Hello,
Noticed something weird. (maybe)
As you can see in the first picture Comodo Secure DNS is being blocked while performing a port scan.
But in the second picture you can see that the DNS port is allowed.
And in the third picture you can see that Port Scan Detection is enabled.
I also noticed that my ISP DNS gets in there too. What is this and why is it happening?
[attachment deleted by admin]
I noticed you have port 53 TCP/UDP open for incoming traffic. That is not needed for normal DNS resolving. I am wondering if the alert about the port scan is related to this. Please close the port and see what happens.
After closing port 53 run the following command from the command prompt:
ipconfig /flushdns
This will flush the local DNS cache of Windows so we can immediately see how closing port 53 works out.
I added the port in response to that Port scan thing in the log. The DNS does work fine without it. However I have to set the DNS locally on my PC since I have a netgear CG3100 router (Provided by ISP) that needs me to switch to static IP in order to use any other than the ISP’s DNS servers (Unless I sign up and pay for dynamic DNS). And my ISP doesn’t support static IPs… Looks to me like they are trying to prepare DNS censoring since they won’t allow static IPs and provide only routers that needs static IP in order to configure another DNS. I was actually able to use static IP a year or two ago.
My point of the thread was to figure out why the logs claim to have blocked several counts of port scanning carried out by both Comodo DNS and my ISP’s DNS. I mean, that logs is of connections that have been deemed malicious (I think DDoS and hacker) and hence blocked. But I don’t understand why it would block DNS servers?
In a somewhat related yet unrelated note, is there any router you can recommend? I’m looking for a good quality router with high speeds and very configurable (especially DNS without Static IP) However I don’t feel like paying over $150 for a router. By high speeds I mean capable of sending and receiving 100 Mb/s to the public Internet (preferably more if I ever want to upgrade) and 1Gb/s over the local network (cable of course)
Currently I am looking at the “ASUS RT-N65U” But that is pretty much just because I want to put it in my mouth… I mean ■■■■ that looks tasty! And it also has USB 3.0 ports which I figure will allow me to plug in a n external 3.0 USB HDD and have that by the router instead of having it here in my room humming away.
Edit: Actually, never mind that router. Apparently people are having overheating problems with it.
Edit 2: And now I see people saying it’s stable… I have no idea. I guess I could try getting it and if it does overheat I should be able to RMA it.
Thank you =)
That’s what I assumed.
However I have to set the DNS locally on my PC since I have a netgear CG3100 router (Provided by ISP) that needs me to switch to static IP in order to use any other than the ISP's DNS servers (Unless I sign up and pay for dynamic DNS).Setting DNS servers on your pc is not an uncommon practice.
What static IP address are you referring to here? A static local address for your computer or a static IP address for your connection?
You are talking about using dynamic DNS. Are you running a website from your connection? It is only for that situation that you would need dynamic DNS when having a dynamic IP address.
[quote]And my ISP doesn’t support static IPs. NOthing out of the ordinary.
Looks to me like they are trying to prepare DNS censoring since they won’t allow static IPs and provide only routers that needs static IP in order to configure another DNS. I was actually able to use static IP a year or two ago.Many ISP’s have dynamic IP addresses. That is a common practice which holds no bearing on filtering with DNS servers. Remember you can always set the DNS servers you want to use on your computer.
My point of the thread was to figure out why the logs claim to have blocked several counts of port scanning carried out by both Comodo DNS and my ISP's DNS. I mean, that logs is of connections that have been deemed malicious (I think DDoS and hacker) and hence blocked. But I don't understand why it would block DNS servers?I don't know the reason for the port scans by the DNS servers but they are no proof of malicious activity by Comodo DNS and your ISP.
In a somewhat related yet unrelated note, is there any router you can recommend? I'm looking for a good quality router with high speeds and very configurable (especially DNS without Static IP) However I don't feel like paying over $150 for a router. By high speeds I mean capable of sending and receiving 100 Mb/s to the public Internet (preferably more if I ever want to upgrade) and 1Gb/s over the local network (cable of course) Currently I am looking at the "ASUS RT-N65U" But that is pretty much just because I want to put it in my mouth.. I mean ■■■■ that looks tasty! And it also has USB 3.0 ports which I figure will allow me to plug in a n external 3.0 USB HDD and have that by the router instead of having it here in my room humming away. Edit: Actually, never mind that router. Apparently people are having overheating problems with it. Edit 2: And now I see people saying it's stable.. I have no idea. I guess I could try getting it and if it does overheat I should be able to RMA it.That ASUS router is a beast. I had to buy a router in February and choose the Cisco E4200 v1. That is a powerful router as well and fitted better in the budget. Also back then the software of the ASUS needed quite some tuning. I don’t know where the software of the ASUS is right now but it should be better. The hardware foundation is kick ■■■.Thank you =)
I was referring to a static IP address for my connection outwards to the public Internet.
What I meant was that the only possible way to change the DNS settings in the router is to either enable Static IP or enable Dynamic DNS. I didn’t mean that I was thinking of actually using it. But no I do not have a website.
What I meant is the fact that they provide the routers and the routers are made so no changes can be made to the DNS settings unless you set static IP which the ISP doesn’t support. And I know I can set the DNS on my computer but I don’t think most of the people would know that if they decided to start censoring websites through DNS blocking.
I didn’t mean to imply that the scans were carried out for malicious purposes. What I meant is that the log is for malicious connections hence I don’t understand why the router would see that as malicious since it’s clearly the DNS doing something not malicious. (False positive)
I think I’m going to get the Asus RT-N65U router, however as I see it I’ll have to use my current Netgear CG3100 as a modem with NAT disabled, but would the Netgear CG3100 work just as a modem or as a router too? I mean, if I connect my computer to the Asus router and the Asus router to the Netgear router and the Netgear router to the wall, would the Netgear router pick up things like DDoS attacks or would that be left entirely to the Asus router? I’d prefer having the CG3100 as just a modem. I also have an IP phone (or what it’s called in English) so I’d have to plug that into the CG3100 router since the Asus router doesn’t support it.
It’s hard to comment on an ISP modem/router because there may be specific customisations made to the Netgear box. If you want to get to the bottom of it it is better to try the ISP forum or a forum from your country that has a special sub board for your ISP. In my country KPN would limit Speedtouch modem/routers for no apparent reason.
I didn't mean to imply that the scans were carried out for malicious purposes. What I meant is that the log is for malicious connections hence I don't understand why the router would see that as malicious since it's clearly the DNS doing something not malicious. (False positive)It could be a quirk of the Netgear box. For more information try the Netgear forums.
I think I'm going to get the Asus RT-N65U router, however as I see it I'll have to use my current Netgear CG3100 as a modem with NAT disabled, but would the Netgear CG3100 work just as a modem or as a router too? I mean, if I connect my computer to the Asus router and the Asus router to the Netgear router and the Netgear router to the wall, would the Netgear router pick up things like DDoS attacks or would that be left entirely to the Asus router? I'd prefer having the CG3100 as just a modem. I also have an IP phone (or what it's called in English) so I'd have to plug that into the CG3100 router since the Asus router doesn't support it.In general you need to set a modem/router solution to bridged. It then behaves as modem only.
The Asus will then do the NAT, firewalling and logging instead of the Netgear. In bridge the Netgear will be a “dumb device” only sending and receiving data.
Okay, so now I understand how that works, however my ISP said that I still put my IP Phone in the Netgear, so I assume that it only needs a modem and not a router to work, correct? Because the Asus doesn’t have any ports for IP phone. Basically I’m wondering if my IP Phone will still work after putting the Netgear into bridge mode?
Sorry to carry this out over here, my ISP doesn’t really have any forum, it’s more like a Q&A and then you have to contact them directly and when you do that they give you vague answers as if you can interpret them in many ways and they just assume you understand the one way they think.
Thank you so much for your help. =)
I am not familiar with working with IP phones on an internet connection so I am afraid I will have to pass on this question.
When I look at my Cisco router there is a setting that allows it to act as an SIP Application Layer Gateway which facilitates VOIP connections. The Asus may have similar functionality. May be the previous holds a clue for further investigation for you.
My dad uses only voip (2 lines). He has a small box the phones plugs into, and that in turn is plugged into [any] router and his internet connection.
System works as it should. (He has changed routers several times until he found one he was happy with (currently a D-Link).
The box would be the (smart) modem which makes a connection to the server to connect his phones.