UPD Port Scan from DNS Server Happening, What's Up?

Sales and Marketing! That's what. Sales and Marketing! Sales and Marketing to the ignorant. I don't mean ignorant in a bad sense, simply unknowledgeable.

-Frank

"Nehmo Sergheyev" wrote in news:9pxyf.36935$ snipped-for-privacy@tornado.rdc-kc.rr.com:

See "Don't let your personal firewall alarm you"

J

That sounds reasonable. Most security programs promote themselves by exaggerating the benefit they provide. The word "attack" is too strong, and "repelled" is too. It seems were it not for loyal Kaspersky, my ship would have been boarded by bloodthirsty pirates!

But I don't get these UDP Port Scans regularly. In fact, since my last post, they've stopped. I wonder what was going on.

Sounds to me like your firewall is misinterpreting an ordinary DNS response. Maybe the response took a long time to arrive, and the application that was waiting for it had already timed out and closed the socket. Since there was no socket waiting for that return packet, the firewall assumed it was an unwanted attack rather than an innocent, late packet.

What port was it?

Maybe your ISP is checking to see if you're running any P2P software, or checking to see if you have a trojan back-door running on your computer?

From: "Virus Guy"

| | What port was it? | | Maybe your ISP is checking to see if you're running any P2P software, | or checking to see if you have a trojan back-door running on your | computer?

Chances are it is NOT a port scan but the DNS Server [dns-lb.rdc-kc.rr.com] is trying to talk back to the host after a broken or incomplete communication session with the RoadRunner host. RoadRunner DNS servers don't pertform "port scans".

Sounds like nonsense.

*ROTFL*

Oh-my-FSM.

You're using software, which shows you ridiculous popups. Just remove this software and better use something sensible.

Yours, VB.

@everyone

It's not the firewall, ZA, that's producing the alerts, it's Kaspersky, see:

(and I just found the forum . I'll ask there too). It doesn't name the port except for saying UDP Port Scan, as I described in the OP.

Kaspersky does have what it calls Network Protection. From K's Help: "Kaspersky Anti-Virus Personal Pro 5.0 allows to protect your computer against network hacking attacks from the local area network or from the internet. Hacking attacks are detected based on the records contained in the database of the attacks known at the moment. This database is updated and the updates are installed along with the update of the anti-virus database (details see Using the application). By default, protection against network attacks is started at Kaspersky Anti-Virus startup, monitors all network connections and checks all data received from the network irrespective of the source: local network or Internet. As an attempt to attack your computer occurs, this attack will be blocked. A corresponding notification will be displayed on the screen that will contain information about the type of attack, IP address of the attacking computer and the local port (if possible)."

But this behavior just started happening. It paused for several hours, but then started up this evening. I'm not alarmed by it. I'm just curious what it could be.

FSM = Flying Spaghetti Monster?

But how come this pop-up started popping up now?

Yes. The packet filter of Kaspersky. But: why does this matter?

Yours, VB.

Yes.

Because you're using braindead software.

Yours, VB.

- Nehmo -

- Volker Birk -

- Nehmo - K seems to be doing the work, to some degree, of a firewall. The way the alerts are worded, they sure sounds like they came from a firewall, and some participants in this thread are assuming they came from there. I'm clarifying because which program is producing the alerts is possibly important to understanding them.

In the K forum, I found

can disable "Real time protection against network attacks", and I'm doing that now.

I still don't understand why this behavior just started. Maybe RoadRunner is doing something different now.

I'm using Kaspersky Anti-Virus Personal Pro 5.0.390

Good idea. Notifications are pointless in virtually any case (unless you are interested in keeping track of attacks, in which case you would want a logfile instead of popup messages), "stealth" is simply impossible with TCP/IP networks, and automatic network shunning is pure idiocy.

cu

59cobalt

Mate, that's an excellent link! I'm now replying to ther postings here quoting you :) I'm also passing this on the family and friends who ask the same questions. Thanks!

Wayne McGlinn Brisbane, Oz

Normally posting irrelevant links like that, wasting the reader's time and irritating them, would discredit your cause rather than promote it. However, your writing is so wandering and disjointed, I can't figure out what cause should be discredited. You're either an Arab or a Jew, but I'd have to decipher your writings to know. And I've already wasted too much time on them.

I'd call a piece of software that blocks DNS answers because it believes that these are an attack quite a big problem because DNS is quite an important and useful service.

These are DNS answer packets that ZA misinterprets as 'attacks', a typical sign of a totally braindead software. Uninstall the ZA crap, it is useless anyway and apart from beeing useless it claims totally normal traffic to be an attack.

Wolfgang