Community Forums

Odd ubee DDW36C firewall logs.

Reply

Odd ubee DDW36C firewall logs.

SOLVED
Go to solution
TajianaA
TajianaA
Not applicable
‎11-21-2016 12:39 PM
‎11-21-2016 12:39 PM

Odd ubee DDW36C firewall logs.

I just got this modem installed a couple of days ago, and today I have noticed a large number of odd Port Scans. I believe the IPs in general belong to TWC, so any advice on how to mitigate these, or if I can ignore them despite the sheer volume, would be appreciated.

 

I currently have, in the built-in firewall, IP4 and 6 Firewalls on, and Port Scan detections on.

 

Description                                               Count

TCP- or UDP-based Port Scan     326      Mon Nov 21 14:30:42 2016       (REDACTED)      209.18.47.61:53
TCP- or UDP-based Port Scan     280      Mon Nov 21 14:35:20 2016       (REDACTED)      209.18.47.62:53

 

To make a comparison, I only got 2 of these total yesterday (From a different source I recognize), thus my eyebrow raise.  Also these only started today, it looks. And, finally, there are the same IP Combination, same error and so on, from back July. Likely when the modem was being tested by TWC or something, unsure, but I'll throw those in here:

 


TCP- or UDP-based Port Scan     3      Fri Jul 01 19:11:04 2016       70.94.12.103:63607      209.18.47.61:53
TCP- or UDP-based Port Scan     37      Tue Jul 05 21:13:31 2016       70.94.13.237:52308      209.18.47.61:53
TCP- or UDP-based Port Scan     2      Tue Jul 05 16:18:42 2016       70.94.13.237:64082      209.18.47.62:53

 

 

The only other thing I can add was I did recently open a few ports for gaming purposes, although I am unsure if that is involved. I can disable them as needed, of course, but those games IPs are obviously not TWC.

Everyone's Tags (1)
0 Enjoys
8 REPLIES 8
MsRaye
Expert
‎11-21-2016 01:20 PM
‎11-21-2016 01:20 PM

Re: Odd ubee DDW36C firewall logs.

Are you in Kansas?

209.18.47.61/62 is TWC's DNS and nothing to worry about

 

0 Enjoys
TajianaA
TajianaA
Not applicable
‎11-21-2016 01:21 PM
‎11-21-2016 01:21 PM

Re: Odd ubee DDW36C firewall logs.

South Texas, so nope!

 

I will note the last 3 posted were from July. I didn't even own this Modem until this month. Just, something to add.

 

Tempted to disable Port Scan Detection, but I'll go by your advice here, if any, or just ignore it all.

 

As an aside, the attempts are now 332/286

0 Enjoys
MsRaye
Expert
‎11-21-2016 01:26 PM
‎11-21-2016 01:26 PM

Re: Odd ubee DDW36C firewall logs.

looks like it's  a used one that came from KS...don't worry about it.

0 Enjoys
TajianaA
TajianaA
Not applicable
‎11-21-2016 01:31 PM
‎11-21-2016 01:31 PM

Re: Odd ubee DDW36C firewall logs.

Hah, how rude of them to send me a used one! I guess I will look into getting my own sometime. I prefer more customizable firewalls.

 

If the 209.18.47.61/62  is TWC (Which is the Source) which is the first (Target)? Looking online, those are also IP Addresses for TWC.

 

I'll stop worrying about it either way, per your advice, but I am simply curious now.

0 Enjoys
MsRaye
Expert
‎11-21-2016 01:37 PM
‎11-21-2016 01:37 PM

Re: Odd ubee DDW36C firewall logs.

See what your public IP is,  you'll see ports from it to the dns and your antivirus for a start

 

0 Enjoys
TajianaA
TajianaA
Not applicable
‎11-21-2016 01:40 PM
‎11-21-2016 01:40 PM

Re: Odd ubee DDW36C firewall logs.

Oh huh, wow. It changed. I guess that's the public IP address I was given from TWC now. Alright. I guess I'll edit that out now that we resolved it, just to be safe.

 

Thank you, MsRaye.

0 Enjoys
MsRaye
Expert
‎11-21-2016 01:47 PM
‎11-21-2016 01:47 PM

Re: Odd ubee DDW36C firewall logs.

The router creates& maintains multiple port extensions to allow external IP addresses to get to specific devices, like to keep your antivirus up to date also to speed up DNS routing/ sync your computers DNS cache for high useage sites you visit.

(as well as malware and trojans, lol)

 

 

0 Enjoys
TajianaA
TajianaA
Not applicable
‎11-21-2016 01:51 PM
‎11-21-2016 01:51 PM

Re: Odd ubee DDW36C firewall logs.

And in reading this ( http://www.dslreports.com/faq/4108 ) it's actually fairly common and is just a result of the DNS server being, well, kind of lame. All a result of internet browsing. Only way to really 'stop' the alerts is to open the port to TWC so they can always get in regardless of being given a brief window... or just ignore it because it's benign and hope their DNS server quits being trashy.

 

Nothing to worry about either way! I should have just researched harder, but your hard work and prompt responses are admirable, and I figured I'd rest easier with your opinion, Ms. Raye. Thanks again.