What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

System Log - Port Forwarding Tab - Related time of forward?

J

jksmurf

Very Senior Member
Hi,

I've been trying to get to the bottom of an entry in the System Log - Port Forwarding Tab of my Asus RT-AC68U. The redirects are from my kids (Aged 11 and 12) Notebooks. As you can see I am not pleased to see the Description but can find nothing on the net about it. [If anyone knows I would love to find out]

I tried to see which Program using netstat –b –a, but none of the associated ports were listed, so I cannot find which program does this. Is there some way of finding out the age of these entries? I saved and looked at the General Log but cannot find any associated entries. Any help would be appreciated, thanks.

k.
 

Attachments

  • Clipboard01.jpg
    Clipboard01.jpg
    54 KB · Views: 1,060
Unfortunately there is no way of knowing the age of these entries. Also, because they are UDP the program that initiated them has probably long since stopped running. In fact the device itself might even be turned off.

The first thing you must do is scan those 2 devices for malware and viruses. But just because the router is calling those ports F***net doesn't necessarily mean they are being used for nefarious purposes. They could be used by a legitimate application, something like Skype or in-game chat.
 
Thanks Colin. I did run a "malware bytes" scan on them both and got no positive hits on malware, but I'm open to anyone recommending a better alternative that might root out the particular malware calling itself F***net. I agree that it might just be some program boffin having fun with an otherwise innocuous program or App, but I sincerely hope my kids are not using a program or App that resorts to calling itself that and if so I would like to know what it is, so I can remove it and suggest they use something else.

btw - you noted that "...just because the router is calling..." - surely the program on the Notebooks does this and not the router itself?

btw - is there any way of easily (without resetting the entire Router) removing the UDP entries? - If they come back, I will know the program is still an issue. If not, that it has gone.
 
Last edited:
btw - you noted that "...just because the router is calling..." - surely the program on the Notebooks does this and not the router itself?
Click to expand...
No, that name is what the router thinks the port is used for.

The router doesn't necessarily know what those ports are used for so it has to guess*. All it knows is that a client requested those ports to be forwarded. Some ports have well known uses (80 = http, 23 = telnet, 3478 = PlayStation Network, 6881 = BitTorrent, etc) but others are random, and there's nothing to stop a program using any port for any purpose.

The quickest way of getting rid of them is the restart the router. As you say, then turn on the notebooks and closely monitor the router to see if/when they come back. It's quite possible that they weren't created by a program installed on the notebooks but by a (dodgy) web site that each one had visited.

Let us know how you get on.


* I suppose it's possible that AiProtection or Traffic Analyzer is determining the use of that port, but I don't use those features so I'm just speculating. See Merlin's post below. The client can provide a description (and assuming the client isn't lying ;)).
 
Last edited:
The name next to the UPNP forward is what is provided by the client requesting the UPNP forward - if it provides one.

Just to be sure, you didn't manually disable Secure mode in miniupnpd? Because that would allow any client on the LAN to forward a port to another IP.

Long shot: try doing a registry search for "f****net" to see if anything comes up.

I assume you already hit Google with that keyword as well?
 
Folks

Thanks to you both,

RMerlin said:
The name next to the UPNP forward is what is provided by the client requesting the UPNP forward - if it provides one.
Click to expand...
Good to know, so it MUST have come from the kids Notebooks.

RMerlin said:
Just to be sure, you didn't manually disable Secure mode in miniupnpd? Because that would allow any client on the LAN to forward a port to another IP.
Click to expand...
I will need to check this. Come back to you, but it is unlikely. My fiddling with advanced settings extends as far as turning off the blue lights, setting Static Address and running the occasional script to reorder them (would love a GUI for that btw).

RMerlin said:
Long shot: try doing a registry search for "f****net" to see if anything comes up.
Click to expand...
Will do. As soon as they give me their Notebooks...

RMerlin said:
I assume you already hit Google with that keyword as well?
Click to expand...
Yes, this I did. You can imagine the sort of rubbish that came up, but surprisingly no one seems to have claimed it or commented on it.

k.
 
I just did a quick search on "UPNP" and that word, and I saw a few references to a malware. Just to be sure, I recommend doing a full scan with Malwarebytes Antimalware, as well as Hitman Pro. Together, these two should at least notice pretty much any malware.
 
Thanks RMerlin I did run a Malwarebytes Antimalware scan on them (again last night) and got no positive hits on malware, but will try Hitman Pro. Also need to restart the Router as Colin noted above.
 
RMerlin said:
Just to be sure, you didn't manually disable Secure mode in miniupnpd? Because that would allow any client on the LAN to forward a port to another IP.
Click to expand...

OK rebooted Router, ran Hitman. Can someone tell me which page this Secure mode in miniupnpd is on, I did look through the GUI, and may have missed it, but cannot see it? Ta.
 
jksmurf said:
OK rebooted Router, ran Hitman. Can someone tell me which page this Secure mode in miniupnpd is on, I did look through the GUI, and may have missed it, but cannot see it? Ta.
Click to expand...

That setting is not on the webui, it's only accessible if you manually changed it in nvram, or if running the current alpha build of my firmware and you changed it in the Hacks & Tweaks section.
 
RMerlin said:
That setting is not on the webui, it's only accessible if you manually changed it in nvram, or if running the current alpha build of my firmware and you changed it in the Hacks & Tweaks section.
Click to expand...
Lol. Ok. Thanks. Clearly not disabled then.
 
You must log in or register to reply here.

Similar threads

H
AX5700/RT-AX86U PRO Port Forward confusion
Replies
5
Views
525
herbkpk
H
adri
Firewall, Port Forwarding, and DoS Question
Replies
8
Views
1K
ColinTaylor
C
P
firewall, inbound firewall rules and port forwarding (on RT-AX58U) clarification
Replies
5
Views
5K
eibgrad
eibgrad
J
Assign Device Names in System-Wireless Log specifically for AIMesh Nodes? And change AIMesh Host Name
Replies
19
Views
3K
jksmurf
J
J
Guest Network Pro on RT-AX88U Pro IoT VLAN Setup with TP-Link TL-SG1008 Unmanaged Switch
Replies
8
Views
1K
jerry6
jerry6
Similar threads
Thread starter Title Forum Replies Date
Z Using AC86U for router functions, and newer TP link system for wifi? ASUS AC Routers & Adapters (Wi-Fi 5) 3
G Traffic monitor log incomplete ASUS AC Routers & Adapters (Wi-Fi 5) 3
P Asus RT-AC88U Hidden USB3 Port ASUS AC Routers & Adapters (Wi-Fi 5) 4
D Issue with openVPN port forward in ASUS ac88u ASUS AC Routers & Adapters (Wi-Fi 5) 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 672 (members: 17, guests: 655)
Back
Top