Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

New router indicating steady stream of brute force attacks on my computer

pendragn32
 Share

Hello,

I recently upgraded to a Netgear Nighthawk AX4300 router.  I have a couple of ports forwarded to my home server for RDP and Emby (similar to Plex).  The router comes with a 30 day trial of Armor software.  Ever since I forwarded the ports about a week ago (shortly after installing the router), I am getting upwards of 100 notifications per day that "Netgear Armor has detected and blocked a brute force hacking attempt on [my computer] from [various IP addresses]".  In fact, the activity seems to be increasing over time.  An IP address will often repeat for a bit, then it changes to a different IP address, so either it's not just one hacker, or it's one hacker that is using a VPN and regularly changing IPs.  Is this actually legit?  Is there really one ore more hackers out there trying to brute force login to my computer, which is full of not at all exciting things?  Or is the Netgear Armor software just throwing out a bunch of false positives?  I had these ports forwarded on my last router for years and years, and I've never noticed anything odd, but these notifications are a bit concerning.  

Thanks!

Link to comment
Share on other sites

Link to post
Share on other sites

(Not an expert (at all))

Is it possible that anything you have connecting through the forwarded ports is being flagged? 

Maybe try turning your RDP and Emby off and see if it continues...

| If someones post is helpful or solves your problem please mark it as a solution 🙂 |

I am a human that makes mistakes! If I'm wrong please correct me and tell me where I made the mistake. I try my best to be helpful.

System Specs

<Ryzen 5 3600 3.5-4.2Ghz> <Noctua NH-U12S chromax.Black> <EVGA GTX 770 2GB> <16gb 3200Mhz Crucial CL16> <DarkFlash DLM21 Mesh> <650w Corsair RMx 2018 80+ Gold> <Samsung 970 EVO 500gb NVMe> <WD blue 500gb SSD> <MSI MAG b550m Mortar> <Noctua P12 case fans>

Peripherals

<Lepow Portable Monitor + AOC 144hz 1080p monitor> 

<Keymove Snowfox 61m>

<Razer Mini>

Link to comment
Share on other sites

Link to post
Share on other sites

Having RDP open to the internet is asking for dictionary attacks. You really should not run Port 445 and 3389 out in the open. I believe you can restrict or slow down traffic via ufw but it won't stop these scans, only secure way have remote access to run your traffic behind your own vpn.

mY s YsTeM iS Not pErfoRmInG aS gOOd As I sAW oN yOuTuBe. WhA t IS a GoOd FaN CuRVe??!!? wHat aRe tEh GoOd OvERclok SeTTinGS FoR My CaRd??
 HoW CaN I foRcE my GpU to uSe 1o0%? BuT WiLL i HaVE Bo0tllEnEcKs? RyZEN dOeS NoT peRfORm BetTer wItH HiGhER sPEED RaM!!dId i WiN teH SiLiCON LotTerrYyOu ShoUlD dEsHrOuD uR GPUmy SYstEm iS UNDerPerforMiNg iN WarzONEcan mY Pc Run WiNdOwS 11 ?woUld BaKInG MY GRaPHics card fIX it?
 MultimETeR TeSTiNG!! aMd'S GpU DrIvErS aRe as goOD aS NviDia's YOU SHoUlD oVERCloCk yOUR ramS To 5000C18

 

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, pendragn32 said:

Is there really one ore more hackers out there trying to brute force login to my computer, which is full of not at all exciting things?

Yes. These are automated attacks. Most of these come from bots that search the internet for open ports known to be vulnerable and when they find one they will immediately try to exploit it. Whoever is running these bots likely doesn't get manually involved until the bot has managed to break in and steal your data.

 

Hackers simply don't know whether your computer is interesting or not, until they've tried. Also, never assume it isn't interesting. Personal documents may open the door to things like identity theft, blackmail or ransomware attacks.

 

If you want to connect to your computer from remote, set up a VPN on the router. Use that to connect to your internal network. Never ever expose stuff like RDP directly to the internet.

Remember to either quote or @mention others, so they are notified of your reply

Link to comment
Share on other sites

Link to post
Share on other sites

RDP (port 3389) is one of the top few ports that's constantly scanned by and brute forced hacked into by bots. The others would be SSH (port 22), FTP (port 21), and SMB (port 445).

 

^^^DO NOT PORT FORWARD THOSE!!!!^^^

If you must gain access to inside your network from the outside, look into setting up OpenVPN via 443 as that uses SSL.

Link to comment
Share on other sites

Link to post
Share on other sites

Thank you everyone for your suggestions!  Looks like I was likely getting brute force attacked a lot before and just never realized it.  I looked into OpenVPN, and I'll work on getting that installed on my server after disabling the RDP port forward.  

Link to comment
Share on other sites

Link to post
Share on other sites

  • 2 weeks later...

I realize it's been a bit, but figured I'd close out the topic.  I did disable the port forwarding for RDP, and the notifications of brute force attacks completely stopped immediately.  I've been port forwarding RDP for MANY years, and back when I first started doing it, I didn't see any cautions against it.  Just goes to show how security changes over time.  Thanks again for your help.  

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×