Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Symantec Dual WAN 460R router connectivity dies every now and then...

Status
Not open for further replies.

markm75

IS-IT--Management
Oct 12, 2006
187
US
We have a dual wan router here at our business.. and every once n a while the router will be in accessible from the outside world, at least in terms of allowing information to pass through..

IE: We have a web server that sits on the inside of the firewall.. during these times that website cannot be accessed.. ie: page cant be displayed etc..

However, if i connect to the router via its dns name.. i can in fact connect

We have the secondary wan port set as backup (to avoid internal issues with going to secure websites which complain due to multiple connections from different ips)..

So when the outside to inside dies, i merely go into the router (if I'm on the outside) and take wan2 off of backup and to on state.. then reverse this and all is fine.

During these periods the connectivity is fine from the inside.

I did notice that in the logs of the router there are a ton of "blocked port scan attacks" messages.

I'm not sure if someone is running some kind of a attack on the router and it just decides not to allow traffic to pass through from out to in when this goes on or something else is happening?

Anyone else had this happen?
 
I think you answered your own question with this sentence:

I did notice that in the logs of the router there are a ton of "blocked port scan attacks" messages.

Some Routers will shut down the interface if it detects numerous port scan attempts which mean that hackers are sniffing for open ports to hack your system.

See if your Router logs the IP Addresses where the scans are coming from and you can do a whois search to find out where they are coming from.
 
Unfortunately, they are coming from many different IP addresses, but the port affected seems to be 57701.

 
Correction, that port plus a few others..

Hard to pin down just one IP or port.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top