cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

DNS Port Scans

Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

DNS Port Scans

‎31-10-2009 10:35 AM

I have just upgraded the firmware on my Netgear router and the log is now showing some very odd results.
These scans are from the DNS servers
Quote
Sat, 2009-10-31 10:23:26 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:36 - UDP Packet - Source:208.67.220.220,53 Destination:192.168.0.2,52702 - [DOS]
Sat, 2009-10-31 10:24:36 - UDP Packet - Source:208.67.220.220,53 Destination:192.168.0.2,57713 - [DOS]
Sat, 2009-10-31 10:24:37 - UDP Packet - Source:208.67.220.220,53 Destination:192.168.0.2,65106 - [DOS]
Sat, 2009-10-31 10:24:37 - UDP Packet - Source:212.159.13.50,53 Destination:192.168.0.2,55783 - [DOS]
Sat, 2009-10-31 10:24:37 - UDP Packet - Source:212.159.13.50,53 Destination:81.174.168.118,56402 - [DOS]
Sat, 2009-10-31 10:24:37 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:39 - UDP Packet - Source:212.159.13.50,53 Destination:192.168.0.2,63830 - [DOS]
Sat, 2009-10-31 10:24:40 - UDP Packet - Source:212.159.13.50,53 Destination:192.168.0.2,59892 - [DOS]
Sat, 2009-10-31 10:24:40 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:41 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:42 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:43 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:43 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:43 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:45 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:45 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:45 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:46 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]

I assume that this is normal activity. This is the firewall settings so I don't know why I am getting the reports
Actually I know why I am getting the reports but I don't know why the router thinks they are DOS attacks and Port Scans
Message 1 of 9
(3,449 Views)
Reply
0 Thanks
8 REPLIES 8
Hary
Grafter
Posts: 90
Registered: ‎16-09-2009

Re: DNS Port Scans

‎01-11-2009 6:48 PM

Someone with the same problem.
http://forums.opendns.com/comments.php?DiscussionID=4517
I had a funny thing with Opendns yesterday (not Netgear), on Ebay every time I clicked on an item for sale, Opendns blocked it as a "phishing site." Cured that by changing dn server for a few hours..
Message 2 of 9
(702 Views)
Reply
0 Thanks
scootie
Grafter
Posts: 4,799
Thanks: 1
Registered: ‎03-11-2007

Re: DNS Port Scans

‎01-11-2009 6:52 PM

i get this with the xbox jim all thoe mine are allways dos never had port scans, on my v4 i had to re down grade back to the old firmware.
am still runing V5.01.09  due to all other firmwares since giving this same issue of blocking geniue traffic
Message 3 of 9
(702 Views)
Reply
0 Thanks
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: DNS Port Scans

‎01-11-2009 7:21 PM

I upgraded the firmware as part of a troubleshooting exercise with Netgear and, touch wood, it seems to have fixed the problem I was seeing.
I have raised the question with Netgear - just waiting for a response
Message 4 of 9
(702 Views)
Reply
0 Thanks
Peter_Vaughan
Grafter
Posts: 14,469
Registered: ‎30-07-2007

Re: DNS Port Scans

‎01-11-2009 8:24 PM

First, disable the DOS monitoring option as it is not actually a DOS and just fills your log up.
Second the DNS entries are likely to be delayed reponses to DNS lookups you have sent to the identified DNS servers. The Netgear opens up a UDP session when your PC sends out a DNS request but this only remains open for a very short time. If the DNS server fails to reply within this short time the netgear reports it as a port scan or DOS.
It is nothing to worry about. I tend not to enable any of the netgear monitoring options as they often just cause confusion and in the case of DOS it just plain wrong! Just let the firewall do its stuff silently.
Message 5 of 9
(702 Views)
Reply
0 Thanks
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: DNS Port Scans

‎01-11-2009 8:29 PM

Peter,
I appreciate that but what I am finding is a few sites not found due to the DNS lookup being a bit slow and being blocked.
I have asked Netgear how to white list the DNS servers
Message 6 of 9
(702 Views)
Reply
0 Thanks
Peter_Vaughan
Grafter
Posts: 14,469
Registered: ‎30-07-2007

Re: DNS Port Scans

‎01-11-2009 8:38 PM

Are you using your netgear as the DNS server on your PCS - i.e. you use the IP address of the router as your DNS server? If so, don't as it is not very good at it. I always set the DNS servers manually in any PCs I use so they go direct to the DNS servers.
I'm not aware of any way to whitelist any IPs in the netgear routers.
Message 7 of 9
(702 Views)
Reply
0 Thanks
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: DNS Port Scans

‎01-11-2009 9:01 PM

I wasn't aware of that .
Before updating the firmware I hadn't seen any problems.
Goes away to find out how to set the DNS servers in Windows 7  Grin
Edit - it's very easy just need to decide whether to do it for both ipv4 and ipv6
Message 8 of 9
(702 Views)
Reply
0 Thanks
Lurker
Grafter
Posts: 1,867
Registered: ‎23-10-2008

Re: DNS Port Scans

‎02-11-2009 7:56 AM

Why could you possibly need IPv6?
If you've run out of addresses on your home network you must have a lot of computers...
Question = Answered Tongue
Message 9 of 9
(702 Views)
Reply
0 Thanks