A few months ago I noticed that I start to get a High priority warning about a port scan on my PC. This is a work PC that is connected to a wireless router and a DSL modem. After having a closer look and doing a BackTrace the IP address belongs to my ISPs DNS server. Is this normal?
Severity = Major Direction = Inbound Protocol = UDP
Actually, I think it is normal!
Post some bits of the log file. (You Do have a log file don't you?)
You should ask your ISP that, since they are the only ones who'd be able to answer the question.
That's not very informative. Is that all that's in your logs? Did you run a sniffer to capture the traffic from that portscan for further analysis?
cu
59cobalt
Let me guess: The destination port of those packets is > 1024, the source port is 53 ...
Well, yes it is absolutely normal for various completely braindead personal firewalls to misinterpret DNS answer packets from the DNS server you use as a UDP scan. Since you decided to install one of those famous network communication destruction tools I'm afraid you'll have to live with such effects.
Wolfgang
I'm using System Suite 7 and there doesn't seem to be any log file generated. Even turning on Capture Packets doesn't get any of the packets that I need.
Blocks DNS, writes no logs -> The product is snakeoil and useless crap, you don't need it, it fu**s up network communication, gives false alarms and slows down everything. Solution: Uninstall it.
If you want to sniff network traffic, the right tool is wireshark.
Wolfgang
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.