pfSense Support Subscription

Author Topic: Ports Scanning  (Read 8136 times)

0 Members and 1 Guest are viewing this topic.

Offline Arist

  • Full Member
  • ***
  • Posts: 156
  • Karma: +0/-0
    • View Profile
Ports Scanning
« on: November 27, 2009, 03:57:47 pm »
I was running 1.2.3-RC3 built on Oct 8 and it was pointed out that the protection on the local pc were alerting with popups TCP ports scanned I tried blocking the address listed with no luck then I updated pfsense to the latest snapshot and still no luck the scans continue, the address listed is part of the Block bogon networks list so why isnt
pfsense blocking port scans I have a couple of other address that got past pfsense with tcp ports scanning
 

Somebody is scanning your computer.
Your computer's TCP ports:
2011, 2005, 2012, 2003 and 2004 have been scanned from 192.0.2.43.

Somebody is scanning your computer.
Your computer's TCP ports:
1829, 1839, 1863, 1878 and 1893 have been scanned from 192.0.2.43.

Somebody is scanning your computer.
Your computer's TCP ports:
4926, 4927, 4916, 4920 and 4925 have been scanned from 192.0.2.43.

Somebody is scanning your computer.
Your computer's TCP ports:
4534, 4435, 4482, 4501 and 4480 have been scanned from 192.0.2.43.


Somebody is scanning your computer.
Your computer's TCP ports:
3359, 3401, 3399, 3398 and 3400 have been scanned from 192.0.2.43.

Somebody is scanning your computer.
Your computer's TCP ports:
3363, 3364, 3356, 3358 and 3360 have been scanned from 192.0.2.43.

Somebody is scanning your computer.
Your computer's TCP ports:
2036, 2088, 2032, 2065 and 2031 have been scanned from 192.0.2.43.

Somebody is scanning your computer.
Your computer's TCP ports:
2121, 2120, 2128, 2130 and 2159 have been scanned from 192.0.2.43.

Somebody is scanning your computer.
Your computer's TCP ports:
2214, 2217, 2223, 2221 and 2216 have been scanned from 192.0.2.43.

Somebody is scanning your computer.
Your computer's TCP ports:
2362, 2368, 2370, 2371 and 2373 have been scanned from 192.0.2.43.


Somebody is scanning your computer.
Your computer's TCP ports:
2035, 2034, 2030, 2036 and 2031 have been scanned from 72.215.225.136.

Somebody is scanning your computer.
Your computer's TCP ports:
2222, 2220, 2221, 2223 and 2217 have been scanned from 70.167.151.172.

Somebody is scanning your computer.
Your computer's TCP ports:
2035, 2034, 2030, 2036 and 2031 have been scanned from 72.215.225.136.

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1168
  • Karma: +1/-0
    • View Profile
Re: Ports Scanning
« Reply #1 on: November 28, 2009, 08:42:24 am »
Do you really have all those ports forwarded to your PC?  If not, how would they be getting to your PC?  pfsense isn't going to send random port scans to your PC for no reason...

Offline Arist

  • Full Member
  • ***
  • Posts: 156
  • Karma: +0/-0
    • View Profile
Re: Ports Scanning
« Reply #2 on: November 28, 2009, 05:31:44 pm »
I have no port forward to any pc and i really dont know how they are getting to the PC. all PC are behind the pfsense box their are no open ports on the wan side all I know is that the AV/PF gives an alert of a portscan and has all the entry listed in the log so I was asking
if pfsense blocks port scans and if so how come i am seeing those port scans shouldn't pfsense had caught them.

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1168
  • Karma: +1/-0
    • View Profile
Re: Ports Scanning
« Reply #3 on: November 28, 2009, 05:34:16 pm »
this is impossible.  packets are not going to magically go from the WAN to your PC unless pfsense was set up to send them there.  either these are faked, or there is some trojan running on your PC which is letting stuff in (maybe something else, but no idea right now.)  or maybe a hacked zombie pc on your LAN which is spoofing the packets?  easy way to tell is to run tcpdump on the wan interface of the pfsense and see if you see those packets coming in at all.