Hi all... I have a 3COM 3CRWE554G72T router and home network with NIS (Norton internet security) 2003. All PC's in the network have Win2k, SP4 IE6 SP1. L2TP Cable internet is through 3Com wireless Officeconnect 3CRWE554G72T router.
in recent weeks (after 2-3 years of mostly uneventful usage with NIS) I began to get alerts from it on an attack (?):
"portscan" of 192.168.1.1 (domain 53). That is the router IP. Then it does an autoblock on this IP which of course disables http browsing of internet for half an hour (only FTP, email and skype continue to work). This happens dozens of times every day.
NIS allows to include any IP or port in the DMZ, but these 'attacks' come from different ports every time (1000-5000 range) and If I allow all ports from 192.168.1.1 then it means NIS is bypassed, in effect, isnt it? because all internet is coming from this IP.
how can I determine whether this is some hack portscan or some periodical DNS status ping by the internt provider? (why would they do it on a different port every time?)
thanks