Port Scanning from the same IP

BigDingus · ‎2021-12-22

Hi all.

From my firewall log I can see there have been numerous attemps to access my PC from the same IP address.

Is there a way to block the IP address at my router so it never gets as far as my PC?

Thanks

FURRYe38 · ‎2021-12-22

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

Have a example of this log entry. Edit out any MAC address information.

Most of the time the attempts are blocked, it's just the log reporting that there was an attempt.

CrimpOn · ‎2021-12-22

@BigDingus wrote:

From my firewall log I can see there have been numerous attemps to access my PC from the same IP address.

Is there a way to block the IP address at my router so it never gets as far as my PC?

As @FURRYe38 commented, the Orbi blocks connection attempts from the internet unless the user has specifically forwarded ports to devices on the LAN. Comments in the Orbi log are "for information only". So...

The firewall log is the Orbi log, or a log on the PC?
The IP address that is attempting to access the PC is on the internet or on the local LAN?

BigDingus · ‎2021-12-22

My firmware is V2.7.3.22

I don't know what model the modem is. Just that it's from Virginmedia

I just had a look. There's loads to port 80

My log:

[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 16:26:17
[remote login] from source 152.251.1.202, Wednesday, December 22, 2021 16:26:00
[remote login failure] from source 152.251.1.202, Wednesday, December 22, 2021 16:25:56
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 16:19:39
[DHCP IP: 152.251.1.11] to MAC address be:50:35:f3:24:21, Wednesday, December 22, 2021 16:19:33
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 16:02:21
[LAN access from remote] from 218.0.246.117:33093 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:11
[LAN access from remote] from 218.0.246.117:33094 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:10
[LAN access from remote] from 218.0.246.117:33091 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:09
[LAN access from remote] from 218.0.246.117:33090 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:08
[LAN access from remote] from 218.0.246.117:33092 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:07
[LAN access from remote] from 218.0.246.117:33025 to 152.251.1.202:80, Wednesday, December 22, 2021 16:02:05
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:53:41
[DoS Attack: SYN/ACK Scan] from source: 170.33.12.120, port 8585, Wednesday, December 22, 2021 15:53:27
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:51:15
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, December 22, 2021 15:51:08
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:49:37
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, December 22, 2021 15:49:34
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:41:48
[LAN access from remote] from 2.57.121.26:47266 to 152.251.1.202:80, Wednesday, December 22, 2021 15:41:32
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:38:09
[LAN access from remote] from 14.4.62.35:52964 to 152.251.1.202:80, Wednesday, December 22, 2021 15:37:48
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:37:18
[LAN access from remote] from 211.111.237.31:43026 to 152.251.1.202:80, Wednesday, December 22, 2021 15:37:07
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:36:29
[LAN access from remote] from 45.95.147.17:46229 to 152.251.1.202:80, Wednesday, December 22, 2021 15:36:08
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:25:43
[LAN access from remote] from 209.141.50.223:53816 to 152.251.1.202:80, Wednesday, December 22, 2021 15:25:18
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:25:17
[LAN access from remote] from 209.141.50.223:33164 to 152.251.1.202:80, Wednesday, December 22, 2021 15:25:17
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:21:05
[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Wednesday, December 22, 2021 15:20:42
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:01:38
[DHCP IP: 152.251.1.12] to MAC address 48:a6:b8:84:74:84, Wednesday, December 22, 2021 15:01:13
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 15:00:23
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, December 22, 2021 15:00:10
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:57:57
[LAN access from remote] from 37.0.10.73:55731 to 152.251.1.202:80, Wednesday, December 22, 2021 14:57:42
[LAN access from remote] from 37.0.10.73:55580 to 152.251.1.202:80, Wednesday, December 22, 2021 14:57:40
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:56:18
[LAN access from remote] from 45.61.188.2:39960 to 152.251.1.202:80, Wednesday, December 22, 2021 14:55:53
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:54:14
[LAN access from remote] from 128.14.209.170:51546 to 152.251.1.202:80, Wednesday, December 22, 2021 14:54:00
[LAN access from remote] from 128.14.209.170:50522 to 152.251.1.202:80, Wednesday, December 22, 2021 14:53:59
[LAN access from remote] from 128.14.209.172:20884 to 152.251.1.202:80, Wednesday, December 22, 2021 14:53:58
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:50:09
[remote login] from source 152.251.1.202, Wednesday, December 22, 2021 14:50:06
[UPnP set event: add_nat_rule] from source 152.251.1.19, Wednesday, December 22, 2021 14:36:03
[Log Cleared] Wednesday, December 22, 2021 14:35:43

FURRYe38 · ‎2021-12-22

Please find brand and model# information of ISP modem.

So a who is look up on those IP addresses.

152.251.1.202 is not a normal LAN side IP address string. 10. or 172. or 192. is LAN side string numbers.

What devices do you all have connected?

BigDingus · ‎2021-12-22

Hi again.

I've been busy doing whois on the IP addresses and have found that they are from the US, Thailand or China

BigDingus · ‎2021-12-22

Forgot to say, 152.251.1.202 is my internal IP

FURRYe38 · ‎2021-12-22

I recommend you use a 10, 172 or 192 IP address string for the LAN side.

https://db-ip.com/all/152.251.1

Even on the LAN side, this can cause problems on the WAN side as well.

BigDingus · ‎2021-12-22

Thanks Furry, but the first thing I do when I install any network, is avoid the usual internal network IPs.

Just on of the obsticals I put in the way. However I'll look for a more free one.

FURRYe38 · ‎2021-12-22

Well for home use those are supposed to be used for home class routers on the LAN side. Using other IP addresses out side of these doesn't make it any safer and if you use other IP address stings that are out side of the private IP address range, you maybe using something is already own and assigned to a company by the www.icann.org. This group governs who gets IP addresses and how they are handled. They delegated the 10, 172 and 192 address range for LAN side pool for home class routers.

Port Scanning from the same IP

Port Scanning from the same IP

Re: Port Scanning from the same IP

Re: Port Scanning from the same IP

Re: Port Scanning from the same IP

Re: Port Scanning from the same IP

Re: Port Scanning from the same IP

Re: Port Scanning from the same IP

Re: Port Scanning from the same IP

Re: Port Scanning from the same IP

Re: Port Scanning from the same IP