Dr. Bell, I've used your services on here in the past and it was superb and this question is for you.
I'm an IT intern at a pharmaceutical research firm,and I need a little bit of help in regards ***** ***** (and hopefully resolving) some router logs.
Against my judgement, my company has a Netgear AC1200 router that has both a NAT and SPI firewall, and is running the most current firmware. Additionally, we have a WD MyCloud that we use as our internal shared drive. Finally, the specific logs have to do with an employee's Samsung Galaxy S2 tablet that is running Android 6.0 Marshmallow.
When checking our router logs today (I do it occasionally, not daily) but haven't seen this before - I came across [LAN
access from remote] logs accessing the Samsung Galaxy tablet on port 16082. Additionally, IPs connecting to the tablet were from Poland, Armenia, Russia and Norway.
Furthermore, when looking at the UPnP port map tab in the advanced settings, I see 2 entries that are active (1 for TCP and 1 for UDP) where the internal port is 16082, the external port is 16082, and the IP goes to the Samsung Galaxy tablet. This directly correlates to the above [LAN access from remote] logs as connections were coming in via port 16082 on the device.
Lastly, on the router - UPnP is enabled (obviously), Remote management is not enabled and MAC address filtering is not enabled. Additionally, when the router was initially configured (not by me), VPN passthroughs (IPSec, PPTP, L2TP) were enabled. I know that we don't use VPNs in the company, so the configurer simply did not disable it.
Can you help me assess the situation?