." <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> > > I know, Jason. I should have said "probably" are seeing. If the
> firewall
> > > is on, how is someone accessing and changing the port forwarding?
> > > --
> > > Chris H.
> > > Microsoft Windows MVP
> > > Associate Expert
> > > Expert Zone - www.microsoft.com/windowsxp/expertzone
> > >
> > > "Jason Tsang" <jason-(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > Chris... the firewall and the base station log have nothing to do
with
> > > port
> > > > forwarding...
> > > >
> > > > --
> > > > Jason Tsang - Microsoft MVP
> > > >
> > > > Find out about the MS MVP Program -
> > > > http://mvp.support.microsoft.com/default.aspx
> > > >
> > > > "Chris H." <(E-Mail Removed)> wrote in message
> > > > news:%(E-Mail Removed)...
> > > > > Actually what you're seeing is the firewall doing its job by
> blocking
> > > > those
> > > > > attempts. Check out this information about the firewall log and
how
> > to
> > > > > interpret the items:
> > > > >
> > > >
> > >
> >
>
http://www.microsoft.com/hardware/br..._log_file.mspx
> > > > > --
> > > > > Chris H.
> > > > > Microsoft Windows MVP
> > > > > Associate Expert
> > > > > Expert Zone - www.microsoft.com/windowsxp/expertzone
> > > > >
> > > > > "michael" <(E-Mail Removed)> wrote in message
> > > > > news:239801c3e08f$2a060a90$(E-Mail Removed)...
> > > > > > Can someone tell me why this router is so easy to break
> > > > > > into?
> > > > > >
> > > > > > I keep going into port forwarding and seeing someone
> > > > > > enter particular ports and being forwarded to machines on
> > > > > > my network.
> > > > > > I guess there is no security.
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Similar Threads
Linear Mode
