KAV warns me of UDP port scans!

From my own router too, what's up with this? When it scans I get disconnected from the internet too and I am on DSL. Now how can my own router port scan me when I am the only one of 4 computers on my network even turned on and connected to the internet?

 

try turning off KAV's intrusion detection system (network protection).

 

Yeh I had a similar problem form my Netgear router with steful firewall - I turned off the NW protection function as ZA should provide protection

 

I can't do that, when my boys are on they sometimes seem to get nasties that try to infiltrate the network, so network protection stays on. Question is why would my own router be port scanning me?

 

Slovak, if you use a softwarefirewall in addition to the router, then you can safely turn off the networkprotection (it's recommended, the networkprotection is only for those without a firewall):
http://img266.imageshack.us/img266/5334/realtimeprotectionsettings24nw.png

You can also uncheck "Do not notify about network attacks", if you simply do not wish to disable it.

http://forum.kaspersky.com/index.php?showtopic=897.

 

Thanks, but I only use the router, so it has to stay on.

 

Do you have the router set up to send a sys log to a local host?

- I do This is what KAV appears to see on my system

 

Do you have some log entries we could look at?

Regards,

CrazyM

 

What logs? I'm not sure where, or even if my 2wire router is logging anything.

 

Your KAV logs that will hopefully indicate what kind of traffic is being blocked from the router. (or some more details from the alert)

Regards,

CrazyM

 

Umm, where do I find the KAV log files at?

 

Not being a KAV user I cannot help here, but would hope alerts are logged somewhere. When you get these alerts about the traffic from your router is there any details in regards to protocol and ports?

Regards,

CrazyM

 

Well here is the report of the log file for those attacks.

 

Thanks for the log entries ...

Code:

Report:
UDP Port Scan;Attack via protocol UDP from address 192.168.1.254 to local port 4821 was successfully repelled.;1/21/2006 10:11:11 AM
UDP Port Scan;Attack via protocol UDP from address 192.168.1.254 to local port 4850 was successfully repelled.;1/21/2006 10:11:13 AM
UDP Port Scan;Attack via protocol UDP from address 192.168.1.254 to local port 4865 was successfully repelled.;1/21/2006 10:11:14 AM
UDP Port Scan;Attack via protocol UDP from address 192.168.1.254 to local port 4879 was successfully repelled.;1/21/2006 10:11:15 AM

... unfortunately they are missing the source port.

You noted initially these were from your router. To confirm, is 192.168.1.254 the IP of your router? Does you router proxy DNS lookups? The destination ports (local ports) are all in the ephemeral range so these could be late packets from legitimate traffic, but without complete logs it is difficult to say just what may have triggered this.

Regards,

CrazyM