comp.security.firewalls archive
Re: A flurry of port scans
Date: Mon Jul 25 2005 - 15:51:14 CEST
Anne wrote:
>
> "Duane Arnold" <Notme@notme.com> wrote in message
> news:Kg5Fe.178746$x96.53437@attbi_s72...
>> Anne wrote:
>
>>> For the past three days I've had a flurry of alerts from Zonealarm,
>>> registering high rating activity - all blocked OK, but logged.
>>
>> How can you be having unsolicited port scans behind a NAT router from the
>> Internet? You cannot be having it.
>>
>> Duane :)
>
> Good, isn't it? :o)
>
> Here's what showed up on the latest alert log...
>
> Alert property Alert property value
> Source IP Address 211.218.219.162
> Source Port 1023
> Destination IP 82.4.93.xxx
> Destination Port 111
> TCP Flags SYN
> Transport Layer Protocol TCP
> Network Layer Protocol IP
> Link Layer Protocol Ethernet
> Alert Date Jul-25-2005 04:47:46 AM PDT
> Alert Count 1
>
>
>
>
> ...and a Whois lookup which pointed to Korea.
> Does that shed any light?
What's the name of the router?
82.4.93.xxx is doesn't seem to be a LAN IP so what is it the IP issued by
the ISP the public IP?
Duane :)
Received on Thu Sep 29 19:59:26 2005