Re: Port scans through NAT router?

ohaya wrote: 
Hi,

I have Sygate Personal Firewall running on my PC, which is connected to
the Internet via a Netgear NAT router (RT314). 

I am occasionally getting popups saying that Sygate detected a port
scan, and when I do a backtrace, I can see that they're coming from
various places "outside" my network.

The main reason for this post is that I'm curious, and I don't
understand how that can be happening, because in the Netgear router, I
don't have any ports mapped to my machine's internal IP address at all,
and I definitely don't have the ports that are being reported by Sygate
mapped in the router.

So, my question is "How can these port scans, on those ports, which are
not mapped in the Netgear router, be getting through to my PC?".  I
thought that if I didn't map a given port in the Netgear, that the
router would have nowhere to route any traffic on any unmapped ports?


Well, does the RT314 which I went to the Netgear site and the RT314 is not listed as a product so I can even see the specs for it have SPI (Statefull Packet Inspection)?

http://www.cpx.com/whitepapers/Compex%20SPI%20Firewall.pdf

SPI is also being talked about in the link below too.

http://www.homenethelp.com/web/explain/about-NAT.asp

If the NAT router doesn't have SPI as part of its firmware, then unsolicited packets/probes can come through the NAT router like a hot knife through butter just like they did when I was using a Linksys NAT router that didn't have SPI, which BlackIce I was using behind the NAT router at the time detected the probes coming through the router reaching the machines and stopped them.

I dumped the NAT router and got a low-end FW appliance for my needs. You may just need to get a NAT router that has SPI, if the RT314 doesn't have SPI or continue to supplement the NAT router with Sygate.

Duane :)




.