Hello: fellow Debian users I was going over my router logs and noticed that I am getting port scanned from my ISP, this has been happening for a while but I haven't had the time to look into it untill now. I did a basic whois on the IP address and they show that it is my ISP, the destination is a DNS server that belongs to my ISP.
I sent an E-mail to abuse to see what they are going to do about it, but I am in need of some knowledge? Is this common? is the DNS server trying to collect or verify information on my system? If so why? I did do a google search on DNS port scanning and denial of service, but did not turn up anything that would explain this. That is why I am asking for your suggestions. They seem to be sending it about every 30 seconds, so in effect they are using a denial of service against me. Below is a few lines of my router log. In this format-> Time Message Source Destination Notes 11/18/2003 14:53:24 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.104.72 66.61.118.206 ACCESS BLOCK 14 11/18/2003 14:53:20 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.30.31 66.61.118.206 ACCESS BLOCK 15 11/18/2003 14:53:08 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.81.46 66.61.118.206 ACCESS BLOCK 16 11/18/2003 14:52:45 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.123.234 66.61.118.206 ACCESS BLOCK 17 If this is common would someone please point me to a source to get more information. Thanks; Rthoreau at iwon dot com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
