@bombinho

"Happy days"

Rob

@DaveA

Dave some time ago you said "the question has been asked" obviously RE: content screening.

Has the question been answered yet?

There are a few of us wanting to know

Rob

@bombinho  

You obviously use content screening just like I do, have you noticed an increase in port scans & attacks since you are using the screening again?

I have switched a customer back from Open DNS to Bt yesterday and within half an hour port scans & attacks.

Even when I refresh the IP address the same attackers are back within minutes. I switched back to open DNS overnight and the attacks stopped, well apart from the usual random attempts. I have spent this morning switching back to Bt & guess what? the same attackers from China are back within the hour. I refresh the IP and within minutes they are back again, this is to much of a coincidence. I will start switching the rest of my clients back tomorrow to attempt to prove the point.

If you get a minute could you look at your log & let me know if you have the same issue.

Rob

@whiller123: No can not confirm that from here. Nothing in the attack alerts since 3 days. I had to reboot the router as it had become unresponsive. Not a single entry since then. Port scans are very rare anyway nowadays. Usually syn floods or other subtle forms of communication attempts. An incredible amount of communication attempts targets the NAS directly and goes through the hub like a hot knife through butter. Just the NAS is not connected. That follows me around at the moment.

whiller123

I am having a lot of pokes at my open ports too 9090,5900,1723

Even when I re-boot the Hub they seem to find me again & I do not have a static IP 

Always seems to be from the same Chinese & US IP addresses this one is the most persistent 50.166.6.70

I will turn off the content screening re-boot & report back

whiller123

Hi Rob

Well i'll be damned, well spotted, you are right I have played with this all afternoon & yes you are spot on.

I have a small network if I put the screening back on but do not use a device nothing, minutes after a DNS request is processed. it kicks off again I believe this content screening is compromised.

Not sure what to do now back to open DNS I am thinking.

Thanks for that

Everyone else beware

@engineer

Hi yes I had suspected this before but was not sure, I noticed that the "poke's" as you put it at my open ports all but stopped on 1st August.

Looking at the ports you have listed in your post you can change the VNC & AversMedia port range to something less obvious

When you connect with VNC it is just the IP address or domain then ::port number  IE:        you.dyndns.org::5908  

with Avers it is in the remote software. don't think you can change your PPTP but passwords need to be the best they can be

Don't mean to teach you to suck eggs but hope this helps

Rob

Whiller123

I understood the VNC & Avers comments I guess the other was referring to my Windows VPN

I have decided to leave the ports as standard & as my OpenDNS is still active I have switched back to that.

I have never had issue with OpenDNS & I am not convinced that the BT screening is fully sorted.

Thanks for your suggestions though

 This version now has content screening