Are you doing just a general port forwarding of 3306 (SQL) ? I would advise against that.
Also, the R7000 is an older router (new to you though from reading). I would do one of two things:
1. Ensure the firmware is the latest to plug up the Kcode NetUSB vulnerability (if Netgear ever did release it)
2. Install DD-WRT firmware on that router. Granted it would mean configuring it all over again, however, it would void the Kcode vulnerability. Would allow you to set up source aliases, so that you can dictate which IP addresses and/or FQDN can actually access a forwarded port (i.e. Akka's EOC which is a static IP or the FQDN of say, mortowsremoteaccess.ddns.net).
Naturally, I'd recommended option 2, as it offers greater security and flexibility in said security, to, well, make it even more secure.
Leaving that port wide open so that you can use EOC (which is, I assume, why you have it open) also opens it to any would be hackers.
|