My network is being bombarded with failed connection attempts
NetworkNewbie
Newbie

My G1100 router's security log shows that these attacks only began last December. That period doesn't coincide with any particular event. I have a VPN server and a media server running on my NAS since long before that. The two ports that I have open are forwarded to these servers.  I've now closed the two ports. I've also disabled UPnP, remote administration and port-triggering since. But these connection attempts just continue in droves.

A typical log line looks like this, but the source IP address and destination port for each entry varies, of course:

Jan 22 04:31:38 2022 local5.notice<173> ulogd[896]: Blocked IN=eth1 OUT= MAC=48:5d:36:48:65:6c:2e:21:72:63:c9:c2:08:00 src=13.226.36.152 DST=... LEN=76 TOS=00 PREC=0x00 TTL=233 ID=29779 PROTO=TCP SPT=443 DPT=63540 SEQ=1159098379 ACK=3866477492 WINDOW=425 ACK PSH URGP=0 MARK=0

People seem to think that these bots just trying to find vulnerability.  

What possible vulnerabilities that are specific to the G1100 router should I be concerned about?

Any mitigation measure that I need to take?

0 Likes
Reply
1 Solution
gs0b
Community Leader
Community Leader

Thanks dslr595148 for quoting me.  That statement was an answer to a person who asked if there were any reasons not to use the free G3100 Verizon gave them.  It has nothing to do with any potential vulnerabilities on the G1100.

What this does mean is that Verizon takes full responsibility for keeping their routers (the G1100 and G3100) updated.  When/if vulnerabilities are discovered against these routers, Verizon will push firmware updates to resolve them.  The user does not have to do anything.

Compare this to non-Verizon routers that may allow the user to disable automatic updates or not support them at all.  In my opinion, automatic updates are a best practice for security.  If you disagree, then a Verizon router is not for you.

As to the OP's question, they can discover known G1100 vulnerabilities by searching the NVD at https://nvd.nist.gov/vuln/search

There are a few from 2019, but it's my understanding they have all been remediated and updated firmware pushed long ago.

View solution in original post

2 Replies
dslr595148
Community Leader
Community Leader

@NetworkNewbie wrote:

What possible vulnerabilities that are specific to the G1100 router should I be concerned about?

Any mitigation measure that I need to take?


Unknown for sure but I saw this https://www.dslreports.com/forum/r33311245-Router-any-downsides-to-G3100-E3200-VZ-equipment-vs-my-ow...


Like all Verizon routers, the G3100 has an encrypted communications channel that Verizon can use for monitoring and control. This channel enables their support team to help customers by resetting the router and/or adjusting some settings, enables control via VZ website or VZ app of features like parental settings and WiFi passwords, manages firmware updates, and some other stuff. In short, it makes life easy when they need to support non-technical folk.

Some people really don't like Verizon having the ability to manage and monitor the router.


If you do not have FIOS TV with a FIOS one box, you are welcome to use your NAT router.

The only reasons if you do not have FIOS TV with a FIOS one box you use their NAT router is for support from Verizon as they will only support their equipment (read: The ONT and their NAT router).

gs0b
Community Leader
Community Leader

Thanks dslr595148 for quoting me.  That statement was an answer to a person who asked if there were any reasons not to use the free G3100 Verizon gave them.  It has nothing to do with any potential vulnerabilities on the G1100.

What this does mean is that Verizon takes full responsibility for keeping their routers (the G1100 and G3100) updated.  When/if vulnerabilities are discovered against these routers, Verizon will push firmware updates to resolve them.  The user does not have to do anything.

Compare this to non-Verizon routers that may allow the user to disable automatic updates or not support them at all.  In my opinion, automatic updates are a best practice for security.  If you disagree, then a Verizon router is not for you.

As to the OP's question, they can discover known G1100 vulnerabilities by searching the NVD at https://nvd.nist.gov/vuln/search

There are a few from 2019, but it's my understanding they have all been remediated and updated firmware pushed long ago.