"LAN access from remote" log entries- port 161/udp is open

RobnH · Post by **RobnH** » Sun Nov 27, 2016 1:19 am

"LAN access from remote" log entries

Modem: Netgear N450 CG3000DV2
Firmware Version: V3.01.06
ISP: Time Warner

Hi folks,
I do not know how to configure the router to block this access to Port 161. When I configure rules, they refer to addresses 192.168.0.x. They do not seem to do anything to block the outside access to port 161.

Remote Management is off.
I’ve disabled UPnP.
There are no port forwarding/port triggering rules.
I’ve disabled the bulk of the services that were enabled when I hard reset the modem.
The admin password has been changed.
Wireless is disabled. (I have a DLink access point handling the wireless traffic.)
Guest Network is disabled.
No torrents are being run.

With only the PC attached to the RG, SG security scan still shows port 161 as open. I have checked the open ports on the PC, 161 is not displayed, and portqry says TCP and UDP port 161 are NOT LISTENING

Any suggestions are appreciated.http://www.speedguide.net/forums/images ... nfused.gif

Thanks!
-Robin

Description
Count
Last Occurrence
Target
Source

[LAN access from remote ]
1
Wed Nov 23 21:52:08 2016
172.xxx.xxx.xxx:161
12.35.230.2:63433

[LAN access from remote ]
1
Wed Nov 23 21:10:53 2016
172.xxx.xxx.xxx:161
196.15.222.185:52181

[LAN access from remote ]
1
Wed Nov 23 17:56:46 2016
172.xxx.xxx.xxx:161
12.28.6.226:49679

[LAN access from remote ]
1
Wed Nov 23 07:43:10 2016
172.xxx.xxx.xxx:161
185.94.111.1:58981

[LAN access from remote ]
2
Wed Nov 23 07:35:40 2016
172.xxx.xxx.xxx:161
212.80.185.174:80

[LAN access from remote ]
1
Wed Nov 23 06:54:13 2016
172.xxx.xxx.xxx:161
184.105.139.67:30404

[LAN access from remote ]
1
Wed Nov 23 06:42:34 2016
172.xxx.xxx.xxx:161
185.128.40.162:51808

[LAN access from remote ]
1
Tue Nov 22 22:10:00 2016
172.xxx.xxx.xxx:161
80.82.64.42:49895

[LAN access from remote ]
2
Tue Nov 22 20:38:30 2016
172.xxx.xxx.xxx:161
89.248.168.6:18564

[LAN access from remote ]
1
Tue Nov 22 07:49:36 2016
172.xxx.xxx.xxx:161
204.42.253.130:56921

Post by **Philip** » Sun Nov 27, 2016 9:54 am

In general, port 161 udp is used for SNMP, and some providers could use it for device management. Even if that is the case, it should be closed to IPs outside of your ISPs network, which it seems it isn't. You may want to look through the Netgear gateway admin interface and see if there is some option to close SNMP. If not, you may be out of luck and TW could be keeping it open. You can always forward it to a non-existent internal IP address if you'd like.

RobnH · Post by **RobnH** » Sun Nov 27, 2016 3:06 pm

Thank you, Philip! I will set up the forwarding rule.

Joseph Grawet · Post by **Joseph Grawet** » Wed Oct 21, 2020 12:56 pm

What is, and how would one set up the forwarding rule?

Post by **Philip** » Thu Oct 22, 2020 12:57 pm

The port forwarding rule is generally something like: From [Any] external IP address, to 192.68.1.251 destination (or any other local IP address that is unused). You can set the protocol to UDP, or "both" TCP and UDP.

Note this does not prevent the modem from being reached on that port, just makes sure it is not forwarded from the modem/gateway to one of your regular client devices.