On 12/23/08, Anne Wilson cannewilson@googlemail.com wrote:
My LAN is behind a Netgear router, which does NAT. On the CentOS server I have fail2ban running. This morning my router reported 3 different IPs attempting to send UDP packets to port 38950, Since each address is only seen 4-5 times, I presume that fail2ban took over after that.
GRC reports that ports are stealthed (port 143 was open, but is now closed), but then:
Try www.auditmypc.com or nmap-online.com rather than grc to look for open ports
So, two questions really. First, what should I be looking for on the router, to turn off this 'tracking down' activity?
Maybe your router is sending host / port unreachable icmp messages. You could try to see what is actually happening using wireshark on another computer from outside your LAN
Then, I want to read from my own IMAP server when I'm away from home. Is there a better way than opening port 143?
ssh tunnelling? fwknop? (if you want all ports to appear closed) http://cipherdyne.org/fwknop/
mike