ISP and DNS port scanning!
Hello: fellow Debian users
I was going over my router logs and noticed that I am getting port scanned
from my ISP, this has been happening for a while but I haven't had the time
to look into it untill now. I did a basic whois on the IP address and they
show that it is my ISP, the destination is a DNS server that belongs to my
ISP.
I sent an E-mail to abuse to see what they are going to do about it, but I am
in need of some knowledge? Is this common? is the DNS server trying to
collect or verify information on my system? If so why?
I did do a google search on DNS port scanning and denial of service, but did
not turn up anything that would explain this. That is why I am asking for
your suggestions. They seem to be sending it about every 30 seconds, so in
effect they are using a denial of service against me. Below is a few lines
of my router log.
In this format-> Time Message Source Destination Notes
11/18/2003 14:53:24 Firewall default policy: ICMP (W to W/ZW, type:8,
code:0) 66.61.104.72 66.61.118.206 ACCESS BLOCK
14
11/18/2003 14:53:20 Firewall default policy: ICMP (W to W/ZW,
type:8,
code:0) 66.61.30.31 66.61.118.206 ACCESS BLOCK
15
11/18/2003 14:53:08 Firewall default policy: ICMP (W to W/ZW,
type:8,
code:0) 66.61.81.46 66.61.118.206 ACCESS BLOCK
16
11/18/2003 14:52:45 Firewall default policy: ICMP (W to W/ZW,
type:8,
code:0) 66.61.123.234 66.61.118.206 ACCESS BLOCK
17
If this is common would someone please point me to a source to get more
information.
Thanks;
Rthoreau at iwon dot com
Reply to: