Port Scanning from the same IP

Question

Hi all.From my firewall log I can see there have been numerous attemps to access my PC from the same IP address.Is there a way to block the IP address at my router so it never gets as far as my PC?&nbsp;Thanks

FURRYe38 · Answer

What Firmware version is currently loaded?What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
&nbsp;
Have a example of this log entry. Edit out any MAC address information.&nbsp;
&nbsp;
Most of the time the attempts are blocked, it's just the log reporting that there was an attempt.&nbsp;

CrimpOn · Answer

BigDingus&nbsp;wrote:
From my firewall log I can see there have been numerous attemps to access my PC from the same IP address.
Is there a way to block the IP address at my router so it never gets as far as my PC?

As FURRYe38 commented, the Orbi blocks connection attempts from the internet unless the user has specifically forwarded ports to devices on the LAN.&nbsp; Comments in the Orbi log are "for information only".&nbsp; So...
&nbsp;

The firewall log is the Orbi log, or a log on the PC?
The IP address that is attempting to access the PC is on the internet or on the local LAN?

BigDingus · Answer

My firmware is V2.7.3.22&nbsp;I don't know what model the modem is. Just that it's from VirginmediaI just had a look. There's loads to port 80&nbsp;My log:[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 16:26:17[remote login] from source 152.251.1.202, Wednesday, December 22, 2021 16:26:00[remote login failure] from source 152.251.1.202, Wednesday, December 22, 2021 16:25:56[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 16:19:39[DHCP IP: 152.251.1.11] to MAC address be:50:35:f3:24:21, Wednesday, December 22, 2021 16:19:33[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 16:02:21[LAN access from remote] from 218.0.246.117:33093 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:11[LAN access from remote] from 218.0.246.117:33094 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:10[LAN access from remote] from 218.0.246.117:33091 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:09[LAN access from remote] from 218.0.246.117:33090 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:08[LAN access from remote] from 218.0.246.117:33092 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:07[LAN access from remote] from 218.0.246.117:33025 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:05[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:53:41[DoS Attack: SYN/ACK Scan] from source: 170.33.12.120, port 8585, Wednesday, December 22, 2021 15:53:27[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:51:15[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, December 22, 2021 15:51:08[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:49:37[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, December 22, 2021 15:49:34[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:41:48[LAN access from remote] from 2.57.121.26:47266 to 152.251.1.202:80, Wednesday, December 22, 2021 15:41:32[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:38:09[LAN access from remote] from 14.4.62.35:52964 to 152.251.1.202:80, Wednesday, December 22, 2021 15:37:48[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:37:18[LAN access from remote] from 211.111.237.31:43026 to 152.251.1.202:80, Wednesday, December 22, 2021 15:37:07[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:36:29[LAN access from remote] from 45.95.147.17:46229 to 152.251.1.202:80, Wednesday, December 22, 2021 15:36:08[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:25:43[LAN access from remote] from 209.141.50.223:53816 to 152.251.1.202:80, Wednesday, December 22, 2021 15:25:18[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:25:17[LAN access from remote] from 209.141.50.223:33164 to 152.251.1.202:80, Wednesday, December 22, 2021 15:25:17[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:21:05[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Wednesday, December 22, 2021 15:20:42[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:01:38[DHCP IP: 152.251.1.12] to MAC address 48:a6:b8:84:74:84, Wednesday, December 22, 2021 15:01:13[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:00:23[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, December 22, 2021 15:00:10[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:57:57[LAN access from remote] from 37.0.10.73:55731 to 152.251.1.202:80, Wednesday, December 22, 2021 14:57:42[LAN access from remote] from 37.0.10.73:55580 to 152.251.1.202:80, Wednesday, December 22, 2021 14:57:40[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:56:18[LAN access from remote] from 45.61.188.2:39960 to 152.251.1.202:80, Wednesday, December 22, 2021 14:55:53[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:54:14[LAN access from remote] from 128.14.209.170:51546 to 152.251.1.202:80, Wednesday, December 22, 2021 14:54:00[LAN access from remote] from 128.14.209.170:50522 to 152.251.1.202:80, Wednesday, December 22, 2021 14:53:59[LAN access from remote] from 128.14.209.172:20884 to 152.251.1.202:80, Wednesday, December 22, 2021 14:53:58[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:50:09[remote login] from source 152.251.1.202, Wednesday, December 22, 2021 14:50:06[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:36:03[Log Cleared] Wednesday, December 22, 2021 14:35:43

FURRYe38 · Answer

Please find brand and model# information of ISP modem.
&nbsp;
So a who is look up on those IP addresses.&nbsp;
152.251.1.202 is not a normal LAN side IP address string. 10. or 172. or 192. is LAN side string numbers.&nbsp;
&nbsp;
What devices do you all have connected?&nbsp;
&nbsp;
&nbsp;

BigDingus · Answer

Hi again.I've been busy doing whois on the IP addresses and have found that they are from the US, Thailand or China

Forum Discussion

Port Scanning from the same IP

9 Replies