I have reports in my firewall about port scans, and UDP floods, in connection to CF DNS address, connection problems. Take look in attachment, My location is Serbia, Belgrade, ISP - SBB.
I have revert my dns config in router to default (sbb), and changed in my adapter to 22.214.171.124, 126.96.36.199., still getting strange logs.
I’m no Infosec expert, but to me, those look like regular DNS queries with responses coming back on non-privileged ports.
What’s the firewall vendor?
What does 192.168.0.15 usually do?
Is it a “normal” client?
The source (188.8.131.52) could be forged.
But since 0.15 is broadcasting NetBIOS and your firewall detects it as flood. I am not pretty sure atm
I have restored DNS servers in router to my ISP default, problem still persist. It’s probably router firmware error. I will try to fix it by upgrading.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.