Is Port Forwarding to PMS a security risk? [LAN access from remote] from ... xx.xx.xx.xx to xx:32400

Plex Media Server Remote Access
1

Server Version#: 1.18.1.1973
Player Version#: 4.10.1

I have a Nighthawk R7000 router - Firmware Version V1.0.9.88_10.2.88

When I turn on Port Forwarding to my PMS, I find log entries in my router like this:

[LAN access from remote] from 172.251.74.251:42253 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:50:21

These entries change their port number like they are scanning my system for a way in. When I turn off Port Forwarding, they stop.

These IP address come from all over the world and they are only targeting 192.168.1.10:32400 as the destination. I have other ports forwarded like FTP, Minecraft, etc … but the 192.168.1.10:32400 is the only destination that is being tested.

Is my system in danger?

Is there an easy way to stop this behavior?

Thank you for your time.

Here are more examples of the logging:
(I have sorted them by IP and time)

[LAN access from remote] from 172.251.74.251:42253 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:50:21
[LAN access from remote] from 172.251.74.251:42269 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:50:21
[LAN access from remote] from 172.251.74.251:42309 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:50:23
[LAN access from remote] from 172.251.74.251:42335 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:50:24
[LAN access from remote] from 172.251.74.251:42563 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:06
[LAN access from remote] from 172.251.74.251:42577 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:07
[LAN access from remote] from 172.251.74.251:42633 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:09
[LAN access from remote] from 172.251.74.251:42651 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:10
[LAN access from remote] from 172.251.74.251:42729 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:27
[LAN access from remote] from 172.251.74.251:42747 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:28
[LAN access from remote] from 172.251.74.251:42813 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:30
[LAN access from remote] from 172.251.74.251:42815 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:30
[LAN access from remote] from 172.251.74.251:42937 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:59:13
[LAN access from remote] from 172.251.74.251:42973 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:59:15
[LAN access from remote] from 172.251.74.251:43011 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:59:16
[LAN access from remote] from 172.251.74.251:43109 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:59:35
[LAN access from remote] from 172.251.74.251:43123 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:59:35
[LAN access from remote] from 172.251.74.251:43213 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:59:41
[LAN access from remote] from 172.251.74.251:43461 to 192.168.1.10:32400, Tuesday, Oct 29,2019 13:19:09
[LAN access from remote] from 172.251.74.251:43491 to 192.168.1.10:32400, Tuesday, Oct 29,2019 13:19:10
[LAN access from remote] from 172.251.74.251:43535 to 192.168.1.10:32400, Tuesday, Oct 29,2019 13:19:11

[LAN access from remote] from 34.245.172.51:54604 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:59:15
[LAN access from remote] from 34.248.59.52:33358 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:23:16
[LAN access from remote] from 34.248.59.52:34406 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:12:20

[LAN access from remote] from 54.171.49.143:34232 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:48:33
[LAN access from remote] from 54.171.49.143:39918 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:37:42
[LAN access from remote] from 54.171.49.143:47650 to 192.168.1.10:32400, Tuesday, Oct 29,2019 13:19:11
[LAN access from remote] from 54.171.49.143:51370 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:09
[LAN access from remote] from 54.171.49.143:55264 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:59:37
[LAN access from remote] from 54.171.49.143:58754 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:50:23

[LAN access from remote] from 63.34.171.72:40144 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:39:18
[LAN access from remote] from 63.34.171.72:46012 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:55:29

[LAN access from remote] from 70.93.203.237:47686 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:12:19
[LAN access from remote] from 70.93.203.237:47705 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:12:21
[LAN access from remote] from 70.93.203.237:47728 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:12:26
[LAN access from remote] from 70.93.203.237:47729 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:12:27
[LAN access from remote] from 70.93.203.237:47826 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:23:14
[LAN access from remote] from 70.93.203.237:47849 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:23:16
[LAN access from remote] from 70.93.203.237:47861 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:23:16
[LAN access from remote] from 70.93.203.237:47941 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:37:41
[LAN access from remote] from 70.93.203.237:47965 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:37:42
[LAN access from remote] from 70.93.203.237:47973 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:37:42
[LAN access from remote] from 70.93.203.237:47979 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:37:44
[LAN access from remote] from 70.93.203.237:48030 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:39:14
[LAN access from remote] from 70.93.203.237:48044 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:39:15
[LAN access from remote] from 70.93.203.237:48051 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:39:16
[LAN access from remote] from 70.93.203.237:48169 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:48:32
[LAN access from remote] from 70.93.203.237:48191 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:48:33
[LAN access from remote] from 70.93.203.237:48203 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:48:34
[LAN access from remote] from 70.93.203.237:48205 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:48:35

[LAN access from remote] from 73.192.234.140:47216 to 192.168.1.10:32400, Tuesday, Oct 29,2019 12:37:11

2

That is completely normal. These are most likely all servers operated by Plex which simply test if they can reach your server from the outside.
Of all those servers, later one will be chosen (the one with the best network roundtrip time and therefore geographically closest to you) to be your assigned ‘pubsub’ server which will do all the authentication for you.

Also, as soon as you have shared your server with other users (or you yourself have plex clients running outside your home network), there will be regularly accesses from these clients to your server.

Accessibility from the internet is what ‘remote access’ is about.

3

[quote=“OttoKerner, post:2, topic:483149, full:true”]
That is completely normal. These are most likely all servers operated by Plex which simply test if they can reach your server from the outside. [/quote]

That is a great point! After thinking about this, wouldn’t Plex try to access my server by using the 32400 port instead of other ports?

[quote=“OttoKerner, post:2, topic:483149, full:true”]
Also, as soon as you have shared your server with other users (or you yourself have plex clients running outside your home network), there will be regularly accesses from these clients to your server. [/quote]

This makes total sense. Part of my concern was because these IP locations were from areas that none of my Plex users live. I don’t have Plex users that live in Dublin Ireland, Kazakhstan, or Kuala Lumpur.

4

Sorry, I don’t know what your router is logging there exactly. It might be the port which the remote server is using on its side.

The accesses being geographically distributed is kinda the point of the accessibilty test. To find the most suitable server for your location.

5

I would guess those are source ports, source ports are ephemeral. you expect them to be up there, changing as they live only a short time, , and random looking.

6

It’s normal for a computer to use a port for the outgoing port that is different than the port number it is connecting to on the destination. I don’t know what OS you are using, but if Linux or Win try doing a “netstat -an” from the command line. You will see what ports your computer is listening on for connections (Plex would the one on 32400), but you will also see established connections under the “Local Address” column with the source port, and can see that it is different than the destination port.

7

This topic was automatically closed after 90 days. New replies are no longer allowed.