Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
DNS Port Scans
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: DNS Port Scans
DNS Port Scans
31-10-2009 10:35 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have just upgraded the firmware on my Netgear router and the log is now showing some very odd results.
These scans are from the DNS servers
I assume that this is normal activity. This is the firewall settings so I don't know why I am getting the reports
Actually I know why I am getting the reports but I don't know why the router thinks they are DOS attacks and Port Scans
These scans are from the DNS servers
Quote Sat, 2009-10-31 10:23:26 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:36 - UDP Packet - Source:208.67.220.220,53 Destination:192.168.0.2,52702 - [DOS]
Sat, 2009-10-31 10:24:36 - UDP Packet - Source:208.67.220.220,53 Destination:192.168.0.2,57713 - [DOS]
Sat, 2009-10-31 10:24:37 - UDP Packet - Source:208.67.220.220,53 Destination:192.168.0.2,65106 - [DOS]
Sat, 2009-10-31 10:24:37 - UDP Packet - Source:212.159.13.50,53 Destination:192.168.0.2,55783 - [DOS]
Sat, 2009-10-31 10:24:37 - UDP Packet - Source:212.159.13.50,53 Destination:81.174.168.118,56402 - [DOS]
Sat, 2009-10-31 10:24:37 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:39 - UDP Packet - Source:212.159.13.50,53 Destination:192.168.0.2,63830 - [DOS]
Sat, 2009-10-31 10:24:40 - UDP Packet - Source:212.159.13.50,53 Destination:192.168.0.2,59892 - [DOS]
Sat, 2009-10-31 10:24:40 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:41 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:42 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:43 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:43 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:43 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:45 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:45 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:45 - UDP Packet - Source:208.67.220.220 Destination:192.168.0.2 - [PORT SCAN]
Sat, 2009-10-31 10:24:46 - UDP Packet - Source:212.159.13.50 Destination:192.168.0.2 - [PORT SCAN]
I assume that this is normal activity. This is the firewall settings so I don't know why I am getting the reports
Actually I know why I am getting the reports but I don't know why the router thinks they are DOS attacks and Port Scans
8 REPLIES 8
Re: DNS Port Scans
01-11-2009 6:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Someone with the same problem.
http://forums.opendns.com/comments.php?DiscussionID=4517
I had a funny thing with Opendns yesterday (not Netgear), on Ebay every time I clicked on an item for sale, Opendns blocked it as a "phishing site." Cured that by changing dn server for a few hours..
http://forums.opendns.com/comments.php?DiscussionID=4517
I had a funny thing with Opendns yesterday (not Netgear), on Ebay every time I clicked on an item for sale, Opendns blocked it as a "phishing site." Cured that by changing dn server for a few hours..
Re: DNS Port Scans
01-11-2009 6:52 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
i get this with the xbox jim all thoe mine are allways dos never had port scans, on my v4 i had to re down grade back to the old firmware.
am still runing V5.01.09 due to all other firmwares since giving this same issue of blocking geniue traffic
am still runing V5.01.09 due to all other firmwares since giving this same issue of blocking geniue traffic
Re: DNS Port Scans
01-11-2009 7:21 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I upgraded the firmware as part of a troubleshooting exercise with Netgear and, touch wood, it seems to have fixed the problem I was seeing.
I have raised the question with Netgear - just waiting for a response
I have raised the question with Netgear - just waiting for a response
Re: DNS Port Scans
01-11-2009 8:24 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
First, disable the DOS monitoring option as it is not actually a DOS and just fills your log up.
Second the DNS entries are likely to be delayed reponses to DNS lookups you have sent to the identified DNS servers. The Netgear opens up a UDP session when your PC sends out a DNS request but this only remains open for a very short time. If the DNS server fails to reply within this short time the netgear reports it as a port scan or DOS.
It is nothing to worry about. I tend not to enable any of the netgear monitoring options as they often just cause confusion and in the case of DOS it just plain wrong! Just let the firewall do its stuff silently.
Second the DNS entries are likely to be delayed reponses to DNS lookups you have sent to the identified DNS servers. The Netgear opens up a UDP session when your PC sends out a DNS request but this only remains open for a very short time. If the DNS server fails to reply within this short time the netgear reports it as a port scan or DOS.
It is nothing to worry about. I tend not to enable any of the netgear monitoring options as they often just cause confusion and in the case of DOS it just plain wrong! Just let the firewall do its stuff silently.
Re: DNS Port Scans
01-11-2009 8:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Peter,
I appreciate that but what I am finding is a few sites not found due to the DNS lookup being a bit slow and being blocked.
I have asked Netgear how to white list the DNS servers
I appreciate that but what I am finding is a few sites not found due to the DNS lookup being a bit slow and being blocked.
I have asked Netgear how to white list the DNS servers
Re: DNS Port Scans
01-11-2009 8:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Are you using your netgear as the DNS server on your PCS - i.e. you use the IP address of the router as your DNS server? If so, don't as it is not very good at it. I always set the DNS servers manually in any PCs I use so they go direct to the DNS servers.
I'm not aware of any way to whitelist any IPs in the netgear routers.
I'm not aware of any way to whitelist any IPs in the netgear routers.
Re: DNS Port Scans
01-11-2009 9:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I wasn't aware of that .
Before updating the firmware I hadn't seen any problems.
Goes away to find out how to set the DNS servers in Windows 7
Edit - it's very easy just need to decide whether to do it for both ipv4 and ipv6
Before updating the firmware I hadn't seen any problems.
Goes away to find out how to set the DNS servers in Windows 7
Edit - it's very easy just need to decide whether to do it for both ipv4 and ipv6
Re: DNS Port Scans
02-11-2009 7:56 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Why could you possibly need IPv6?
If you've run out of addresses on your home network you must have a lot of computers...
Question = Answered
If you've run out of addresses on your home network you must have a lot of computers...
Question = Answered
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page