Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
UDP port scan attack
-
18-04-2018 8:01pm#1I had look through my router(Huawei B252, not locked to ISP, doesn't belong to ISP) security logs and found good few of these:
2018-04-11 17:30:36 Security Warning Detect UDP port scan attack, scan packet from xx.xxx.xx.xxx(public IP range)
IP resolves to my ISP(Three)
Another mystery from same logs:
2018-04-18 11:59:31 Security Warning Detect UDP port scan attack, scan packet from 172.30.xxx.xx
Now this is private address range and I don't have anything set on this range even on virtual side. I only can guess this is also Three , my WAN side is on 10.xxx.xxx.xxx range
Can you advise, why the hell Three scanning ports on my router? purpose?
0
Comments
-
-
-
-
-
In my limited understanding port scanning is for all available/open, other way i would classify it as an attack on specific port.Franz Von Peppercorn wrote: »What specific ports?
Unfortunately Huawei B252 is consumer grade router and line below is presenting all that is available from security logs.
2018-04-11 17:30:36 Security Warning Detect UDP port scan attack, scan packet from xx.xxx.xx.xxx
denartha
Thanks for clarification and advise.
0 -
Advertisement
-
Could you suggest how do i do this:Deleted User wrote: »If I was you, I'd port scan myself both TCP and UDP, make sure no ports are open you don't know about then, stop worrying about port scans.
My connection WAN side is 10.xxx.xxx.xxx so it is private range and it not gonna work from online scanners....... i think.
And if i scan IP my requests appear from... it rather be scan on Three side of things, not mine if you catch my drift...
Or am I missing something here?
0 -
-
-
-
Deleted User wrote: »Tl;dr version: I can port scan your IP from my laptop using my 3 hotspot and tell you what ports I find. I've a really busy day tomorrow, but Im off on Friday so we could do it then if you wish? You just PM me your public(ish) IP, and I'll nmap scan all 65536 ports both TCP and UDP.
If you want to pm me your email address, I will email you from my work address so you know Im above board.
Thanks for your offer, just I don't wanna put extra load on your busy head.
After all this was informational/educational question rather my concern off security - not a bank or finance advisor.
I was thinking about commercial crap from Three or even some Three service for mobile devices checking up what device in use to push some updates or similar.
All machines on my network protected with ESET EPS - and it does good job i think.
Still cant get my head around, how for love of good you would be able to bypass NAT(or even double NAT) on Three side to scan my router ports. Is there specific tools for it or you just know "the way".
Thanks again
0 -
Advertisement
-
Cool. Should expect that - human race manage trash in the space, what to expect on the Earth.While not on the public internet completely, your WAN side inside the 3 CNAT space is basically the public internet.
https://en.wikipedia.org/wiki/Internet_background_noise
This is what you're seeing (AKA Internet Background Radiation), its normal. As long as you arent using an Asus router with UPnP on externally ignore it.
However i can think this would be intentional unsolicited packets rather
Same IP's repeat scan once or twice per day.... data packets on the Internet which are addressed to IP addresses or ports where there is no network device set up to receive them.
Thanks
0
![[Deleted User]](/applications/dashboard/design/images/defaulticon.png)
Advertisement