Can a router create its own port forwarding rules?

3

Bit of an interesting situation here.

Several of us work in a small office, of which only a few people have access to the router. While setting up a Minecraft server the other day, my friend noticed that a new port forwarding rule had been added which opened up RDP to my machine specifically.

One of the people we share an office with is a fairly tech-savvy client of ours, who is currently disputing an invoice we have sent and has a decent motive to attempt a remote connection to my PC and help himself to the source code without having to pay for it.

Before we put 2 and 2 together and possibly come up with 5, is there any chance whatsoever that a port forwarding rule in a router could somehow be automatically generated by the router's firmware itself, possibly in some response to incoming/outgoing activity? I'm 99% sure that it couldn't, but the ramifications of this will most likely involve somebody getting ejected from the office, so we need to discount all possible explanations!

Thanks very much.

Chris

Posted 2012-07-05T12:27:21.420

Reputation: 143

2By any chance does that router still have factory password? Also some routers have some kind of log. You might want to take a look at it (if it was enabled). – Rhyuk – 2012-07-05T12:29:17.330

What kind of router do you have? – JoshP – 2012-07-05T12:35:31.893

The factory password had been changed. We've had a look for a router log but with no joy! Will check what type of router it is asap and get back to you... – Chris – 2012-07-05T12:51:13.373

2No. There is no way for the router to add its own port forwarding rules outside of the DEFAULT configuration. How exactly does your client have access to your network ( i.e. the network created by the router itself ). Verify all connections to the router are valid. If it has wireless support DISABLE it. – Ramhound – 2012-07-05T13:16:39.550

Thanks Ramhound - I'm happy for your comment to be the accepted answer but am unable to mark it as such. – Chris – 2012-07-05T13:35:00.540

Answers

2

You really need to list the route make and model to be sure. However, as you've said, it is extreemly unlikly that this could occur.

The normal method for auto-setup of ports is UPNP which creates a dynamic port forward and is usually used for gaming or media. However, I know that Minecraft does not use UPNP. Just to be on the safe side, check if the router supports UPNP and turn it off if it does. That should remove any dynamic ports.

In any case, UPNP would never be able to set up access to RDP on a desktop. This has been done manually.

If you think that this has been done illegally, and if you think that the person concerned may still be unaware that you have spotted it, you could leave it in place but change the IP address on your PC, if possible set up another PC with that address. Also set up monitoring and logging to see if you can catch someone trying to get in. This is your only realistic way of finding out who set this up if the router logs aren't showing anything.

You must also change the password - and preferably the admin user name on the router to ensure that no one has unauthorised access.

Julian Knight

Posted 2012-07-05T12:27:21.420

Reputation: 13 389

Asked: 2012-07-05T12:27:21.420

Viewed: 680 times

Active: 2012-07-05T15:46:47.757