Welcome to MacTalk Australia

the largest Australian community for Apple discussions and topics

Join the discussions, Register Now!
Results 1 to 4 of 4
  1. #1

    Join Date
    Jan 2004
    Location
    Dee Why, Sydney
    Posts
    3,428

    Default Weird port forwarding rules on my modem

    Just logged into my modem to do a couple of maintenance and noticed some port forwarding rules have been configured, which I didn't set up:



    This IP address is currently assigned to my MacBook. I live alone, and am the only person who knows the password for the modem, so if someone has managed to get in and make changes, it would've been from outside. I just want to know that if this is legit, or if there's a chance I've been hacked?
    Good. Fast. Cheap. Pick two...

  2. #2

    Join Date
    Mar 2007
    Location
    Frozen North
    Posts
    622

    Default

    Is your modem owned or leased? Some ISPs auto-push firmware updates and sometimes it can enable "new" firewall rules without your permission. Most router makers have started to pre-create Skype rules, common streaming media ports, Yahoo Messenger, MSN/Live Messenger, ICQ, network printing, network storage sharing, etc.

    As far as being hacked, several older modem/router combos have been prone to firmware holes but odds are fairly slim as hackers typically change your DNS to a hijacked server to log all your info--some routers require the users' password for these changes which stops this type of attack unless you still left the router named the same out of the box with the default password= "password"
    at&t 3G speeds(Motorola Atrix): 2148 kbps down / 1483 kbps up
    Sprint WiMax Speeds(Motorola Photon): 9.1 mbps down / 1.8 mbps up
    "Every country has the government it deserves" -Joseph De Maistre

  3. #3

    Join Date
    Jan 2004
    Location
    Dee Why, Sydney
    Posts
    3,428

    Default

    I purchased it outright...from a store, definitely not from the ISP.

    Funny you should mention that - reason I bought this router is because my old one got hacked - someone got into it and changed the DNS settings to send all my DNS requests to a rogue DNS server. This is a current model D-Link, I'd hope that it would be more secure. And yes - one of the first things I did during the initial setup was to change the password.
    Good. Fast. Cheap. Pick two...

  4. #4

    Join Date
    Nov 2005
    Location
    Melbourne, Australia ;)
    Posts
    3,182

    Default

    Do you have uPnP enabled? This allows apps to request their own port forwarding (although this is usually shown separately and is only temporary).

    Interestingly 16402 is a port used by FaceTime:
    https://support.apple.com/en-us/HT202078

    Which doesn't mean alot if something else is using it to hide in plain sight.

    When it doubt, delete it and change the password.
    Many Shiny Toys with Apple Logos | Some Microsoft Toys too
    If it has an engine or a heartbeat it's going to cost you.
    Drive a VW?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •