KAV warns me of UDP port scans!

Discussion in 'other security issues & news' started by Slovak, Feb 1, 2006.

Thread Status:
Not open for further replies.
  1. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    From my own router too, what's up with this? When it scans I get disconnected from the internet too and I am on DSL. Now how can my own router port scan me when I am the only one of 4 computers on my network even turned on and connected to the internet?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    try turning off KAV's intrusion detection system (network protection).
     
  3. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Yeh I had a similar problem form my Netgear router with steful firewall - I turned off the NW protection function as ZA should provide protection
     
  4. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    I can't do that, when my boys are on they sometimes seem to get nasties that try to infiltrate the network, so network protection stays on. Question is why would my own router be port scanning me?
     
  5. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
  6. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Thanks, but I only use the router, so it has to stay on.
     
  7. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Do you have the router set up to send a sys log to a local host?

    - I do This is what KAV appears to see on my system
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Do you have some log entries we could look at?

    Regards,

    CrazyM
     
  9. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    What logs? I'm not sure where, or even if my 2wire router is logging anything.
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Your KAV logs that will hopefully indicate what kind of traffic is being blocked from the router. (or some more details from the alert)

    Regards,

    CrazyM
     
  11. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Umm, where do I find the KAV log files at?
     
  12. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Not being a KAV user I cannot help here, but would hope alerts are logged somewhere. When you get these alerts about the traffic from your router is there any details in regards to protocol and ports?

    Regards,

    CrazyM
     
  13. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Well here is the report of the log file for those attacks.
     

    Attached Files:

  14. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Thanks for the log entries ...
    Code:
    Report:
    UDP Port Scan;Attack via protocol UDP from address 192.168.1.254 to local port 4821 was successfully repelled.;1/21/2006 10:11:11 AM
    UDP Port Scan;Attack via protocol UDP from address 192.168.1.254 to local port 4850 was successfully repelled.;1/21/2006 10:11:13 AM
    UDP Port Scan;Attack via protocol UDP from address 192.168.1.254 to local port 4865 was successfully repelled.;1/21/2006 10:11:14 AM
    UDP Port Scan;Attack via protocol UDP from address 192.168.1.254 to local port 4879 was successfully repelled.;1/21/2006 10:11:15 AM
    ... unfortunately they are missing the source port.

    You noted initially these were from your router. To confirm, is 192.168.1.254 the IP of your router? Does you router proxy DNS lookups? The destination ports (local ports) are all in the ephemeral range so these could be late packets from legitimate traffic, but without complete logs it is difficult to say just what may have triggered this.

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.