Port Scans

In article , Nick wrote: :So there are two firewalls and two layers of NAT between the computer :and the internet.

:Agnitum Outpost firewall is installed on the computer.

:Yesterday and today I was amazed to see Outpost reporting port scans :from internet addresses e.g. 212.179.171.30.

:How can this be? The IP address of the computer is non-routable.

Please see

formatting link

Reply to
Walter Roberson
Loading thread data ...

This computer is on wireless network in the house. It uses 128 bit WEP encryption on the link to the wireless router in the loft (Linksys BEFW11S4).

The computer gets its IP configuration from the router via DHCP on the

10.1.1.0/24 network.

The WAN side of the router (192.168.1.0/24) is fed from a firewall/NAT box that belongs to a satellite ISP. The box runs Red Hat Linux.

So there are two firewalls and two layers of NAT between the computer and the internet.

Agnitum Outpost firewall is installed on the computer.

Yesterday and today I was amazed to see Outpost reporting port scans from internet addresses e.g. 212.179.171.30.

How can this be? The IP address of the computer is non-routable.

Any ideas please?

Nick

Reply to
Nick

Thank you Walter.

I checked the log and all the scans were for tcp ports in the range 1145 to 4127.

Curiously the port scans from each host step two i.e. host A scans 2171,

2713, 2175 etc.

I can believe that the Linksys wireless router does not do source/destination cross-checking and allocates ports sequentially, but I am surprised that the Red Hat Linux box presumably using ipchains or iptables allows this kind of intrusion.

I will investigate further.

BTW do you know of any lower end NAT devices that do source/destination cross-checking?

Nick

Reply to
Nick

this is interesting...

formatting link
Nick

Reply to
Nick

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.