Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Unusual router/modem security log.

  • 22-01-2007 02:44AM
    #1
    kaizersoze
    Registered Users, Registered Users 2 Posts: 7,043 ✭✭✭


    I checked the security log on my modem/router and came across these 2 weird entries. 
    Your Gateway has detected and successfully blocked an event that could have compromised the security of your network.

Please refer to your customer documentation for a description of the logged event.



Number of security log entries   : 2

Security alert type              : Port Scan
Protocol type                    : UDP
[B]IP source address                : 194.125.2.240[/B]
Time at last attempt             : 1/22/07 01:06:26 AM
Number of ports that were scanned: 19
Highest port                     : 2540
Lowest port                      : 2531
2531  2532  2533  2534  2535  2536  2537  2538  2539  2540  
(Only the first 10 ports are recorded.)

Security alert type              : Port Scan
Protocol type                    : UDP
[B]IP source address                : 194.125.2.241[/B]
Time at last attempt             : 1/22/07 01:06:22 AM
Number of ports that were scanned: 14
Highest port                     : 2550
Lowest port                      : 2531
2531  2532  2533  2534  2535  2540  2545  2547  2550  2543  
(Only the first 10 ports are recorded.)
    I check these logs fairly often and sometimes find similar alerts but what makes these unusual is that the IP source addresses are the BT DNS servers:eek: .
    Anyone come across this before and why would the DNS servers be scanning ports?


Comments

  • #2
    Alun
    Registered Users, Registered Users 2, Paid Member Posts: 21,534 ✭✭✭✭Alun


    I've seen this before. What it usually is is late responses from a busy or unresponsive DNS server. I.e. your machine sends out a DNS request .. the DNS server is busy and doesn't respond in time, so your machine retries, again and again. Then when the DNS server recovers it sends out a burst of replies to ports that no longer have an associated entry in the NAT tables in the router because they've timed out too, and are therefore seen as port scans.


  • #3
    kaizersoze
    Registered Users, Registered Users 2 Posts: 7,043 ✭✭✭kaizersoze


    Thanks Alun.


  • #4
    Cake Fiend
    Registered Users, Registered Users 2 Posts: 5,333 ✭✭✭Cake Fiend


    Agreed, nothing to worry about.... provided these are the servers you're using for DNS lookups!


  • #5
    kaizersoze
    Registered Users, Registered Users 2 Posts: 7,043 ✭✭✭kaizersoze


    Cake Fiend wrote:
    Agreed, nothing to worry about.... provided these are the servers you're using for DNS lookups!
    They are indeed. I'm on BT BB. Ta.


Advertisement