Re: Port scans through NAT router?




"Duane Arnold" <NotMe@xxxxxxxxx> wrote in message
news:PwECf.7931$Hd4.3322@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> ohaya wrote:
>> Hi,
>>
>> I have Sygate Personal Firewall running on my PC, which is connected to
>> the Internet via a Netgear NAT router (RT314). I am occasionally getting
>> popups saying that Sygate detected a port
>> scan, and when I do a backtrace, I can see that they're coming from
>> various places "outside" my network.
>>
>> The main reason for this post is that I'm curious, and I don't
>> understand how that can be happening, because in the Netgear router, I
>> don't have any ports mapped to my machine's internal IP address at all,
>> and I definitely don't have the ports that are being reported by Sygate
>> mapped in the router.
>>
>> So, my question is "How can these port scans, on those ports, which are
>> not mapped in the Netgear router, be getting through to my PC?". I
>> thought that if I didn't map a given port in the Netgear, that the
>> router would have nowhere to route any traffic on any unmapped ports?
>>
>
> Well, does the RT314 which I went to the Netgear site and the RT314 is not
> listed as a product so I can even see the specs for it have SPI (Statefull
> Packet Inspection)?
>
> http://www.cpx.com/whitepapers/Compex%20SPI%20Firewall.pdf
>
> SPI is also being talked about in the link below too.
>
> http://www.homenethelp.com/web/explain/about-NAT.asp
>
> If the NAT router doesn't have SPI as part of its firmware, then
> unsolicited packets/probes can come through the NAT router like a hot
> knife through butter just like they did when I was using a Linksys NAT
> router that didn't have SPI, which BlackIce I was using behind the NAT
> router at the time detected the probes coming through the router reaching
> the machines and stopped them.
>

SPI itself does not provide the router enough information to do port
forwarding. How does it know which internal host to forward these packets
to anyhow. I would be looking at the port forwarding rules that are in
place.

BernieM


.



Relevant Pages

  • RE: cant access others computer anymore
    ... Lots of Access Point has Router function and may have build-in NAT support. ... only HTTP package from port 80) ... | When implementing a wireless solution you usually buy an ADSL ...
    (microsoft.public.windowsxp.general)
  • Re: Setting up Home Network w/ 2 Routers
    ... successfully got my 2Wire, Netgear, and Linksys playing nicely. ... Connected the LAN port #1 of 2Wire to the WAN port of the Netgear. ... connection type and all for me. ... If you add another router to the mix, just make sure to disable the ...
    (microsoft.public.windowsxp.network_web)
  • Re: Port forwarding setup, etc...
    ... connected to WAN port of Netgear wireless router (gateway ... I would like to set up port forwarding to allow me to connect to either ... The alternative would require routing setup on the Virgin router, which would be a pain and in any case may not be possible given AC's comment about the router. ...
    (uk.comp.homebuilt)
  • Re: How did they get past my NAT?
    ... network), I get no response, because there is no "Default host" set up ... behind my NAT, and no port forwarding for that port - if an explicit ... as I understand?), and not forwarded on the router, so there should be ...
    (comp.security.firewalls)
  • Re: Port Filtering - Got it & Follow-up
    ... The key is that basic NAT built into a c/d router will stop ... Since your router does have port filters however, ... You can add additional packet filters to keep someone from using ...
    (comp.security.firewalls)