NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

BigDingus's avatar
BigDingus
Tutor
Dec 22, 2021

Port Scanning from the same IP

Hi all. From my firewall log I can see there have been numerous attemps to access my PC from the same IP address. Is there a way to block the IP address at my router so it never gets as far as my P...
FURRYe38's avatar
FURRYe38
Guru - Experienced User
Dec 22, 2021

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

 

Have a example of this log entry. Edit out any MAC address information. 

 

Most of the time the attempts are blocked, it's just the log reporting that there was an attempt. 

  • BigDingus's avatar
    BigDingus
    Tutor
    Dec 22, 2021

    My firmware is V2.7.3.22

     

    I don't know what model the modem is. Just that it's from Virginmedia

    I just had a look. There's loads to port 80

     

    My log:

    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 16:26:17
    [remote login] from source 152.251.1.202, Wednesday, December 22, 2021 16:26:00
    [remote login failure] from source 152.251.1.202, Wednesday, December 22, 2021 16:25:56
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 16:19:39
    [DHCP IP: 152.251.1.11] to MAC address be:50:35:f3:24:21, Wednesday, December 22, 2021 16:19:33
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 16:02:21
    [LAN access from remote] from 218.0.246.117:33093 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:11
    [LAN access from remote] from 218.0.246.117:33094 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:10
    [LAN access from remote] from 218.0.246.117:33091 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:09
    [LAN access from remote] from 218.0.246.117:33090 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:08
    [LAN access from remote] from 218.0.246.117:33092 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:07
    [LAN access from remote] from 218.0.246.117:33025 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:05
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:53:41
    [DoS Attack: SYN/ACK Scan] from source: 170.33.12.120, port 8585, Wednesday, December 22, 2021 15:53:27
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:51:15
    [DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, December 22, 2021 15:51:08
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:49:37
    [DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, December 22, 2021 15:49:34
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:41:48
    [LAN access from remote] from 2.57.121.26:47266 to 152.251.1.202:80, Wednesday, December 22, 2021 15:41:32
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:38:09
    [LAN access from remote] from 14.4.62.35:52964 to 152.251.1.202:80, Wednesday, December 22, 2021 15:37:48
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:37:18
    [LAN access from remote] from 211.111.237.31:43026 to 152.251.1.202:80, Wednesday, December 22, 2021 15:37:07
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:36:29
    [LAN access from remote] from 45.95.147.17:46229 to 152.251.1.202:80, Wednesday, December 22, 2021 15:36:08
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:25:43
    [LAN access from remote] from 209.141.50.223:53816 to 152.251.1.202:80, Wednesday, December 22, 2021 15:25:18
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:25:17
    [LAN access from remote] from 209.141.50.223:33164 to 152.251.1.202:80, Wednesday, December 22, 2021 15:25:17
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:21:05
    [DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Wednesday, December 22, 2021 15:20:42
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:01:38
    [DHCP IP: 152.251.1.12] to MAC address 48:a6:b8:84:74:84, Wednesday, December 22, 2021 15:01:13
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:00:23
    [DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, December 22, 2021 15:00:10
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:57:57
    [LAN access from remote] from 37.0.10.73:55731 to 152.251.1.202:80, Wednesday, December 22, 2021 14:57:42
    [LAN access from remote] from 37.0.10.73:55580 to 152.251.1.202:80, Wednesday, December 22, 2021 14:57:40
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:56:18
    [LAN access from remote] from 45.61.188.2:39960 to 152.251.1.202:80, Wednesday, December 22, 2021 14:55:53
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:54:14
    [LAN access from remote] from 128.14.209.170:51546 to 152.251.1.202:80, Wednesday, December 22, 2021 14:54:00
    [LAN access from remote] from 128.14.209.170:50522 to 152.251.1.202:80, Wednesday, December 22, 2021 14:53:59
    [LAN access from remote] from 128.14.209.172:20884 to 152.251.1.202:80, Wednesday, December 22, 2021 14:53:58
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:50:09
    [remote login] from source 152.251.1.202, Wednesday, December 22, 2021 14:50:06
    [UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:36:03
    [Log Cleared] Wednesday, December 22, 2021 14:35:43

    • FURRYe38's avatar
      FURRYe38
      Guru - Experienced User
      Dec 22, 2021

      Please find brand and model# information of ISP modem.

       

      So a who is look up on those IP addresses. 

      152.251.1.202 is not a normal LAN side IP address string. 10. or 172. or 192. is LAN side string numbers. 

       

      What devices do you all have connected? 

       

       

    • BigDingus's avatar
      BigDingus
      Tutor
      Dec 22, 2021

      Hi again.

      I've been busy doing whois on the IP addresses and have found that they are from the US, Thailand or China

      • BigDingus's avatar
        BigDingus
        Tutor
        Dec 22, 2021

        Forgot to say, 152.251.1.202 is my internal IP