[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Firewall Logs Show Continuous Port Scans TCP UDP 26774 31384

Posted on 2007-08-05
6
Medium Priority
?
343 Views
Last Modified: 2013-11-22
Firewall blocks about 2000 per hour incoming connections to ports 26774 and 31384, from hundreds of source IP's.  Can anyone explain what is going on?  I searched online but could not find any relevance to these particular ports.
0
Comment
Question by:LarryZ
  • 3
  • 2
6 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 19634620
Probably a bot looking to get into the network. Just plain drop these traffic by making a first rule (make this drop rule as the first rule so that firewall processing gets better)

Cheers,
Rajesh
0
 
LVL 3

Expert Comment

by:aaron757
ID: 19634666
Both those ports are not registered with IANA. Are they originating at the remote IP's or are they responses to traffic that originated locally? It sounds almost like a system on your network has a virus/worm and is broadcasting out and what you are seeing getting blocked is the response from other infected systems.
0
 

Author Comment

by:LarryZ
ID: 19634872
I think they originate at the remote IPs.  No sign of outbound blocks.  I wonder if others sharing my ISP's cable modem loop have open ports, and that would-be attackers just scan the whole range of IP addresses near mine?
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 

Author Comment

by:LarryZ
ID: 19634948
Interesting..  I tracked some of the many different addresses.
- AT&T Internet Services
- Comcast
- Verizon Internet Services
- Bell Canada
- Cox Communications
- RIPE Network Coordination Center

Any thoughts?
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 750 total points
ID: 19636343
You could talk to your ISP to see if they have seen this pattern in the past. I assume they'd be able to provide some info ?

Cheers,
Rajesh
0
 

Author Comment

by:LarryZ
ID: 19639444
Thanks..
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question