Question

Locked

What is meant by 'port scan' & 'IP Source Address Spoofing'?

By itso_simple ·
I oversee a small network of about 25 PCs. We have a static IP, a
Netopia 3500 series modem/router, and its security log regularly
lists warnings like the two I've pasted below. What is meant by "port
scan" and "IP Source Address Spoofing" and are these cause for
concern?
-Thanks-
---------
Security alert type : Port Scan
Protocol type : UDP
IP source address : 206.251.233.105
Time at last attempt : Mon Mar 19 00:49:46 2007(UTC)
Number of ports that were scanned: 8
Highest port : 33451
Lowest port : 33444
33444 33445 33446 33447 33448 33449 33450 33451
------------
Security alert type : IP Source Address Spoofing
IP source address : 192.168.214.2
IP destination address : 208.254.45.206
Number of attempts : 5
Time at last attempt : Mon Mar 19 00:55:50 2007(UTC)
IP Interface : ENET (10/100BT-LAN
-------------

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Port Scanning

by dspeacock In reply to What is meant by 'port sc ...

is the process of connecting to TCP and UDP ports on your system to determine the services that are running or are in a listening state. It helps to determine your OS among other things.

These scans can be either active or passive.

HTH

Dave

Collapse -

Dave's Right and More...

by rkuhn In reply to What is meant by 'port sc ...

I'd just keep my eye on them but wouldn't take them all that seriously.

A) If your router is worthwhile at all, has been setup properly and has a built in firewall (which it does), it shouldn't have any problem with discarding these unsolicited packets.

B) Same is true for IP spooking attacks. Unless somehow solicited first from the inside, you should be fine..

C) Even if something were to somehow slip by the firewall, just keep all your internal PC's fully patched, updated, run AV and anti-malware, etc and you'll be fine.

If you actually have attacks being logged, I'm surprised your log doesn't fill up so fast that you even have time to read it.

What you are witnessing is quite normal.

In addition, that appears to be a MCI IP address which my guess (pure speculation) is that address is a dynmaic address and you'll never know who it was.

Back to Networks Forum
3 total posts (Page 1 of 1)  

Hardware Forums