Skip to main content

I received an alert email from my ISP flagging a potential security issue. I called to get more information, but they told me that they wouldn’t be able to provide any more info on the source of the alert or any IPs associated with it because I’m not using their special equipment.

 

Instead, they directed me to contact my router provider, stating that they would be ale to access my router and see more information on the event. It sounded like BS to me, but is this true? I have an Arris G34.

 

The logs on the router itself aren’t too helpful. The only strange thing is a number of entries starting about two days before the security email arrived:

IGD: config.utapi s_add_portmapdyn: add entry (index 1): add/overwrite entry param portmap_dyn_1 value:enabled,none,43431,192.168.0.***,7070,tcp,165600,1721088246,AnyDesk

There are 66 of these entries in total, with three occurring almost exactly at the 4th minute of every hour, for 22 hours. The redacted local IP is my desktop.

So, is this an attempt to remap a port to create an anydesk connection? The exact timing to me feels like an auto-login attempt and I do have anydesk on my phone, however I haven’t used it in ages. And I’m on a brand new Windows install in any case, so haven’t installed anydesk yet.

(NOTE: since typing this post, I’ve discovered that these entries also appeared as long as 2 months ago, and there was no security email then. So I’m starting to doubt that this was the source of it.)

Any thoughts on what to make of all this (and whether this is the sort of thing that Arris is even willing/capable of assisting in troubleshooting) would be much appreciated.

The logs are Values read by technicians from the internet provider end, since the logs are what the coaxial cable transmits and the log screen on the router is the translator so can be easily read by them, the coaxial cable is owned by the Internet service provider, I wouldn't be able to tell you what that means.

If your Event Log is reporting a high volume of errors, this would indicate a potential CMTS signal issue. To troubleshoot these errors, we would like to note the current signal levels being used by your (G34). please follow the steps mentioned on the below link to check for the cable signal level.

http://arris.force.com/consumers/articles/General_FAQs/G34-G36-Cable-Signal-Levels


Reply