Questions

What is meant by 'port scan' & 'IP Source Address Spoofing'?

Tags:
+
0 Votes
Locked

What is meant by 'port scan' & 'IP Source Address Spoofing'?

itso_simple
I oversee a small network of about 25 PCs. We have a static IP, a
Netopia 3500 series modem/router, and its security log regularly
lists warnings like the two I've pasted below. What is meant by "port
scan" and "IP Source Address Spoofing" and are these cause for
concern?
-Thanks-
---------
Security alert type : Port Scan
Protocol type : UDP
IP source address : 206.251.233.105
Time at last attempt : Mon Mar 19 00:49:46 2007(UTC)
Number of ports that were scanned: 8
Highest port : 33451
Lowest port : 33444
33444 33445 33446 33447 33448 33449 33450 33451
------------
Security alert type : IP Source Address Spoofing
IP source address : 192.168.214.2
IP destination address : 208.254.45.206
Number of attempts : 5
Time at last attempt : Mon Mar 19 00:55:50 2007(UTC)
IP Interface : ENET (10/100BT-LAN
-------------
  • +
    0 Votes
    dspeacock

    is the process of connecting to TCP and UDP ports on your system to determine the services that are running or are in a listening state. It helps to determine your OS among other things.

    These scans can be either active or passive.

    HTH

    Dave

    +
    0 Votes
    rkuhn

    I'd just keep my eye on them but wouldn't take them all that seriously.

    A) If your router is worthwhile at all, has been setup properly and has a built in firewall (which it does), it shouldn't have any problem with discarding these unsolicited packets.

    B) Same is true for IP spooking attacks. Unless somehow solicited first from the inside, you should be fine..

    C) Even if something were to somehow slip by the firewall, just keep all your internal PC's fully patched, updated, run AV and anti-malware, etc and you'll be fine.

    If you actually have attacks being logged, I'm surprised your log doesn't fill up so fast that you even have time to read it.

    What you are witnessing is quite normal.

    In addition, that appears to be a MCI IP address which my guess (pure speculation) is that address is a dynmaic address and you'll never know who it was.

  • +
    0 Votes
    dspeacock

    is the process of connecting to TCP and UDP ports on your system to determine the services that are running or are in a listening state. It helps to determine your OS among other things.

    These scans can be either active or passive.

    HTH

    Dave

    +
    0 Votes
    rkuhn

    I'd just keep my eye on them but wouldn't take them all that seriously.

    A) If your router is worthwhile at all, has been setup properly and has a built in firewall (which it does), it shouldn't have any problem with discarding these unsolicited packets.

    B) Same is true for IP spooking attacks. Unless somehow solicited first from the inside, you should be fine..

    C) Even if something were to somehow slip by the firewall, just keep all your internal PC's fully patched, updated, run AV and anti-malware, etc and you'll be fine.

    If you actually have attacks being logged, I'm surprised your log doesn't fill up so fast that you even have time to read it.

    What you are witnessing is quite normal.

    In addition, that appears to be a MCI IP address which my guess (pure speculation) is that address is a dynmaic address and you'll never know who it was.