Re: Port scans through NAT router?





Dom wrote:
>
> > I thought that if I didn't map a given port in the Netgear, that the
> > router would have nowhere to route any traffic on any unmapped ports?
>
> True. What is the nature of the traffic? Source/destination addresses
> and ports.


Hi,

Thanks for the responses. Please, I hope that this thread can be kept
civil.

I'm going to respond to all of the posts (which I'm grateful for) in one
post. I hope that this is ok.

The RT314 is an older Netgear product. It does not have have SPI.

In the configuration, there's a port mapping function/menu, where I can
specify when a port or range of ports (e.g., 2000-3000) should be mapped
to one of my "inside" IP addresses, which are on the 192.168.0 subnet.

>From the Sygate security log, it looks like the scans are coming from
outside, and when I do a backtrace in Sygate, the source of the scan
varies.

"Somebody is scanning your computer.
Your computer's TCP ports:
1166, 1177, 1183, and 1234 have been scanned from 195.37.77.141.."

I've put 2 BMPs showing the Sygate security log and backtrace at:

http://members.cox.net/ohaya/sygate1.bmp

http://members.cox.net/ohaya/sygate2.bmp

I think that the Sygate log indicates that this is TCP traffic, and not
UDP.

BTW, as I think that I mentioned, I was also under the (possibly wrong)
impression that the router would not route packets to any inside IP
address unless a mapping was setup. That was the main reason for my
post.

I think, but am not 100% sure that the times that I got this port scan
warning, that I was in the process of visiting a website that seemed to
have been associated with (at least) the same DNS domain name as the
source of the port scan (e.g., see the BMP for the backtrace).

If I am visiting a website, say http://www.foo.com, is there some way
for port scans to ride back into my NAT'ed network "on top of" the
outgoing HTTP connection?

I hope that I've responded with enough additional info.

Thanks again!

Jim
.



Relevant Pages

  • Re: Setting up Home Network w/ 2 Routers
    ... successfully got my 2Wire, Netgear, and Linksys playing nicely. ... Connected the LAN port #1 of 2Wire to the WAN port of the Netgear. ... connection type and all for me. ... If you add another router to the mix, just make sure to disable the ...
    (microsoft.public.windowsxp.network_web)
  • Re: Port forwarding setup, etc...
    ... connected to WAN port of Netgear wireless router (gateway ... I would like to set up port forwarding to allow me to connect to either ... The alternative would require routing setup on the Virgin router, which would be a pain and in any case may not be possible given AC's comment about the router. ...
    (uk.comp.homebuilt)
  • Re: Port forwarding setup, etc...
    ... connected to WAN port of Netgear wireless router ... I would like to set up port forwarding to allow me to connect to ... setup on the Virgin router, which would be a pain and in any case may ...
    (uk.comp.homebuilt)
  • Re: Port forwarding setup, etc...
    ... connected to WAN port of Netgear wireless router (gateway ... I would like to set up port forwarding to allow me to connect to either ... but the Virgin modem/router will only permit me to port forward ...
    (uk.comp.homebuilt)
  • Re: Port scans through NAT router?
    ... >> the Internet via a Netgear NAT router. ... >> understand how that can be happening, because in the Netgear router, I ... >> So, my question is "How can these port scans, on those ports, which are ...
    (comp.security.firewalls)