I just got this modem installed a couple of days ago, and today I have noticed a large number of odd Port Scans. I believe the IPs in general belong to TWC, so any advice on how to mitigate these, or if I can ignore them despite the sheer volume, would be appreciated.
I currently have, in the built-in firewall, IP4 and 6 Firewalls on, and Port Scan detections on.
Description Count
TCP- or UDP-based Port Scan 326 Mon Nov 21 14:30:42 2016 (REDACTED) 209.18.47.61:53
TCP- or UDP-based Port Scan 280 Mon Nov 21 14:35:20 2016 (REDACTED) 209.18.47.62:53
To make a comparison, I only got 2 of these total yesterday (From a different source I recognize), thus my eyebrow raise. Also these only started today, it looks. And, finally, there are the same IP Combination, same error and so on, from back July. Likely when the modem was being tested by TWC or something, unsure, but I'll throw those in here:
TCP- or UDP-based Port Scan 3 Fri Jul 01 19:11:04 2016 70.94.12.103:63607 209.18.47.61:53
TCP- or UDP-based Port Scan 37 Tue Jul 05 21:13:31 2016 70.94.13.237:52308 209.18.47.61:53
TCP- or UDP-based Port Scan 2 Tue Jul 05 16:18:42 2016 70.94.13.237:64082 209.18.47.62:53
The only other thing I can add was I did recently open a few ports for gaming purposes, although I am unsure if that is involved. I can disable them as needed, of course, but those games IPs are obviously not TWC.
Solved! Go to Solution.
Are you in Kansas?
209.18.47.61/62 is TWC's DNS and nothing to worry about
South Texas, so nope!
I will note the last 3 posted were from July. I didn't even own this Modem until this month. Just, something to add.
Tempted to disable Port Scan Detection, but I'll go by your advice here, if any, or just ignore it all.
As an aside, the attempts are now 332/286
Hah, how rude of them to send me a used one! I guess I will look into getting my own sometime. I prefer more customizable firewalls.
If the 209.18.47.61/62 is TWC (Which is the Source) which is the first (Target)? Looking online, those are also IP Addresses for TWC.
I'll stop worrying about it either way, per your advice, but I am simply curious now.
See what your public IP is, you'll see ports from it to the dns and your antivirus for a start
Oh huh, wow. It changed. I guess that's the public IP address I was given from TWC now. Alright. I guess I'll edit that out now that we resolved it, just to be safe.
Thank you, MsRaye.
The router creates& maintains multiple port extensions to allow external IP addresses to get to specific devices, like to keep your antivirus up to date also to speed up DNS routing/ sync your computers DNS cache for high useage sites you visit.
(as well as malware and trojans, lol)
And in reading this ( http://www.dslreports.com/faq/4108 ) it's actually fairly common and is just a result of the DNS server being, well, kind of lame. All a result of internet browsing. Only way to really 'stop' the alerts is to open the port to TWC so they can always get in regardless of being given a brief window... or just ignore it because it's benign and hope their DNS server quits being trashy.
Nothing to worry about either way! I should have just researched harder, but your hard work and prompt responses are admirable, and I figured I'd rest easier with your opinion, Ms. Raye. Thanks again.