Re: A flurry of port scans
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: A flurry of port scans

From: Duane Arnold <Notme@notme.com>
Date: Mon Jul 25 2005 - 14:52:58 CEST



Anne wrote:



> Is that the collective noun?


> 


> For the past three days I've had a flurry of alerts from Zonealarm,


> registering high rating activity - all blocked OK, but logged.   This is


> new


> behaviour.     I don't think it's ZA, as I've been running it for ages,


> and


> haven't knowingly upgraded or changed any settings recently.     I am also


> behind a router and hardware firewall, so I'm not actually too concerned


> about the 'attacks' themselves, more the reason for the increased activity


> - any ideas, or am I just lucky?



How can you be having unsolicited port scans behind a NAT router from the


Internet? You cannot be having it.



Maybe, the scans are due to a machine that has been compromised behind the


router. Or maybe the O/S on the machine is doing a router discovery and


it's being blocked by ZA or something of that nature.



But you give no detail of IP(s), ports or whatnot(s) as to what the scans


are about.



Duane :)  


Received on Thu Sep 29 19:59:25 2005