topic Re: PN Hub 2 technical log in My Router

PN Hub 2 technical log

banger696 — Wed, 17 Sep 2025 02:11:37 GMT

Came across the below line in the PN Hub 2 event log. Anything to worry about?

16 Sep. DoS(Port Scanning): IN=ppp0 OUT= MAC= src=5.187.35.27 DST=xxx.xx.140.68 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=20323 DF PROTO=TCP SPT=37697 DPT=80 WINDOW=65535 RES=0x00 URGP=0 MARK=0x8000000

Re: PN Hub 2 technical log

Dan_the_Van — Wed, 17 Sep 2025 07:13:28 GMT

@banger696

It will be the firewall reporting Port Scanning, in the case it's looking to see if port 80 is open. Unless a port forward rule is in place for port 80 then it will be blocked for all incoming connections.

You will see many of these messages over a 24 hour period, they can be ignored.

EDIT: you may also see "DoS(Spoofing):" messages

You may not have seen these messages on your previous router, some firewall logs do not report these messages, for example the plusnet Hub One.

Re: PN Hub 2 technical log

outcast — Wed, 17 Sep 2025 09:45:24 GMT

@Dan_the_Van wrote:

It will be the firewall reporting Port Scanning, in the case it's looking to see if port 80 is open.

Unless a port forward rule is in place for port 80 then it will be blocked for all incoming connections.

@banger696

If you want to check if you have any router ports exposed to the internet, you could run a port scanner such as ShieldsUP!

Browse to GRC ShieldsUP!

Click on the grey [Proceed] button

Click on grey button [All Service Ports] (in the middle of the screen)

... let the test run, and hopefully you should see an all green results array

Note that if any ports are not green, then you can hover your cursor over that box to see what port isn't stealthed.

@Dan_the_Van wrote:

... some firewall logs do not report these messages, for example the plusnet Hub One.

Other routers log every unsolicited connection attempt, my router has always had all ports fully "stealth" and therefore totally invisible to port scanners, but I'm logging roughly a hundred connection attempts (to various ports) every minute, 24/7.

@banger696

The source IP that scanned you, does appear on some block lists for doing port scans, however it isn't associated with subsequent malicious activity, so probably nothing to worry about there.

Re: PN Hub 2 technical log

banger696 — Wed, 17 Sep 2025 10:30:22 GMT

@Dan_the_Van

Thanks for the info I will keep an eye on the log but not worry.

@outcast

Looks like I am good to go.

Re: PN Hub 2 technical log

Dan_the_Van — Wed, 17 Sep 2025 13:12:45 GMT

@outcast

Every router I have used where the firewall is on with the correct rule set would block unsolicited connections.

It could be argued once setup and working having a firewall reporting it's functioning correctly recording event that's it's working correctly would be a waste of time.

FWIW I have had two TP-Link routers which have not reported unsolicited connection attempts, they do pass the 'stealth test'