A few months ago I noticed that I start to get a High priority warning about
a port scan on my PC. This is a work PC that is connected to a wireless
router and a DSL modem. After having a closer look and doing a BackTrace the
IP address belongs to my ISPs DNS server. Is this normal?
Severity = Major
Direction = Inbound
Protocol = UDP
HotRdd wrote:
> A few months ago I noticed that I start to get a High priority warning about
> a port scan on my PC. This is a work PC that is connected to a wireless
> router and a DSL modem. After having a closer look and doing a BackTrace the
> IP address belongs to my ISPs DNS server. Is this normal?
>
> Severity = Major
> Direction = Inbound
> Protocol = UDP
>
>
Actually, I think it is normal!
Post some bits of the log file. (You Do have a log file don't you?)
HotRdd
> A few months ago I noticed that I start to get a High priority warning
> about a port scan on my PC. This is a work PC that is connected to a
> wireless router and a DSL modem. After having a closer look and doing
> a BackTrace the IP address belongs to my ISPs DNS server. Is this
> normal?
You should ask your ISP that, since they are the only ones who'd be able
to answer the question.
> Severity = Major
> Direction = Inbound
> Protocol = UDP
That's not very informative. Is that all that's in your logs? Did you
run a sniffer to capture the traffic from that portscan for further
analysis?
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
HotRdd wrote:
> A few months ago I noticed that I start to get a High priority warning
> about a port scan on my PC. This is a work PC that is connected to a
> wireless router and a DSL modem. After having a closer look and doing a
> BackTrace the IP address belongs to my ISPs DNS server. Is this normal?
>
> Severity = Major
> Direction = Inbound
> Protocol = UDP
Let me guess: The destination port of those packets is > 1024, the source
port is 53 ...
Well, yes it is absolutely normal for various completely braindead personal
firewalls to misinterpret DNS answer packets from the DNS server you use as
a UDP scan. Since you decided to install one of those famous network
communication destruction tools I'm afraid you'll have to live with such
effects.
Wolfgang
I'm using System Suite 7 and there doesn't seem to be any log file
generated. Even turning on Capture Packets doesn't get any of the packets
that I need.
HotRdd wrote:
> I'm using System Suite 7 and there doesn't seem to be any log file
> generated.
Blocks DNS, writes no logs -> The product is snakeoil and useless crap, you
don't need it, it fu**s up network communication, gives false alarms and
slows down everything. Solution: Uninstall it.
> Even turning on Capture Packets doesn't get any of the packets
> that I need.
If you want to sniff network traffic, the right tool is wireshark.
Wolfgang