Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Unusual router/modem security log.

  • 22-01-2007 01:44AM
    #1
    kaizersoze
    Registered Users, Registered Users 2 Posts: 7,042 ✭✭✭


    I checked the security log on my modem/router and came across these 2 weird entries. 
    Your Gateway has detected and successfully blocked an event that could have compromised the security of your network.

Please refer to your customer documentation for a description of the logged event.



Number of security log entries   : 2

Security alert type              : Port Scan
Protocol type                    : UDP
[B]IP source address                : 194.125.2.240[/B]
Time at last attempt             : 1/22/07 01:06:26 AM
Number of ports that were scanned: 19
Highest port                     : 2540
Lowest port                      : 2531
2531  2532  2533  2534  2535  2536  2537  2538  2539  2540  
(Only the first 10 ports are recorded.)

Security alert type              : Port Scan
Protocol type                    : UDP
[B]IP source address                : 194.125.2.241[/B]
Time at last attempt             : 1/22/07 01:06:22 AM
Number of ports that were scanned: 14
Highest port                     : 2550
Lowest port                      : 2531
2531  2532  2533  2534  2535  2540  2545  2547  2550  2543  
(Only the first 10 ports are recorded.)
    I check these logs fairly often and sometimes find similar alerts but what makes these unusual is that the IP source addresses are the BT DNS servers:eek: .
    Anyone come across this before and why would the DNS servers be scanning ports?


Comments

  • #2
    Alun
    Registered Users, Registered Users 2 Posts: 21,530 ✭✭✭✭Alun


    I've seen this before. What it usually is is late responses from a busy or unresponsive DNS server. I.e. your machine sends out a DNS request .. the DNS server is busy and doesn't respond in time, so your machine retries, again and again. Then when the DNS server recovers it sends out a burst of replies to ports that no longer have an associated entry in the NAT tables in the router because they've timed out too, and are therefore seen as port scans.


  • #3
    kaizersoze
    Registered Users, Registered Users 2 Posts: 7,042 ✭✭✭kaizersoze


    Thanks Alun.


  • #4
    Cake Fiend
    Registered Users, Registered Users 2 Posts: 5,333 ✭✭✭Cake Fiend


    Agreed, nothing to worry about.... provided these are the servers you're using for DNS lookups!


  • #5
    kaizersoze
    Registered Users, Registered Users 2 Posts: 7,042 ✭✭✭kaizersoze


    Cake Fiend wrote:
    Agreed, nothing to worry about.... provided these are the servers you're using for DNS lookups!
    They are indeed. I'm on BT BB. Ta.


Advertisement