Netgear router logs show admin config panel login from FingBox

I have a Netgear D7000 router and a FingBox V2. I was having some issues configuring my DHCP server to advertise my pihole as the default DNS server to connected devices, and I disconnected the power to the FingBox to make sure it wasn't interfering with the process.

I left it off for about an hour while I worked on the issue. About 15 mins after I turned it back on I logged into the admin panel of my netgear router and viewed the log file. The most recent entry was 'admin access from 10.1.1.101' which was the imac i was using. Further down there was an entry that said 'admin access from 10.1.1.11' from 15 mins prior, and just before that 'DHCP request from xx:xx:xx:xx:xx:xx, assigned '10.1.1.11'.

That IP address is the static IP of my fingbox, and the 'admin access' entry was just after I turned the fingbox back on. Is it unusual that my fingbox is logging into my router's admin panel or is this expected behaviour?

i might also mention, the log file distinguishes between successful and failed login attempts, the fingbox was successful.

Here's an example of the log entries..


Answers

  • HronosHronos Member, Beta Tester Posts: 283 ✭✭✭✭
    Hi @dmg15
    I am not sure if the log is generate from an actual "login" to the router administrative console, maybe is just a "call" to the admin console site on the router, something like doing: http://<IP of Router>:<Port>
    If this is the case, maybe the FingBox is just proving your network for devices and open ports (services).
    I don't know of a feature from the FingBox than make it have the user/pass of your router saved on it (or in the Fing Account).
    Let's see what @Carlo_from_Fing or @Robin could 
    Keep looking up!
  • dmg15dmg15 Member Posts: 4

    I tested that theory by accessing the web portal and not logging in, and also logging in with an incorrect password. No entry for acessing the login page, but a 'failed login' entry when i entered the incorrect password. The log entry made from the fingbox only appears from a sucessful login. It seems unlikely that the same entry would be generated by simply attempting to connect to the router, even if it was on a port other than 80 or 443. There is a different message produced if a device attempts to connect to multiple ports in the case of an nmap scan or similar. It even notes the type of scan performed whether its an ACK scan or a denial of service attempt.

  • Carlo_from_FingCarlo_from_Fing Rome, ItalyAdministrator Posts: 174 admin
    Fingbox is not automatically doing port scan towards your hosts nor trying to login on the web portal.
    During the Internet security check Fingbox checks your router from internal (mostly UPnP) and tells our cloud to check your public Internet IP from external, to provide you a full fledged report.
    I don't believe the Internet Security feature can cause this that you reported, but to be 100% sure please go to that feature in mobile app and issue a manual one, so you can check if then you'll see logs in the router for the same time window.
    Let us know.

    Carlo from Fing

    Hronos
Sign In or Register to comment.