Re: Port scans through NAT router?
- From: ohaya <ohaya@xxxxxxx>
- Date: Sat, 28 Jan 2006 08:22:42 -0500
> > I thought that if I didn't map a given port in the Netgear, that the
> > router would have nowhere to route any traffic on any unmapped ports?
> True. What is the nature of the traffic? Source/destination addresses
> and ports.
Thanks for the responses. Please, I hope that this thread can be kept
I'm going to respond to all of the posts (which I'm grateful for) in one
post. I hope that this is ok.
The RT314 is an older Netgear product. It does not have have SPI.
In the configuration, there's a port mapping function/menu, where I can
specify when a port or range of ports (e.g., 2000-3000) should be mapped
to one of my "inside" IP addresses, which are on the 192.168.0 subnet.
>From the Sygate security log, it looks like the scans are coming from
outside, and when I do a backtrace in Sygate, the source of the scan
"Somebody is scanning your computer.
Your computer's TCP ports:
1166, 1177, 1183, and 1234 have been scanned from 18.104.22.168.."
I've put 2 BMPs showing the Sygate security log and backtrace at:
I think that the Sygate log indicates that this is TCP traffic, and not
BTW, as I think that I mentioned, I was also under the (possibly wrong)
impression that the router would not route packets to any inside IP
address unless a mapping was setup. That was the main reason for my
I think, but am not 100% sure that the times that I got this port scan
warning, that I was in the process of visiting a website that seemed to
have been associated with (at least) the same DNS domain name as the
source of the port scan (e.g., see the BMP for the backtrace).
If I am visiting a website, say http://www.foo.com, is there some way
for port scans to ride back into my NAT'ed network "on top of" the
outgoing HTTP connection?
I hope that I've responded with enough additional info.
- Prev by Date: Kaspersky and eMule, I don't succeed to opens doos.
- Next by Date: Re: Closing ports using Sygate
- Previous by thread: Re: Port scans through NAT router?
- Next by thread: Re: Port scans through NAT router?