This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Portscan: from RIPE to: internal Clients?

He dudes,
my PSD (ASL 4) logs this message (20 times a day):
eth2 is the external NIC and eth0 is the internal NIC.

Portscan detected: IN=eth2 OUT=eth0 SRC=213.144.23.114 DST=192.168.200.25 LEN=264 TOS=0x00 PREC=0x00 TTL=59 ID=0 DF PROTO=UDP SPT=53 DPT=1603 LEN=244

The DST ist always another internal client (192.168.200.x). How is it possible to scan a internal Client with a private IP-Adress?

The supposed Attacker Address is always the same. It's RIPE. Isn't that a Domain Resolver?

OrgName:    RIPE Network Coordination Centre
OrgID:      RIPE
Address:    Singel 258
Address:    1016 AB
City:       Amsterdam
StateProv:
PostalCode:
Country:    NL
ReferralServer: whois://whois.ripe.net

Please help me! Must I change my Rules, or what?!?

Thanks
NOte

This thread was automatically locked due to age.

Parents

0 NOte over 21 years ago

he dudes,
sorry this was our mistake.
Forget! all the postings.
We've got a wrong DNS-Server entry in the Paket Filter.

Regards NOte
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 NOte over 21 years ago

he dudes,
sorry this was our mistake.
Forget! all the postings.
We've got a wrong DNS-Server entry in the Paket Filter.

Regards NOte
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data