I am concerned about a bunch of UDP Port scans I have been receiving. My log says they have been blocked and have been logged in as High Severity, there have been a total of 6 logged. The first time 25 ports were scanned, the next 5 times 50 ports were scanned.
But also there have been over 400 that under the severity clolumn was marked “info”. They are all the same attacker, but on these there is a remote thing listed.
What im trying to say is should I be concerned about this?
But, you could find out about who did it… goto [url]http://www.dnsstuff.com/[/url] and tap in the scanner’s IP address into the WHOIS Lookup. This will tell you lots about that IP address. Sometimes there’s also can email address that to can email complaints to, if you so wished. But, it may also tell you that it is something like that you were ineracting with… a web site… software… etc…
In your attached screenshot, isn’t your rule ID3 the same as your rule ID 6, except 3 allows traffic in and rule 6 blocks it? Doesn’t rule 3 expose your PC?
I might be wrong, and I may be thinking of the wrong test, or it might be because I am reading this at 1 am… but the leaktest I think was for testing the application rules… if you ran the test and CPF prompted you for an action and you allowed it… that would be why you failed… i think…