Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Network Security: Firewall, NAT, QoS, IPS and more
Reload this Page Portscan: from RIPE to: internal Clients?
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-03-2004, 09:23 AM
Junior Member
  
Join Date: Feb 2004
Posts: 4
Default Portscan: from RIPE to: internal Clients?
He dudes,
my PSD (ASL 4) logs this message (20 times a day):
eth2 is the external NIC and eth0 is the internal NIC.

Portscan detected: IN=eth2 OUT=eth0 SRC=213.144.23.114 DST=192.168.200.25 LEN=264 TOS=0x00 PREC=0x00 TTL=59 ID=0 DF PROTO=UDP SPT=53 DPT=1603 LEN=244

The DST ist always another internal client (192.168.200.x). How is it possible to scan a internal Client with a private IP-Adress?

The supposed Attacker Address is always the same. It's RIPE. Isn't that a Domain Resolver?

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL
ReferralServer: whois://whois.ripe.net


Please help me! Must I change my Rules, or what?!?

Thanks
NOte
Reply With Quote
  #2 (permalink)  
Old 02-03-2004, 09:49 AM
Junior Member
  
Join Date: Feb 2004
Posts: 4
Default Re: Portscan: from RIPE to: internal Clients?
he dudes,
sorry this was our mistake.
Forget! all the postings.
We've got a wrong DNS-Server entry in the Paket Filter.

Regards NOte
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 05:12 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.