Networks Port Scan detected

A fair old time ago I set my router up to allow incoming remote desktop connections and send them to my PC.

At the time there was an option about sending a mail if dodgy activity was detected. (words to that effect anyway.)

I had clean forgotten about it until I just got an email.

Subject: NETGEAR *Security Alert* [41A:A5]
Contents: TCP Packet - Source:88.103.182.246 Destination:2.120.246.69 - [PORT SCAN]

Should I be worried and should I be doing anything to increase security?

 

Shows it originated from the Czech Republic.

 

how often do you use remote desktop? If you are worried, just close the port for a couple of weeks.

 

Not anymore. Using Home Prem now so doesnt support it.

Not even sure if the port is still open!

So nothing really to worry about then. Just close the port if its still open and forget it?

 

yeah close port - if its not open, no ones coming in

 

LOL, if you really got scanned just once in all that time, then call yourself lucky, in standard scenario your public IP get port scanned every few minutes.

 

Faugusztin is correct i seen hundred of time when watching a live firewall port scans and even DOS's not much you can do.That why people lock down as many ports as possible leave only what has to be open open.

Close the port and you will be ok.May be worth keeping your router firmwares up to date

 

Last few lines from my servers authentication log filtered to fails:

Code:

Dec 20 09:14:16 Server sshd[4910]: reverse mapping checking getaddrinfo for 46-37-178-47.static.hostnoc.net [46.37.178.47] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec 20 09:19:18 Server sshd[2704]: reverse mapping checking getaddrinfo for 46-37-178-47.static.hostnoc.net [46.37.178.47] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec 20 09:35:37 Server sshd[3274]: reverse mapping checking getaddrinfo for 46-37-178-47.static.hostnoc.net [46.37.178.47] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec 20 11:58:01 Server sshd[8518]: reverse mapping checking getaddrinfo for 46-37-178-47.static.hostnoc.net [46.37.178.47] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec 20 12:23:22 Server sshd[9312]: reverse mapping checking getaddrinfo for 46-37-178-47.static.hostnoc.net [46.37.178.47] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec 20 15:19:04 Server sshd[13546]: reverse mapping checking getaddrinfo for 46-37-178-47.static.hostnoc.net [46.37.178.47] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec 20 15:20:44 Server sshd[13693]: reverse mapping checking getaddrinfo for 46-37-178-47.static.hostnoc.net [46.37.178.47] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec 21 14:18:27 Server sshd[13262]: reverse mapping checking getaddrinfo for 46-37-189-62.static.hostnoc.net [46.37.189.62] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan  6 15:58:45 Server sshd[30353]: reverse mapping checking getaddrinfo for 89.104.226.43.reverse.converged.co.uk [89.104.226.43] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 15 13:24:23 Server sshd[7768]: reverse mapping checking getaddrinfo for 89.104.226.43.reverse.converged.co.uk [89.104.226.43] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 17 09:31:21 Server sshd[23584]: reverse mapping checking getaddrinfo for 89.104.226.43.reverse.converged.co.uk [89.104.226.43] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 17 09:39:01 Server sshd[24138]: reverse mapping checking getaddrinfo for 89.104.226.43.reverse.converged.co.uk [89.104.226.43] failed - POSSIBLE BREAK-IN ATTEMPT!

Stay away from standard port numbers and you should be a little more secure.

 

Thanks all, really appreciated.