TCP- or UDP-based Port Scan: Count [4079]

[nate2002]

Hello. Recently, my internet speeds have had random plummets at times, and I believe it's due to Time Warner Cable and their slow internet speeds. I did some digging around, and stumbled upon my event log. I played my online game until I happened to lose connection again, and I suddenly see:

Description: TCP- or UDP-based Port Scan
Count: 4079
Date: Wed Dec 28 12:07:23 2016
Target:{removed}:9125
Source: 209.18.47.62:53

I also saw another one:
Description: TCP- or UDP-based Port Scan
Count: 1833
Date: Wed Dec 28 12:13:04 2016
Target: {removed}:48396
Source: 209.18.47.61:53

The source is from two similar IP addresses, but not quite identical.
I then did some research on both IPs.

It seems as if "209.18.47.6x:53" is responsible for some of the following:

DDOS
DNS cache poisoning
Firewall alert
fraud, hacking
HTTP fraud
phishing
port scanning
reverse TCP desynchronization
SMTP fraud
sync flood

Some more information I've gathered is that 209.18.47.61 is that it belongs to Road Runner ISP.
Also, in my router's information, it says:
DNS:
209.18.47.61
209.18.47.62
Which makes absolutely no sense?

Also, at random times I get lag spikes, although usually only logged in Event Log by [Count:] 1 or 2. These lag spikes will give me 20-30 second lag spikes, or time me out, but nothing as bad as the counts from 209.18.47.61 that I have reported on this thread.

What should I do?

Thanks,
Nate.

UPDATE Dec. 28, 12:37:05, 2016:

I just had a lag spike, lasting around 2 minutes. Here is the event log information.

Description: TCP- or UDP-based Port Scan
Count: 4080
Date: Wed Dec 28 12:36:05 2016
Target: {removed}:19442
Source: 209.18.47.62:53

Also around the same time, I received a similar log:

Description: TCP- or UDP-based Port Scan
Count: 1834
Date: Wed Dec 28 12:36:41 2016
Target: {removed}:12217
Source: 209.18.47.61:53

 

[Tanyac]

You might want to try different DNS services, such as OpenDNS or Google.
But first I'd be checking your PC for virus/malware and posting the logs.

 

[nate2002]

You might want to try different DNS services, such as OpenDNS or Google.
But first I'd be checking your PC for virus/malware and posting the logs.

What would be the best way to go about checking my PC for virus/malware on my OSX iMac? I've heard it's quite difficult to be attacked by a virus/malware on a mac, and although after doing some research it seems quite difficult to scan my mac for virus.

 

[bill001g]

In some ways it would be better if the router did not display these message. Way too many people blame all their problems on them because the do not know what they mean.

First because your router detected these it means it stopped them from getting to any machine in your network. It wouldn't really matter if it detected it or not because port scans can not get past the NAT function of the router anyway just because it is stupid.

Next even if we take the largest one the total data sent is only 256kbytes, most cable connections can send that in less than 100ms many in less than 10ms. So that is the maximum delay you could expect from traffic like this. There is no way it can cause 2minute outages.

Hard to say what your problem is but do not get mislead messages like this. It is highly unlikely this tiny amount of traffic has any impact. There is nothing you can do about it anyway.

 

[nate2002]

In some ways it would be better if the router did not display these message. Way too many people blame all their problems on them because the do not know what they mean.

First because your router detected these it means it stopped them from getting to any machine in your network. It wouldn't really matter if it detected it or not because port scans can not get past the NAT function of the router anyway just because it is stupid.

Next even if we take the largest one the total data sent is only 256kbytes, most cable connections can send that in less than 100ms many in less than 10ms. So that is the maximum delay you could expect from traffic like this. There is no way it can cause 2minute outages.

Hard to say what your problem is but do not get mislead messages like this. It is highly unlikely this tiny amount of traffic has any impact. There is nothing you can do about it anyway.

Thanks for the thorough reply.
If I'm understanding properly, 1000-4000 counts are a tiny amount for my router, and they should not be misunderstood?
As a little test, I rebooted my internet and found that after it turning back on, it took 2-3 minutes before allowing anybody to connect. Is it possible that because my router is not used to a count of 4000, it causes it to lag a little more than usual, and because of my slow router it won't reconnect and catch up fast enough? Let me know if you're confused about what I just said, it's quite early.

 

[bill001g]

It is YOU that is misunderstanding the message not your router.

Just because you see some message you assume it means it is the cause of some large issue. 4000 packets is nothing your router likely processes millions in a day these just happen to be from a invalid source.

Lets just say you are right and this is causing all your problem. This is like someone driving past your house and stuffing a handful of paper in your mail box. There is nothing you can do about it anyway. So if this is truly your problem your only option is to cancel you internet so they can no longer send you those invalid messages.

You likely have some other issue with your connection. I would first have the ISP come out and check that it test fine. They should be able to tell you if your modem/router is functioning fine. Do not tell them about these messages they will just blame them because they are lazy.