Seeing port scans on a LAN device when no NAT/etc is set up.

Nsup
Nsup Posts: 1  Freshman Member
First Anniversary
edited April 2021 in Security
USG110

Default(ish) setup, with a Netgear Orbi sitting on lan1 port. The Orbi keeps showing these log lines:

[DoS Attack: ACK Scan] from source: 17.248.147.83, port 443, Wednesday, May 13, 2020 10:56:59
[DoS Attack: ACK Scan] from source: 17.248.147.108, port 443, Wednesday, May 13, 2020 10:50:08
[DoS Attack: ACK Scan] from source: 74.125.206.128, port 443, Wednesday, May 13, 2020 10:50:04
[DoS Attack: ACK Scan] from source: 17.248.147.45, port 443, Wednesday, May 13, 2020 10:49:29
But no NAT or similar rule has been set up. 

The only non-default config is the definition of a host object, and a policy allowing:
host -> zywal (IP:any/any) for HTTPS to allow remote management of USG from one specific location.

Will welcome any ideas as to how the ORbi gets scanned while sitting behind a firewall. 

Accepted Solution

All Replies

Security Highlight