How can you be having unsolicited port scans behind a NAT router from the Internet? You cannot be having it.
Maybe, the scans are due to a machine that has been compromised behind the router. Or maybe the O/S on the machine is doing a router discovery and it's being blocked by ZA or something of that nature.
But you give no detail of IP(s), ports or whatnot(s) as to what the scans are about.
Duane :)
Is that the collective noun?
For the past three days I've had a flurry of alerts from Zonealarm, registering high rating activity - all blocked OK, but logged. This is new behaviour. I don't think it's ZA, as I've been running it for ages, and haven't knowingly upgraded or changed any settings recently. I am also behind a router and hardware firewall, so I'm not actually too concerned about the 'attacks' themselves, more the reason for the increased activity - any ideas, or am I just lucky?
A.
What's the name of the router?
82.4.93.xxx is doesn't seem to be a LAN IP so what is it the IP issued by the ISP the public IP?Duane :)
Good, isn't it? :o)
Here's what showed up on the latest alert log...
Alert property Alert property value Source IP Address 211.218.219.162 Source Port 1023 Destination IP 82.4.93.xxx Destination Port 111 TCP Flags SYN Transport Layer Protocol TCP Network Layer Protocol IP Link Layer Protocol Ethernet Alert Date Jul-25-2005 04:47:46 AM PDT Alert Count 1
....and a Whois lookup which pointed to Korea. Does that shed any light?
I'm getting increasingly confused/worried here. Casting my mind back, I think I know when things started to go wrong, if not why. I have another machine connected to the router, though it's rarely switched on. The last time I used it (about a week ago) ZA produced a pop-up 'new network detected'. I clicked OK, named it, and thought no more about it.
Now, looking at the ZA firewall tab, I see my home network, within the 192 range, and this new network, 82.4.93.x/255.255.255.0, which belongs to my ISP.
I now find I can't connect to the router's online configuration utility as the PC's IP address is now reported as 82.4.93.x, rather than the 192....
Am I somehow bypassing the router?
I wonder if it's worth trying an XP system restore in the hope that it includes network details...
Sorry, forgot to mention it's a US Robotics USR8000a02.
"Anne" wrote in news: snipped-for-privacy@nnrp-t71-03.news.uk.clara.net:
The machine seems to not have a private LAN IP that belongs to the router. Therefore, the machine will not be able to access the router's Admin screens.
Secondly, I don't know how you did it but apparently, the machine is not connected to the router or is not getting a LAN IP from the router and is not being protected by the router.
I cannot say that some restore is going to fix the problem either. You need to figure out what IP the machine is using for sure and you can do that by entering IPconfig /all at the DOS Command Prompt.
Duane :)
I have another machine connected to the router, though
Ok...
Well I can confirm that it's definitely still physically connected, and the only change that I'm aware of is the 'new network' issue above. I understand what you're saying about the LAN IP though.
I have - that's how I know it was 82.4.whatever. The idea of a restore was really clutching at straws - I'd rather know what's wrong and how to fix it, to be honest.
And for the next instalment... when I came back to the machine just now, I disabled the connection (from the shortcut), then re-enabled, but it came back stating 'limited connectivity'. In fact there was no web connectivity at all. I've since rebooted the PC and router, and lo and behold, ZA is now showing yet another 'new network', with a far more sensible IP range -
192, and the PC's IP address is back to 192.blah.blah.blahAll seems to be back to normal - for now - but I've printed off the ipconfig output for future reference.
Is it possible that the router is on its way out?
It's possible and that depends on how old the router is as they eventually play out. They do go defective if they are not protected properly with an UPS/AVR system IMHO. The routers like clean and constant power and don't like spikes or drainage on the line from household appliances switching on and off all the time and will go defective if it happens on a routine basis. And I am not talking about some surge protector power strip laying of the floor plugged into a wall outlet.
I would say the router just needed a hard *reset* or power down to straighten itself out.
You should be concerned if it continues to happen.
I am glad things worked out for you.
Duane :)
Thanks for the info Duane, and for all your input :o)
A.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.