On 12/23/08, Anne Wilson <cannewilson at googlemail.com> wrote: > My LAN is behind a Netgear router, which does NAT. On the CentOS server I > have fail2ban running. This morning my router reported 3 different IPs > attempting to send UDP packets to port 38950, Since each address is only seen > 4-5 times, I presume that fail2ban took over after that. > > GRC reports that ports are stealthed (port 143 was open, but is now closed), > but then: > Try www.auditmypc.com or nmap-online.com rather than grc to look for open ports > So, two questions really. First, what should I be looking for on the router, > to turn off this 'tracking down' activity? Maybe your router is sending host / port unreachable icmp messages. You could try to see what is actually happening using wireshark on another computer from outside your LAN > > Then, I want to read from my own IMAP server when I'm away from home. Is > there a better way than opening port 143? > ssh tunnelling? fwknop? (if you want all ports to appear closed) <http://cipherdyne.org/fwknop/> mike