Router Security

[Riptide0]

I recently, as of the past 2 weeks, noticed that my router has been losing connection to the internet randomly and I decided to check on my network logs to see what was going on as I do forward a few ports for things like nextcloud and a minecraft server. I am aware of the risks of port forwarding and I checked the logs on my router and found that someone was remotely accessing my nextcloud server from random ports. I don't believe they ever got in but I wanted to ask if it was possible for someone to shut down the network access of my router for a few seconds or someone was ddosing me remotely? I don't know of any attacks that can do what I've been experiencing. For now I've shut down the cloud server and turned off that port on my forwarding and I haven't experienced the issue for about 30 minuted where as I was experiencing it every 5 to 10 minutes.

[WereCatf]

7 minutes ago, Riptide0 said:

I don't believe they ever got in but I wanted to ask if it was possible for someone to shut down the network access of my router for a few seconds or someone was ddosing me remotely?

Your router is most likely just buggy and crashes due to the repeated port-hammering.

[Riptide0]

18 minutes ago, WereCatf said:

Your router is most likely just buggy and crashes due to the repeated port-hammering.

Are you saying that someone is trying to access my server? I thought so but it isn't alot of ports and checking back the last time someone tried to access a port remotely was at 11 and it said "Lan accessed remotely". I find this odd cause the random restarts I was getting were happening around 1 to 2:10ish.

[WereCatf]

Just now, Riptide0 said:

Are you saying that someone is trying to access my server?

No, I am saying that it's most likely just your router being buggy.

[Riptide0]

19 minutes ago, WereCatf said:

No, I am saying that it's most likely just your router being buggy.

Any idea how to go about fixing whatever the bug is? A simple factory reset and reconfigure or what? I actually just turned the server back on and I immediately got a router soft restart where I lost connection and all the lights shut off then right back on. This happened about 5 minutes after I turned it back on. I checked the logs again and it says my router IP on one port in the high 50k is pinging the port and ip my server is on. What does that mean?

[WereCatf]

33 minutes ago, Riptide0 said:

Any idea how to go about fixing whatever the bug is? A simple factory reset and reconfigure or what?

You can't fix such bugs. You'd have to either replace the whole router or its firmware.

[Riptide0]

7 minutes ago, WereCatf said:

You can't fix such bugs. You'd have to either replace the whole router or its firmware.

Is there a way in netgears logs that I can check if my network is being accessed from the wider internet or is that not really a thing? I just updated my firmware and it says that I am getting

[DoS attack: FIN Scan] (1) attack packets in last 20 sec from ip [52.230.222.68], Sunday, Apr 12,2020 00:50:44. What does that mean exactly? I assume someone is ddosing my nextcloud server but how do I fix that?

[WereCatf]

Just now, Riptide0 said:

Is there a way in netgears logs that I can check if my network is being accessed from the wider internet or is that not really a thing?

If you haven't done something stupid like e.g. setting DMZ on or similar and your router doesn't have any vulnerabilities one could use to access it from the Internet-side, then you're fine. If there was a vulnerability, such a log would be meaningless, because they could just remove any such logs.

[Riptide0]

5 minutes ago, WereCatf said:

If you haven't done something stupid like e.g. setting DMZ on or similar and your router doesn't have any vulnerabilities one could use to access it from the Internet-side, then you're fine. If there was a vulnerability, such a log would be meaningless, because they could just remove any such logs.

I have a at&t router in passthrough mode going to a netgear router but I dont think that matters as none of them would be in DMZ mode and I've checked.