Greetings, my Arris TG862G was bridged by Comcast when it was installed earlier this year after Comcast pushed out a "free" speed increase and it was determined the old RCA modem was inadequate. My router is a Asus RT-N66R with 3.0.0.4.376.1071, and it has my current dynamic internet ip address on it.
I had some network issues so I decided to look at the Arris, All settings were as Comcast left them
In "Gateway-->Software" I see Software Version: 7.6.86H
The login page had "The device is currently in Bridge mode." at the top of the page.
Bridge mode is apparently controlled by a toggle in "Gateway-->Connection-->Local IP network" below that are the DHCP settings which are greyed out.
When I looked at "connected devices" I was surprised to see several entries, for 10.0.0.2,10.0.0.3 and 10.0.0.4, one was for a win7 PC on my network, one was for a win7 PC that I connect to over VPN and one was UNKNOWN, this seems to indicate the ipv4 DHCP is on despite being "greyed out" (my internal network is different)
In "Advanced-->Remote management" under "Remote Access Allowed From" I was surprised to see "Any Computer" was checked. This is right next to a warning "Note:This option will allow any computer on the Internet access to your network and may cause a security risk."
I immediately changed that to "Range of IPs" and put a local network range in it.
I then went to "Troubleshooting-->Logs, firewall log" and saw that various ips starting 10/29 have possibly connected to what seems to be the "UNKNOWN" entry in the connections list.
a snip from the firewall log;
**********************************************
Source:62.210.95.11,5107 Destination:10.0.0.2,5074 04:25:18 2014-11-06 [DOS]
UDP Packet - Source:62.210.95.11,5107 Destination:10.0.0.2,5075 04:25:18 2014-11-06 [DOS]
- UDP Packet - Source:62.210.95.11 Destination:10.0.0.2 04:25:18 2014-11-06 [PORT
TCP Packet - Source:111.73.46.190,6000 Destination:10.0.0.2,8081 15:48:37 2014-11-08 [DOS]
TCP Packet - Source:111.73.46.190,6000 Destination:10.0.0.2,9000 15:48:37 2014-11-08 [DOS]
***********************************************
The firewall setting is at 'Low', I assume these connection attempts were dropped.
Also the system log shows the DHCP server starting and stopping numerous times, many times a few days before the connection attempts, it still happens occasionally an example;
udhcpd: DHCP server started, 01:46:24, 2014-10-23 [System] Logs
udhcpd: DHCP server stopped, 01:46:21, 2014-10-23
Can anyone shed any light on this? what does the firewall "PORT" entry mean?
Do you think the "Remote access" feature above allowed someone to connect?
Has anyone else noticed these settings in the Arris TG862g bridge mode?
↧