Re: Port scans through NAT router?

"Duane Arnold" <NotMe@xxxxxxxxx> wrote in message
> ohaya wrote:
>> Hi,
>> I have Sygate Personal Firewall running on my PC, which is connected to
>> the Internet via a Netgear NAT router (RT314). I am occasionally getting
>> popups saying that Sygate detected a port
>> scan, and when I do a backtrace, I can see that they're coming from
>> various places "outside" my network.
>> The main reason for this post is that I'm curious, and I don't
>> understand how that can be happening, because in the Netgear router, I
>> don't have any ports mapped to my machine's internal IP address at all,
>> and I definitely don't have the ports that are being reported by Sygate
>> mapped in the router.
>> So, my question is "How can these port scans, on those ports, which are
>> not mapped in the Netgear router, be getting through to my PC?". I
>> thought that if I didn't map a given port in the Netgear, that the
>> router would have nowhere to route any traffic on any unmapped ports?
> Well, does the RT314 which I went to the Netgear site and the RT314 is not
> listed as a product so I can even see the specs for it have SPI (Statefull
> Packet Inspection)?
> SPI is also being talked about in the link below too.
> If the NAT router doesn't have SPI as part of its firmware, then
> unsolicited packets/probes can come through the NAT router like a hot
> knife through butter just like they did when I was using a Linksys NAT
> router that didn't have SPI, which BlackIce I was using behind the NAT
> router at the time detected the probes coming through the router reaching
> the machines and stopped them.

SPI itself does not provide the router enough information to do port
forwarding. How does it know which internal host to forward these packets
to anyhow. I would be looking at the port forwarding rules that are in