Jump to content
RESET Forums (homeservershow.com)

IP connections to WHS


srobjob
 Share

Recommended Posts

Hi all

 

I'm running WHS v1 with the Remote Alert add-in. I'm seeing connections in the IP Connections Table pop up quite regularly. I've installed the .ra lists from the add-in website and even though some of these IP's are in the denied access list they still pop up daily. They're always on remote port 80 and the state varies from established, time wait or closed wait.

 

I'm concerned about security and worried someone has access to my server. Or could this simply be services the server is using such as the squeezebox server add-in I have installed? I've tried stopping the squeezebox server and checking the status of the connections but haven't noticed any changes when doing this.

 

Is anyone else having this issue or have any ideas of what I can do to try and improve the security on the WHS? Perhaps WHS security would be a good topic to touch on in the podcast?

 

Thanks

Link to comment
Share on other sites

Did you turn off UPnP when you finished configuring the router? Did you change the default password of your router?

Link to comment
Share on other sites

Hi all

 

I'm running WHS v1 with the Remote Alert add-in. I'm seeing connections in the IP Connections Table pop up quite regularly. I've installed the .ra lists from the add-in website and even though some of these IP's are in the denied access list they still pop up daily. They're always on remote port 80 and the state varies from established, time wait or closed wait.

 

I'm concerned about security and worried someone has access to my server. Or could this simply be services the server is using such as the squeezebox server add-in I have installed? I've tried stopping the squeezebox server and checking the status of the connections but haven't noticed any changes when doing this.

 

Is anyone else having this issue or have any ideas of what I can do to try and improve the security on the WHS? Perhaps WHS security would be a good topic to touch on in the podcast?

 

Thanks

I was beginning to wonder if you even have a router? From your last post I take it you do. Please check the port forwarding on the router. If there is any, turn it off, at least until you have the popups stopped. This, honestly, does not sound too good to me. I have never gotten popups on my WHS.

Link to comment
Share on other sites

Perhaps popup was a bad choice of words. I mean the IP address appears in the IP connections list of the remote alert add-in in the WHS console. I have a dlink router, upnp is off and there is no port forwarding. The WHS firewall is on and set to defaults.

Link to comment
Share on other sites

If no port forwarding is on, there is little to be concerned about. I don't know much about that add-in but do know that routers are being pinged for responses and then test to see what security is not available. That add-in must be seeing the external pings to the router.

 

If this is also a wireless router, either put a very strong password on the signal in conjunction with WPA encryption ( NO WEP ) or turn off the wireless signal if not needed. Disabling the SSID broadcast will do little to nothing for security.

 

Follow this outline and your network will be as secure as you can make it.

Link to comment
Share on other sites

Perhaps popup was a bad choice of words. I mean the IP address appears in the IP connections list of the remote alert add-in in the WHS console. I have a dlink router, upnp is off and there is no port forwarding. The WHS firewall is on and set to defaults.

Ah, OK. I am not running that Add-in. I think I'll install it and see what I get. And I echo 100% what jmwills said. I only wonder how, and why, the Add-in would see external pings at your router; seems...... odd to say the least.

Link to comment
Share on other sites

If you are seeing "Remote Port" = 80, that's your server making some outbound web calls. This is usually nothing to worry about, software will check for updates or other things. It's certainly not anything trying to get in, and if you did not forward any ports, there really isn't any way that could happen anyway. If you are concerned with apps "phoning home" as some malware does, you might want to check which processes are making those connections and take it from there. I don't think Remote Alert has any way to do that, so you will need to get into the console and use a tool for that.

Link to comment
Share on other sites

Thanks for all the replies. My router is already setup as per everyone's recommendations in their replies . I'm relieved to hear its not as worrying as I had initially thought. All these connections are remote port 80. I've traced the IP's to various ISP's but not sure what that really tells me. If its software looking for updates then how would I be able to pinpoint what is doing that? I've checked task manager on the WHS and all the processes are the usual windows stuff, nothing strange at all.

Link to comment
Share on other sites

Software requests would be matched to an outgoing request from behind the router (inside the LAN) so thats not it. It is probably nothing more than the usual kiddie hackers seeing what they can get to.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...